Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect virus removal


  • This topic is locked This topic is locked
14 replies to this topic

#1 leytonbuzz

leytonbuzz

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 18 January 2013 - 06:51 PM

Hi
I have a Dell laptop that appears to be infected.
System - 64 bit and Windows 7 home premium.
When I launch IE' the default web page is Google and this loads properly but when I click on a link from the results list after a search I am redirected to some junk site or a blank page.
I have run a full scan on McAfee and Malwarebytes AM but the results show zero detections.
Searching the net for these symptoms suggests a "root kit" virus or a Trojan infection- I don't know what these mean but it does lock like my laptop has got the flu!
Any help or advice in helping me rid of this virus, if indeed that is what it is, would be very much appreciated.
Warning - my IT competence level is pretty low but I am keen to learn and improve.
thank you

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:49 PM

Posted 18 January 2013 - 07:17 PM

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 leytonbuzz

leytonbuzz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 18 January 2013 - 10:27 PM

Hello CatByte,
Thank you very much for the quick response. I've done what you've suggested and here is the log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2013
Ran by SYSTEM at 19-01-2013 02:16:09
Running from E:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3666800 2011-01-21] (Dell Inc.)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2010-12-17] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10228224 2010-11-03] (Intel Corporation)
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207350 2011-01-25] ()
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [487562 2010-08-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [37232 2008-06-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey [136512 2009-08-25] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE [124224 2010-03-25] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.)
HKLM-x32\...\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE [1890744 2012-09-02] (Bandoo Media, inc)
HKU\ShahH\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)
HKU\ShahH\...\Run: [Sziolm] rundll32 "C:\Users\ShahH\AppData\Roaming\KBDHE319E.dll",Xsfj [118784 2013-01-14] ()
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-08] (Dell)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
ShortcutTarget: Monitor Apache Servers.lnk -> C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe (Apache Software Foundation)

==================== Services (Whitelisted) ===================

2 Apache2.2; "C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice [20549 2012-01-28] (Apache Software Foundation)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
2 McAfeeEngineService; "C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe" [20792 2010-03-25] (McAfee, Inc.)
2 McAfeeFramework; "C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe" /ServiceStart [103744 2009-08-25] (McAfee, Inc.)
2 McShield; "C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe" [180968 2010-03-25] (McAfee, Inc.)
2 McTaskManager; "C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe" [66880 2010-03-25] (McAfee, Inc.)
2 mfevtp; C:\windows\system32\mfevtps.exe [79504 2010-03-25] (McAfee, Inc.)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()

==================== Drivers (Whitelisted) =====================

3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [97576 2010-03-25] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [120096 2010-03-25] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [469400 2010-03-25] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [78896 2010-03-25] (McAfee, Inc.)
1 mfetdik; C:\Windows\System32\Drivers\mfetdik.sys [84424 2010-03-25] (McAfee, Inc.)
2 MySQL; "C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.5\my.ini" MySQL [8919 2012-04-21] ()
3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-01-18 21:08 - 2013-01-18 21:08 - 00008212 ____A C:\Windows\mfebcdata
2013-01-14 13:24 - 2013-01-14 13:24 - 00118784 _RASH C:\Users\ShahH\Application Data\KBDHE319E.dll
2013-01-14 13:24 - 2013-01-14 13:24 - 00118784 _RASH C:\Users\ShahH\AppData\Roaming\KBDHE319E.dll
2013-01-12 09:30 - 2013-01-12 09:30 - 00000103 ____A C:\Users\ShahH\Downloads\attachment (1)
2013-01-10 06:40 - 2012-11-08 23:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-01-10 06:40 - 2012-11-08 22:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-01-10 06:39 - 2012-12-07 07:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll
2013-01-10 06:39 - 2012-12-07 07:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
2013-01-10 06:39 - 2012-12-07 06:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-01-10 06:39 - 2012-12-07 06:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-01-10 06:39 - 2012-12-07 05:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs
2013-01-10 06:39 - 2012-12-07 05:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs
2013-01-10 06:39 - 2012-12-07 05:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs
2013-01-10 06:39 - 2012-12-07 05:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs
2013-01-10 06:39 - 2012-12-07 05:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs
2013-01-10 06:39 - 2012-12-07 05:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs
2013-01-10 06:39 - 2012-12-07 05:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs
2013-01-10 06:39 - 2012-12-07 05:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs
2013-01-10 06:39 - 2012-12-07 05:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs
2013-01-10 06:39 - 2012-12-07 05:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs
2013-01-10 06:39 - 2012-12-07 05:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs
2013-01-10 06:39 - 2012-12-07 05:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs
2013-01-10 06:39 - 2012-12-07 05:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs
2013-01-10 06:39 - 2012-12-07 05:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs
2013-01-10 06:39 - 2012-12-07 04:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-01-10 06:39 - 2012-12-07 04:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-01-10 06:39 - 2012-12-07 04:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-01-10 06:39 - 2012-12-07 04:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-01-10 06:39 - 2012-12-07 04:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-01-10 06:39 - 2012-12-07 04:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-01-10 06:39 - 2012-12-07 04:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-01-10 06:39 - 2012-12-07 04:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-01-10 06:39 - 2012-12-07 04:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-01-10 06:39 - 2012-12-07 04:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-01-10 06:39 - 2012-12-07 04:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-01-10 06:39 - 2012-12-07 04:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-01-10 06:39 - 2012-12-07 04:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-01-10 06:39 - 2012-12-07 04:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-01-10 06:39 - 2012-11-21 23:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
2013-01-10 06:39 - 2012-11-21 22:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-01-10 06:39 - 2012-11-19 23:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-01-10 06:39 - 2012-11-19 22:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-01-10 06:39 - 2012-10-31 23:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-01-10 06:39 - 2012-10-31 23:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-01-10 06:39 - 2012-10-31 22:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-01-10 06:39 - 2012-10-31 22:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-01-10 06:38 - 2012-11-29 23:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-01-10 06:38 - 2012-11-29 23:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-01-10 06:38 - 2012-11-29 23:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-01-10 06:38 - 2012-11-29 23:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-01-10 06:38 - 2012-11-29 23:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-01-10 06:38 - 2012-11-29 23:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-01-10 06:38 - 2012-11-29 23:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-01-10 06:38 - 2012-11-29 23:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 23:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 23:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 23:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 23:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 23:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 23:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 23:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 23:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 23:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 23:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 23:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 23:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 23:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 23:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 23:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 23:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 23:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 23:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 23:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 23:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 23:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 23:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 23:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 23:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 23:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 23:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 23:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 22:54 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-01-10 06:38 - 2012-11-29 22:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-01-10 06:38 - 2012-11-29 22:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-01-10 06:38 - 2012-11-29 22:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 22:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 22:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 22:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 22:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 22:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 22:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 22:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 22:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 22:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 22:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 22:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 22:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 22:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 22:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 22:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 22:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 22:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 22:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 22:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 22:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 22:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 22:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 22:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 21:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-01-10 06:38 - 2012-11-29 20:44 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-01-10 06:38 - 2012-11-29 20:44 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-01-10 06:38 - 2012-11-29 20:44 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-01-10 06:38 - 2012-11-29 20:44 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-01-10 06:38 - 2012-11-29 20:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 20:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 20:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 20:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-01-10 06:38 - 2012-11-29 17:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls
2013-01-10 06:38 - 2012-11-29 17:15 - 00420064 ____A C:\Windows\System32\locale.nls
2013-01-10 06:37 - 2012-11-22 21:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-01-10 06:37 - 2012-11-22 21:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-01-09 11:15 - 2013-01-09 11:15 - 16369160 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-01-02 16:20 - 2013-01-02 16:20 - 00000000 ____D C:\Program Files (x86)\Combined Community Codec Pack
2013-01-02 16:13 - 2013-01-02 16:14 - 09356704 ____A (CCCP Project ) C:\Users\ShahH\Downloads\Combined-Community-Codec-Pack-2012-12-30.exe
2013-01-02 16:00 - 2013-01-02 16:01 - 00000000 ____D C:\Users\ShahH\Local Settings\Application Data\{A73CDFF6-CC7D-4487-A0B5-C5A45BAA0A0B}
2013-01-02 16:00 - 2013-01-02 16:01 - 00000000 ____D C:\Users\ShahH\Local Settings\{A73CDFF6-CC7D-4487-A0B5-C5A45BAA0A0B}
2013-01-02 16:00 - 2013-01-02 16:01 - 00000000 ____D C:\Users\ShahH\AppData\Local\{A73CDFF6-CC7D-4487-A0B5-C5A45BAA0A0B}
2012-12-25 23:10 - 2012-12-25 23:10 - 00004536 ____A C:\Users\ShahH\Desktop\6PM7HFQM.odt
2012-12-22 05:45 - 2012-12-16 11:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-22 05:45 - 2012-12-16 08:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-22 05:45 - 2012-12-16 08:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-22 05:45 - 2012-12-16 08:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll


==================== One Month Modified Files and Folders =======

2013-01-19 02:15 - 2013-01-19 02:15 - 00000000 ____D C:\FRST
2013-01-18 21:08 - 2013-01-18 21:08 - 00008212 ____A C:\Windows\mfebcdata
2013-01-18 21:08 - 2011-06-16 18:39 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-01-18 21:06 - 2012-04-08 06:40 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-01-18 21:06 - 2011-06-16 18:50 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks
2013-01-18 21:06 - 2011-06-16 18:50 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2013-01-18 21:06 - 2011-06-16 18:50 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-01-18 21:06 - 2011-06-16 18:50 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2013-01-18 21:06 - 2011-06-16 18:50 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2013-01-18 21:06 - 2011-06-16 18:50 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-01-18 21:06 - 2009-07-13 23:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-18 21:06 - 2009-07-13 22:51 - 00133558 ____A C:\Windows\setupact.log
2013-01-18 18:12 - 2011-06-16 18:04 - 01480471 ____A C:\Windows\WindowsUpdate.log
2013-01-18 18:00 - 2012-04-08 06:40 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-18 17:58 - 2009-07-13 22:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-18 17:58 - 2009-07-13 22:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-18 17:32 - 2009-07-13 23:13 - 00779266 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-18 14:15 - 2012-04-08 06:40 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-01-18 08:57 - 2011-09-26 11:49 - 00000000 ____D C:\Users\ShahH\Desktop\shreya
2013-01-17 14:17 - 2012-04-09 10:29 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-01-17 14:17 - 2012-04-09 10:29 - 00001115 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-01-17 14:17 - 2011-07-03 08:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-14 14:39 - 2010-11-20 21:47 - 00046618 ____A C:\Windows\PFRO.log
2013-01-14 13:41 - 2011-07-24 03:36 - 00000000 ____D C:\Users\ShahH\Application Data\Skype
2013-01-14 13:41 - 2011-07-24 03:36 - 00000000 ____D C:\Users\ShahH\AppData\Roaming\Skype
2013-01-14 13:24 - 2013-01-14 13:24 - 00118784 _RASH C:\Users\ShahH\Application Data\KBDHE319E.dll
2013-01-14 13:24 - 2013-01-14 13:24 - 00118784 _RASH C:\Users\ShahH\AppData\Roaming\KBDHE319E.dll
2013-01-12 16:14 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2013-01-12 09:30 - 2013-01-12 09:30 - 00000103 ____A C:\Users\ShahH\Downloads\attachment (1)
2013-01-11 01:08 - 2009-07-13 22:45 - 00468584 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-10 09:14 - 2011-06-16 18:13 - 00765178 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-01-10 09:03 - 2011-07-03 06:59 - 00000000 ____D C:\Users\All Users\Microsoft Help
2013-01-10 09:03 - 2011-07-03 06:59 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2013-01-10 06:31 - 2012-04-08 06:40 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-01-10 06:31 - 2012-04-08 06:40 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-01-09 11:15 - 2013-01-09 11:15 - 16369160 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-01-04 16:06 - 2012-10-20 08:32 - 00000000 ____D C:\Users\ShahH\Desktop\hiteshhmrc
2013-01-02 16:20 - 2013-01-02 16:20 - 00000000 ____D C:\Program Files (x86)\Combined Community Codec Pack
2013-01-02 16:14 - 2013-01-02 16:13 - 09356704 ____A (CCCP Project ) C:\Users\ShahH\Downloads\Combined-Community-Codec-Pack-2012-12-30.exe
2013-01-02 16:04 - 2011-11-26 07:19 - 00001129 ____A C:\Users\ShahH\Desktop\SmartSoftVideoConverterPro.lnk
2013-01-02 16:04 - 2011-11-26 07:19 - 00000000 ____D C:\Program Files (x86)\SmartSoftVideoConverterPro
2013-01-02 16:01 - 2013-01-02 16:00 - 00000000 ____D C:\Users\ShahH\Local Settings\Application Data\{A73CDFF6-CC7D-4487-A0B5-C5A45BAA0A0B}
2013-01-02 16:01 - 2013-01-02 16:00 - 00000000 ____D C:\Users\ShahH\Local Settings\{A73CDFF6-CC7D-4487-A0B5-C5A45BAA0A0B}
2013-01-02 16:01 - 2013-01-02 16:00 - 00000000 ____D C:\Users\ShahH\AppData\Local\{A73CDFF6-CC7D-4487-A0B5-C5A45BAA0A0B}
2012-12-25 23:10 - 2012-12-25 23:10 - 00004536 ____A C:\Users\ShahH\Desktop\6PM7HFQM.odt
2012-12-21 04:25 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\LiveKernelReports


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-24 16:25:16
Restore point made on: 2012-11-28 13:50:06
Restore point made on: 2012-12-05 07:28:22
Restore point made on: 2012-12-12 04:28:47
Restore point made on: 2012-12-12 08:57:01
Restore point made on: 2012-12-12 14:28:45
Restore point made on: 2012-12-22 05:44:53
Restore point made on: 2012-12-24 13:28:25
Restore point made on: 2013-01-01 08:36:45
Restore point made on: 2013-01-04 15:28:23
Restore point made on: 2013-01-10 09:01:32
Restore point made on: 2013-01-12 12:28:25
Restore point made on: 2013-01-18 18:01:08

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 4003.18 MB
Available physical RAM: 3290.66 MB
Total Pagefile: 4001.38 MB
Available Pagefile: 3279.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:259.33 GB) NTFS
3 Drive e: () (Fixed) (Total:149.05 GB) (Free:6.73 GB) NTFS
4 Drive f: (Recovery) (Fixed) (Total:14.65 GB) (Free:7.42 GB) NTFS ==>[System with boot components (obtained from reading drive)]
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 149 GB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 100 MB 1024 KB
Partition 2 Primary 14 GB 101 MB
Partition 3 Primary 451 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 DELLUTILITY FAT Partition 100 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 F Recovery NTFS Partition 14 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 451 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 149 GB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E NTFS Partition 149 GB Healthy

=========================================================

Last Boot: 2013-01-14 06:09

==================== End Of Log =============================

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:49 PM

Posted 19 January 2013 - 05:01 AM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKLM-x32\...\Run: [] [x]
HKU\ShahH\...\Run: [Sziolm] rundll32 "C:\Users\ShahH\AppData\Roaming\KBDHE319E.dll",Xsfj [118784 2013-01-14] ()
C:\Users\ShahH\AppData\Roaming\KBDHE319E.dll
C:\Users\ShahH\Application Data\KBDHE319E.dll
2013-01-02 16:00 - 2013-01-02 16:01 - 00000000 ____D C:\Users\ShahH\Local Settings\Application Data\{A73CDFF6-CC7D-4487-A0B5-C5A45BAA0A0B}
2013-01-02 16:00 - 2013-01-02 16:01 - 00000000 ____D C:\Users\ShahH\Local Settings\{A73CDFF6-CC7D-4487-A0B5-C5A45BAA0A0B}
2013-01-02 16:00 - 2013-01-02 16:01 - 00000000 ____D C:\Users\ShahH\AppData\Local\{A73CDFF6-CC7D-4487-A0B5-C5A45BAA0A0B}
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 leytonbuzz

leytonbuzz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 19 January 2013 - 07:43 AM

Thank you. I tried following the instructions but for some reason when I downloaded combofix, I did not get the option to click the combofix icon and it started running without giving me the chance to disbale AV. I did not interfere and it seems to have run as per expectations and here are the logs:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2013
Ran by SYSTEM at 2013-01-19 09:17:06 Run:1
Running from E:\

==============================================

HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
HKEY_USERS\ShahH\Software\Microsoft\Windows\CurrentVersion\Run\\Sziolm Value deleted successfully.
C:\Users\ShahH\AppData\Roaming\KBDHE319E.dll moved successfully.
C:\Users\ShahH\Application Data\KBDHE319E.dll not found.
C:\Users\ShahH\Local Settings\Application Data\{A73CDFF6-CC7D-4487-A0B5-C5A45BAA0A0B} moved successfully.
C:\Users\ShahH\Local Settings\{A73CDFF6-CC7D-4487-A0B5-C5A45BAA0A0B} not found.
C:\Users\ShahH\AppData\Local\{A73CDFF6-CC7D-4487-A0B5-C5A45BAA0A0B} not found.

==== End of Fixlog ====




ComboFix 13-01-17.04 - ShahH 19/01/2013 9:55.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4003.2471 [GMT 0:00]
Running from: c:\users\ShahH\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\programdata\PCDr\6032\AddOnDownloaded\18d25bc5-acbb-424f-a6c6-d04a97765094.dll
c:\programdata\PCDr\6032\AddOnDownloaded\2141cd58-3a24-481f-8ca2-8b466c9b797f.dll
c:\programdata\PCDr\6032\AddOnDownloaded\2d2ff7e2-f0f8-4f32-a28e-e44234dd3300.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3e137363-345c-454a-a474-2da300d9297a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4011a5cd-1208-467b-b149-4c0534295875.dll
c:\programdata\PCDr\6032\AddOnDownloaded\65a823a3-a5fc-440a-b276-153555251042.dll
c:\programdata\PCDr\6032\AddOnDownloaded\918ee45c-eb0a-4e61-97ad-c1849c2623ee.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b0654984-096d-4244-a127-3364577b6279.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b967e9c4-897a-42c8-96d2-4ceb543f8cdb.dll
c:\programdata\PCDr\6032\AddOnDownloaded\db33b903-f6ef-4bdd-adf8-db57372a45ec.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ea058b56-dc30-479c-af0f-bcf27aed08df.dll
c:\programdata\PCDr\6032\AddOnDownloaded\f4d48f15-9f33-4b3f-a84f-bc8b2800e772.dll
c:\programdata\Roaming
c:\users\ShahH\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3678D419-C900-4DA0-9F1C-AF8BAC45A2B4}.xps
c:\users\ShahH\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4ED84643-B514-4709-8FEA-DEDB46E1940A}.xps
c:\users\ShahH\AppData\Local\Microsoft\Windows\Temporary Internet Files\{73093661-7E26-4920-BBA2-F9D205669579}.xps
c:\users\ShahH\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AF195FBA-30E8-4FFB-A7D6-5E1449A45C17}.xps
.
.
((((((((((((((((((((((((( Files Created from 2012-12-19 to 2013-01-19 )))))))))))))))))))))))))))))))
.
.
2013-01-19 10:09 . 2013-01-19 10:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-19 09:57 . 2013-01-19 09:57 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5F2A816-C97E-4995-98E9-E999D654B492}\offreg.dll
2013-01-19 08:15 . 2013-01-19 08:15 -------- d-----w- C:\FRST
2013-01-19 00:01 . 2013-01-15 02:45 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5F2A816-C97E-4995-98E9-E999D654B492}\mpengine.dll
2013-01-10 12:40 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-10 12:40 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-10 12:38 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-10 12:37 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-10 12:37 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 17:15 . 2013-01-09 17:15 16369160 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-01-02 22:20 . 2013-01-02 22:20 -------- d-----w- c:\program files (x86)\Combined Community Codec Pack
2013-01-02 22:19 . 2013-01-02 22:19 -------- d-----w- c:\users\ShahH\AppData\Local\Programs
2012-12-22 11:45 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-22 11:45 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 11:45 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 11:45 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-10 12:31 . 2012-04-08 12:40 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-10 12:31 . 2012-04-08 12:40 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-14 16:49 . 2011-07-03 14:03 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-30 04:45 . 2013-01-10 12:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-12 14:57 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 14:57 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 14:57 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 14:57 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 14:57 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 14:57 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 14:57 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 14:57 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 14:57 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 14:57 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 14:57 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 14:57 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 14:57 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 14:57 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 14:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 14:57 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 14:57 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 14:57 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 14:57 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 14:57 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 14:57 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 14:57 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 10:38 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 10:38 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-12 10:35 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 10:35 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3bbd3c14-4c16-4989-8366-95bc9179779d}"= "c:\program files (x86)\FLV_Runner\prxtbFLV_.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3bbd3c14-4c16-4989-8366-95bc9179779d}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3bbd3c14-4c16-4989-8366-95bc9179779d}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\FLV_Runner\prxtbFLV_.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
2012-02-27 08:42 88976 ----a-w- c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{3bbd3c14-4c16-4989-8366-95bc9179779d}"= "c:\program files (x86)\FLV_Runner\prxtbFLV_.dll" [2011-05-09 176936]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"= "c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll" [2012-02-27 88976]
.
[HKEY_CLASSES_ROOT\clsid\{3bbd3c14-4c16-4989-8366-95bc9179779d}]
.
[HKEY_CLASSES_ROOT\clsid\{99079a25-328f-4bd4-be04-00955acaa0a7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-20 719672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-19 487562]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-03-25 124224]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-08 559616]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Apache Servers.lnk - c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2012-1-28 41051]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\SEARCH~1\Datamngr\datamngr.dll c:\progra~2\SEARCH~1\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-03 1298496]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-03-25 78896]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-08-17 25584]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-04 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 Apache2.2;Apache2.2;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2012-01-28 20549]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-03 897088]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2010-03-25 20792]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-03-25 79504]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2010-11-04 58128]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2010-10-19 274432]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2010-11-04 59904]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 15:00]
.
2013-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-08 12:40]
.
2013-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-08 12:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-11-03 10228224]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-01-25 1802472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\SEARCH~1\Datamngr\x64\datamngr.dll c:\progra~2\SEARCH~1\Datamngr\x64\IEBHO.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-10 - (no file)
WebBrowser-{3BBD3C14-4C16-4989-8366-95BC9179779D} - (no file)
AddRemove-Adobe SVG Viewer - c:\windows\System32\Adobe\SVG Viewer\Uninst.isu
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-19 10:29:36
ComboFix-quarantined-files.txt 2013-01-19 10:29
.
Pre-Run: 278,541,369,344 bytes free
Post-Run: 279,126,077,440 bytes free
.
- - End Of File - - BBE63078E14FEBCADCE0CCAAB7DCEABC

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:49 PM

Posted 19 January 2013 - 10:55 AM

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Folder::
c:\progra~2\SEARCH~1\Datamngr

Registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"=-
[-HKEY_CLASSES_ROOT\clsid\{3bbd3c14-4c16-4989-8366-95bc9179779d}]
[-HKEY_CLASSES_ROOT\clsid\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message


NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 leytonbuzz

leytonbuzz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 19 January 2013 - 05:14 PM

Thank you. Here are the logs:

ComboFix 13-01-17.04 - ShahH 19/01/2013 16:12:19.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4003.2261 [GMT 0:00]
Running from: c:\users\ShahH\Desktop\ComboFix.exe
Command switches used :: c:\users\ShahH\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~2\SEARCH~1\Datamngr
c:\progra~2\SEARCH~1\Datamngr\BrowserConnection.dll
c:\progra~2\SEARCH~1\Datamngr\datamngr.dll
c:\progra~2\SEARCH~1\Datamngr\datamngrUI.exe
c:\progra~2\SEARCH~1\Datamngr\DnsBHO.dll
c:\progra~2\SEARCH~1\Datamngr\IEBHO.dll
c:\progra~2\SEARCH~1\Datamngr\installhelper.dll
c:\progra~2\SEARCH~1\Datamngr\ToolBar\as_guid.dat
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\bandoocode.js
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\data\search\engines.xml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\data\search\search.xsl
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\about.xml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\bandoocode.js
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\external.js
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\vmncode.js
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\modules\datastore.jsm
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\neterror.xhtml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\partner.coupons.xml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\preferences.xml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\radiobeta.js
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\template.xml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\toolbar.htm
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\toolbar.xul
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\vmncode.js
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\vmnrsswin.xml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\babylon_logo.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\bandoo.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\bluelite.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\bluesky.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn-search-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn-search.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn-settings-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn-settings.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn-widgets.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn_settings.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\ca.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\dictionary.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\divider.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\downloadcom.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\dtxlogo.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\ebay.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\email.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\email_on.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\facebook.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\games.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred0.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred0_5.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred1.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred1_5.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred2.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred2_5.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred3.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred3_5.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred4.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred4_5.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred5.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphredna.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\grey.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\ico-shield.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\icon_amazon.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\icon_games.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\icon_radio_png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\icon_seperator_png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\icon_twitter.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\icon_youtube.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\images.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\imesh.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\add.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\aol.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\blank.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\checkmark.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\chevron.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\collapse.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\comcast.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\dtx.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\edit-back.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\expand.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\found.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\gmail.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\highlight.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\hotmail.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\ico-check.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\imap.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\lock.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\mailcom.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\modify.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\move.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\movetarget.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\pop.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\reload.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\remove.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\rename.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\rss.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\search-go.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\search.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\throbber.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\yahoo.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lichen.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\logo-about.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\logo-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\logo-separator.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\logo.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\mail.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\maps.bmp
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\modify-save.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\modify.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\modifyhot.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\music.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\news.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\options\options-main.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\options\options-search.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\options\options-weather.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\options\options-weather.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\options\options-widgets.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\orange.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\pixsy.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\protect-id.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\radiobeta.ico
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\relatedlinks.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-collapse.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-delete.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-expand.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-feed.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-folder.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-found.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-reload.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-subscribe.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rssback.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rsstopback.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\search-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\search.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\search_button_over_png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\search_button_png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\settings.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\shopping.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\siteinfo.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin-bluelite.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin-bluesky.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin-grey.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin-lichen.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin-orange.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin-yellow.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin.xml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\technorati.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\throbber.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\translate.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\video.bmp
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\vmn.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\vmn.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\weather.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\web.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\wikipedia.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\yahoosearch.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\yellow.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\youtube.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\zoom.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\components\windowmediator.js
c:\progra~2\SEARCH~1\Datamngr\ToolBar\dtUser.exe
c:\progra~2\SEARCH~1\Datamngr\ToolBar\manifest.xml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchquband.dll
c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
c:\progra~2\SEARCH~1\Datamngr\ToolBar\uninstall.exe
c:\progra~2\SEARCH~1\Datamngr\x64\BrowserConnection.dll
c:\progra~2\SEARCH~1\Datamngr\x64\datamngr.dll
c:\progra~2\SEARCH~1\Datamngr\x64\datamngrUI.exe
c:\progra~2\SEARCH~1\Datamngr\x64\DnsBHO.dll
c:\progra~2\SEARCH~1\Datamngr\x64\IEBHO.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-12-19 to 2013-01-19 )))))))))))))))))))))))))))))))
.
.
2013-01-19 16:24 . 2013-01-19 16:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-19 08:15 . 2013-01-19 08:15 -------- d-----w- C:\FRST
2013-01-19 00:01 . 2013-01-15 02:45 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5F2A816-C97E-4995-98E9-E999D654B492}\mpengine.dll
2013-01-10 12:40 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-10 12:40 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-10 12:38 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-10 12:37 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-10 12:37 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 17:15 . 2013-01-09 17:15 16369160 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-01-02 22:20 . 2013-01-02 22:20 -------- d-----w- c:\program files (x86)\Combined Community Codec Pack
2013-01-02 22:19 . 2013-01-02 22:19 -------- d-----w- c:\users\ShahH\AppData\Local\Programs
2012-12-22 11:45 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-22 11:45 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 11:45 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 11:45 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-10 12:31 . 2012-04-08 12:40 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-10 12:31 . 2012-04-08 12:40 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-14 16:49 . 2011-07-03 14:03 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-30 04:45 . 2013-01-10 12:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-12 14:57 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 14:57 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 14:57 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 14:57 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 14:57 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 14:57 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 14:57 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 14:57 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 14:57 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 14:57 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 14:57 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 14:57 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 14:57 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 14:57 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 14:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 14:57 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 14:57 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 14:57 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 14:57 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 14:57 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 14:57 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 14:57 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 10:38 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 10:38 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-12 10:35 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 10:35 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3bbd3c14-4c16-4989-8366-95bc9179779d}"= "c:\program files (x86)\FLV_Runner\prxtbFLV_.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3bbd3c14-4c16-4989-8366-95bc9179779d}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3bbd3c14-4c16-4989-8366-95bc9179779d}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\FLV_Runner\prxtbFLV_.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{3bbd3c14-4c16-4989-8366-95bc9179779d}"= "c:\program files (x86)\FLV_Runner\prxtbFLV_.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{3bbd3c14-4c16-4989-8366-95bc9179779d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-20 719672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-19 487562]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-03-25 124224]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-08 559616]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Apache Servers.lnk - c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2012-1-28 41051]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-03 1298496]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-03-25 78896]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-08-17 25584]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-04 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 Apache2.2;Apache2.2;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2012-01-28 20549]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-03 897088]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2010-03-25 20792]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-03-25 79504]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2010-11-04 58128]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2010-10-19 274432]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2010-11-04 59904]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 15:00]
.
2013-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-08 12:40]
.
2013-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-08 12:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-11-03 10228224]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-01-25 1802472]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
BHO-{9D717F81-9148-4f12-8568-69135F087DB0} - c:\progra~2\SEARCH~1\Datamngr\BROWSE~1.DLL
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-DATAMNGR - c:\progra~2\SEARCH~1\Datamngr\DATAMN~1.EXE
WebBrowser-{3BBD3C14-4C16-4989-8366-95BC9179779D} - (no file)
AddRemove-Adobe SVG Viewer - c:\windows\System32\Adobe\SVG Viewer\Uninst.isu
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-19 16:45:25
ComboFix-quarantined-files.txt 2013-01-19 16:45
ComboFix2.txt 2013-01-19 10:29
.
Pre-Run: 279,181,012,992 bytes free
Post-Run: 279,115,067,392 bytes free
.
- - End Of File - - BA24407157CCDB2C03F1BF87EEF0D4D8


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.4 (01.17.2013:1)
OS: Windows 7 Home Premium x64
Ran by ShahH on 19/01/2013 at 16:53:39.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3476148354-2450724447-3341012908-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\datamngr
Successfully deleted: [Registry Key] hkey_current_user\software\datamngr_toolbar
Successfully deleted: [Registry Key] hkey_current_user\software\ilivid
Successfully deleted: [Registry Key] hkey_local_machine\software\ilivid
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\browserconnection.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\dnsbho.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\searchquiehelper.dnsguard
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\searchquiehelper.dnsguard.1
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\searchqumediabar_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\searchqumediabar_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\ilividsetupv1_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\ilividsetupv1_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\searchqumediabartb
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3201318
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{99079a25-328f-4bd4-be04-00955acaa0a7}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{99079a25-328f-4bd4-be04-00955acaa0a7}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9d717f81-9148-4f12-8568-69135f087db0}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{9d717f81-9148-4f12-8568-69135f087db0}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\ShahH\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\ShahH\appdata\local\ilivid player"
Successfully deleted: [Folder] "C:\Users\ShahH\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\ShahH\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\ShahH\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\ShahH\appdata\locallow\searchqutoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Failed to delete: [Folder] "C:\Program Files (x86)\ilivid"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchqu toolbar"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19/01/2013 at 17:01:32.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


# AdwCleaner v2.106 - Logfile created 01/19/2013 at 17:11:51
# Updated 17/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : ShahH - SHAHH-PC
# Boot Mode : Normal
# Running from : C:\Users\ShahH\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Public\Desktop\eBay.lnk
Folder Deleted : C:\Program Files (x86)\FLV_Runner
Folder Deleted : C:\Program Files (x86)\Ilivid
Folder Deleted : C:\Users\ShahH\AppData\LocalLow\FLV_Runner

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\FLV_Runner
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3BBD3C14-4C16-4989-8366-95BC9179779D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07CEA379-7178-4758-9C80-969876E32395}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3BBD3C14-4C16-4989-8366-95BC9179779D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\Software\FLV_Runner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07CEA379-7178-4758-9C80-969876E32395}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{07CEA379-7178-4758-9C80-969876E32395}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BBD3C14-4C16-4989-8366-95BC9179779D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3CE4DF84-80B7-4FD0-A62F-2DA0CCB445E1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9FC1A2EE-E752-4B66-891A-9062281FDA15}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3BBD3C14-4C16-4989-8366-95BC9179779D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FLV_Runner Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3BBD3C14-4C16-4989-8366-95BC9179779D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{3BBD3C14-4C16-4989-8366-95BC9179779D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{3BBD3C14-4C16-4989-8366-95BC9179779D}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{3BBD3C14-4C16-4989-8366-95BC9179779D}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [4275 octets] - [19/01/2013 17:11:51]

########## EOF - C:\AdwCleaner[S1].txt - [4335 octets] ##########


Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.19.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ShahH :: SHAHH-PC [administrator]

Protection: Disabled

19/01/2013 17:17:11
mbam-log-2013-01-19 (17-17-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214135
Time elapsed: 3 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


C:\FRST\Quarantine\KBDHE319E.dll a variant of Win32/Ponmocup.FS trojan
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Qoobox\Quarantine\C\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll.vir a variant of Win32/Toolbar.SearchSuite application
C:\Qoobox\Quarantine\C\PROGRA~2\SEARCH~1\Datamngr\datamngrUI.exe.vir a variant of Win32/Toolbar.SearchSuite.A application
C:\Qoobox\Quarantine\C\PROGRA~2\SEARCH~1\Datamngr\DnsBHO.dll.vir a variant of Win32/Toolbar.SearchSuite application
C:\Qoobox\Quarantine\C\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll.vir a variant of Win32/Toolbar.SearchSuite application

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:49 PM

Posted 19 January 2013 - 05:31 PM

looking good

how is the computer running now? any outstanding issues?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 leytonbuzz

leytonbuzz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 19 January 2013 - 10:00 PM

Thank you. The computer seems to be running fine and no outstandng issues as such. One question I did have is around what went wrong in the first place. How did the virus enter the computer (perhaps and unanswerable question) and is there anything I can do as a preventative measure.
I really appreciate your help. You are doing a brilliant job and please keep up the good work.
regards

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:49 PM

Posted 19 January 2013 - 10:31 PM

It's nearly impossible to know how a machine gets infected, unless someone is aware that they may have downloaded a virus by downloading pirated programs, or clicking on a bad link in an email, it could be as easy as stopping by a webpage that has been exploited. That's one of the reasons I recommend using the Web of Trust.

Something else to consider is disabling Java in your browser(s) - it can be easily exploited:

more info here:

http://www.techsupportforum.com/forums/f50/disable-java-in-browsers-683721.html

We just have some housekeeping to do now, please do the following:



You can delete the DDS, JRT and Farbar logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


NEXT

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    PC Safety and Security--What Do I Need?.
  • Simple and easy ways to keep your computer safe and secure on the Internet

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 leytonbuzz

leytonbuzz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 20 January 2013 - 06:59 AM

Thank you very much for all the useful infomration - it is very helpful. I have followed all the housekeeping steps. I think it is all resolved except perhaps a minor issue around IE where a typed URL does not open but a link via google (default site) does. Also, there are two version of IE (64 bit and normal) and in the 64 bit a types url works. Many thanks

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:49 PM

Posted 20 January 2013 - 04:29 PM

try setting IE back to default:

http://support.microsoft.com/kb/318378

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 leytonbuzz

leytonbuzz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:49 PM

Posted 24 January 2013 - 06:45 PM

Thanks for that - I had to unistall and reistall IE and this seemed to work. many thanks fo ryour help.

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:49 PM

Posted 24 January 2013 - 06:56 PM

ok, good

you should be good to go now :)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:49 PM

Posted 02 February 2013 - 10:50 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users