Can't shake a virus

kayo714 · July 14, 2012

Malewarebytes Anti-Malware continously blocks incoming and outcoming processes from some unknown IP.

I followed the directions posted on

http://forums.malwar...showtopic=81385

One observation- while following the directions, after I run defogger, I am never asked to restart the computer.

Everything else happened per that post.

What do I do now?

Thanks so much in advance.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1

Run by HP_Administrator at 10:36:54 on 2012-07-13

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.997 [GMT -7:00]

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\DISC\DISCover.exe

C:\Program Files\DISC\DiscUpdateMgr.exe

C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe

C:\Program Files\DISC\DiscGui.exe

C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\PROGRA~1\SEARCH~1\SEARCH~1\DATAMN~1.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\All Users\Application Data\Verizon\UA_ar\UtilityApplication.exe

C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\arservice.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\DISC\DiscStreamHub.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\system32\wuauclt.exe

c:\windows\system\hpsysdrv.exe

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

uInternet Settings,ProxyOverride = *.local

mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.7.1.5\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.7.1.5\ips\IPSBHO.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi9130~1\datamngr\toolbar\searchqudtx.dll

BHO: SearchCore for Browsers: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\search~1\search~1\BROWSE~1.DLL

BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton internet security\norton antivirus\NavShExt.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll

BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.7.1.5\coIEPlg.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi9130~1\datamngr\toolbar\searchqudtx.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Google Update] "c:\documents and settings\hp_administrator\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe

mRun: [DISCover] c:\program files\disc\DISCover.exe

mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdateMgr.exe

mRun: [DMAScheduler] c:\program files\sonic\digitalmedia plus\digitalmedia archive\DMAScheduler.exe

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [<NO NAME>]

mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run

mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"

mRun: [DATAMNGR] c:\progra~1\search~1\search~1\DATAMN~1.EXE

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launch~1.lnk - c:\documents and settings\all users\application data\verizon\ua_ar\UtilityApplication.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe

IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html

IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html

IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

Trusted Zone: trymedia.com

DPF: {62FA83F7-20EC-4D62-AC86-BAB705EE1CCD} - hxxp://74.43.219.67/rcm/webcontrols/vnc/viewerx_static.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{7FB5DDE3-3080-41CB-BA99-9CA31494D17D} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

AppInit_DLLs: c:\progra~1\search~1\search~1\datamngr.dll c:\progra~1\search~1\search~1\IEBHO.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1307010.005\symds.sys [2012-5-18 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1307010.005\symefa.sys [2012-5-18 905336]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-12 821920]

R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1307010.005\ccsetx86.sys [2012-5-18 132744]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-4-26 242240]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1307010.005\ironx86.sys [2012-5-18 149624]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-10-14 655944]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.7.1.5\ccsvchst.exe [2012-5-18 138232]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-4 106656]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\ipsdefs\20120712.001\IDSXpx86.sys [2012-7-12 369632]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-11 22344]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\virusdefs\20120712.034\NAVENG.SYS [2012-7-13 87928]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\virusdefs\20120712.034\NAVEX15.SYS [2012-7-13 1589752]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-10 250056]

S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2012-1-26 20168]

.

=============== Created Last 30 ================

.

2012-07-12 17:31:40 -------- d-----w- c:\documents and settings\hp_administrator\application data\FixZeroAccess

2012-07-12 06:17:05 -------- d-----w- c:\program files\Oracle

2012-07-11 23:07:41 9822920 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2012-07-11 18:02:00 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-09 20:50:18 -------- d-----w- c:\program files\Comical

.

==================== Find3M ====================

.

2012-07-11 23:07:50 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-11 23:07:50 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-05 02:29:50 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-05-05 02:29:22 772504 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-05-05 02:29:16 687504 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-26 13:12:09 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

.

============= FINISH: 10:38:49.53 ===============

attach.zip

dds.txt

protection-log-2012-07-13.txt

LDTate · July 15, 2012

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

kayo714 · July 16, 2012

I ran a full system scan this morning and the results are copy/pasted below. MBAM is constantly blocking outgoing and incoming processes and the log for that is copy/pasted as well. Is this normal? I am worried because this is a new issue for my system. Thanks!

**********************************************************************************************************************************

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.15.09

Windows XP Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.18702

HP_Administrator :: YOUR-4DACD0EA75 [administrator]

Protection: Enabled

7/15/2012 9:16:17 AM

mbam-log-2012-07-15 (09-16-17).txt

Scan type: Full scan (C:\|D:\|J:\|)

Scan options disabled: P2P

Objects scanned: 629270

Time elapsed: 3 hour(s), 55 minute(s), 8 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

*********************************************************************************************************

2012/07/15 00:00:36 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 00:00:43 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 00:00:46 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 00:14:30 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 00:14:31 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 00:29:00 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 222.64.251.192 (Type: outgoing)

2012/07/15 00:29:25 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 58.241.135.131 (Type: outgoing)

2012/07/15 00:29:45 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 00:38:54 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 188.129.179.170 (Type: incoming)

2012/07/15 00:44:32 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 222.76.91.23 (Type: outgoing)

2012/07/15 00:45:30 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 01:00:47 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 01:01:18 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 222.64.176.104 (Type: outgoing)

2012/07/15 01:15:05 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 01:15:06 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 01:15:09 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 01:30:12 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 01:30:18 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 01:30:23 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 01:30:49 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 222.65.244.8 (Type: outgoing)

2012/07/15 01:45:58 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 01:46:02 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 01:46:07 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 01:46:10 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 01:52:50 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 58.240.148.71 (Type: incoming)

2012/07/15 01:59:46 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 01:59:51 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 01:59:55 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 02:12:52 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 77.78.221.12 (Type: incoming)

2012/07/15 02:13:19 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 222.76.91.92 (Type: outgoing)

2012/07/15 02:13:48 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 218.9.232.88 (Type: outgoing)

2012/07/15 02:14:04 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 02:14:12 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 02:14:17 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 02:29:03 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 89.28.87.242 (Type: outgoing)

2012/07/15 02:29:46 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 02:29:50 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 02:29:58 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 02:30:02 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 02:30:09 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 222.65.50.99 (Type: outgoing)

2012/07/15 02:41:15 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 77.78.232.149 (Type: incoming)

2012/07/15 02:44:54 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 02:45:06 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 02:45:08 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 02:59:58 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 218.10.232.41 (Type: incoming)

2012/07/15 03:01:02 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 03:06:23 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 98.142.248.4 (Type: incoming)

2012/07/15 03:16:02 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 03:16:06 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 03:16:07 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 03:16:30 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 222.69.24.25 (Type: outgoing)

2012/07/15 03:16:37 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 89.28.104.45 (Type: outgoing)

2012/07/15 03:24:05 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 222.65.68.44 (Type: incoming)

2012/07/15 03:31:32 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 03:31:42 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 03:46:16 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 03:46:24 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 04:00:30 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 04:00:35 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 04:03:22 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 194.165.0.96 (Type: incoming)

2012/07/15 04:10:37 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 109.86.183.217 (Type: incoming)

2012/07/15 04:14:20 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 04:14:23 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 04:14:40 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 222.65.104.17 (Type: outgoing)

2012/07/15 04:20:41 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 222.65.255.4 (Type: incoming)

2012/07/15 04:21:46 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 222.71.11.29 (Type: incoming)

2012/07/15 04:24:31 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 89.28.81.142 (Type: incoming)

2012/07/15 04:28:25 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 04:28:30 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 04:41:56 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 04:41:58 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 04:42:04 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 04:42:10 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 04:55:46 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 58.240.28.117 (Type: outgoing)

2012/07/15 04:55:58 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 212.113.34.45 (Type: outgoing)

2012/07/15 04:56:27 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 05:09:56 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 05:10:06 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 05:10:38 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 219.147.11.186 (Type: outgoing)

2012/07/15 05:11:10 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 77.78.212.31 (Type: incoming)

2012/07/15 05:25:38 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 05:25:44 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 05:39:50 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 89.28.52.151 (Type: outgoing)

2012/07/15 05:40:34 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 05:41:01 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 222.75.167.44 (Type: outgoing)

2012/07/15 06:04:52 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 222.71.125.211 (Type: incoming)

2012/07/15 06:07:17 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 188.95.51.205 (Type: incoming)

2012/07/15 06:09:35 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 222.70.235.150 (Type: outgoing)

2012/07/15 06:10:06 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 06:10:15 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 06:24:09 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 06:27:06 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 194.165.0.3 (Type: incoming)

2012/07/15 06:28:39 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 222.64.224.153 (Type: incoming)

2012/07/15 06:35:21 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 222.71.125.211 (Type: incoming)

2012/07/15 06:40:42 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 06:49:32 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 222.65.255.4 (Type: incoming)

2012/07/15 06:55:21 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 07:09:46 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 07:09:51 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 07:09:55 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 07:18:01 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 59.34.2.203 (Type: incoming)

2012/07/15 07:20:46 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 218.10.6.1 (Type: incoming)

2012/07/15 07:21:14 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 98.142.247.8 (Type: incoming)

2012/07/15 07:23:57 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 89.248.163.5 (Type: outgoing)

2012/07/15 07:24:40 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 07:24:50 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 07:39:55 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 89.28.103.137 (Type: outgoing)

2012/07/15 07:55:36 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 07:55:45 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 08:09:18 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 08:09:23 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 08:09:34 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 59.34.169.106 (Type: outgoing)

2012/07/15 08:23:48 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 89.28.28.104 (Type: outgoing)

2012/07/15 08:24:23 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 08:35:29 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 222.71.125.211 (Type: incoming)

2012/07/15 08:40:39 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 08:44:40 -0700 YOUR-4DACD0EA75 HP_Administrator MESSAGE Starting database refresh

2012/07/15 08:44:40 -0700 YOUR-4DACD0EA75 HP_Administrator MESSAGE Stopping IP protection

2012/07/15 08:44:40 -0700 YOUR-4DACD0EA75 HP_Administrator MESSAGE IP Protection stopped

2012/07/15 08:44:54 -0700 YOUR-4DACD0EA75 HP_Administrator MESSAGE Database refreshed successfully

2012/07/15 08:44:54 -0700 YOUR-4DACD0EA75 HP_Administrator MESSAGE Starting IP protection

2012/07/15 08:45:15 -0700 YOUR-4DACD0EA75 HP_Administrator MESSAGE IP Protection started successfully

2012/07/15 08:56:43 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 09:12:48 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 09:12:51 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

2012/07/15 09:12:56 -0700 YOUR-4DACD0EA75 HP_Administrator IP-BLOCK 203.93.109.195 (Type: outgoing)

LDTate · July 16, 2012

First thing I need you to do is uninstall utorrent

c:\program files\utorrent\uTorrent.exe

Examples of those IP's:

203.93.0.0 - 203.93.255.255

UNICOM-CN

China Unicom IP network

222.64.176.0 - 222.64.179.255

CHINANET-SH-BBAD-054

188.0.0.0 - 188.255.255.255

Amsterdam

So unless you are in China or Amsterdam, I need you to do this after uninstall uTorrent.

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
Note: If you have XP SP3, use the XP SP2 package.
If Vista or Windows 7, skip the Recovery Console part
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

kayo714 · July 16, 2012

I followed the directions and now am running my system and it seems to be running without incident for now. I will keep an eye on my computer for the next couple of days and will let you know if anything seems out of the ordinary. But for now it seems to be working great. Thank you so much for you help. The log is copy/pasted below. Thanks again!

********************************************************************************************************************************

ComboFix 12-07-16.01 - HP_Administrator 07/16/2012 11:07:54.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1590 [GMT -7:00]

Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\divqh.exe

c:\documents and settings\Administrator\Local Settings\Application Data\{73F1AD81-21CE-40AD-BA9C-E559164F2E95}

c:\documents and settings\Administrator\Local Settings\Application Data\{73F1AD81-21CE-40AD-BA9C-E559164F2E95}\chrome.manifest

c:\documents and settings\Administrator\Local Settings\Application Data\{73F1AD81-21CE-40AD-BA9C-E559164F2E95}\chrome\content\_cfg.js

c:\documents and settings\Administrator\Local Settings\Application Data\{73F1AD81-21CE-40AD-BA9C-E559164F2E95}\chrome\content\c.js

c:\documents and settings\Administrator\Local Settings\Application Data\{73F1AD81-21CE-40AD-BA9C-E559164F2E95}\chrome\content\overlay.xul

c:\documents and settings\Administrator\Local Settings\Application Data\{73F1AD81-21CE-40AD-BA9C-E559164F2E95}\install.rdf

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\All Users\Application Data\Propellerhead Software\ReCycle

c:\documents and settings\All Users\Application Data\Propellerhead Software\ReCycle\ReCycle210.dat

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\HP_Administrator\Application Data\HPSU_48BitScanUpdate.log

c:\documents and settings\HP_Administrator\Application Data\Propellerhead Software\ReCycle

c:\documents and settings\HP_Administrator\Application Data\Propellerhead Software\ReCycle\ReCycle Preferences File.prf

c:\documents and settings\HP_Administrator\Application Data\Propellerhead Software\ReCycle\ReCycle220.dat

c:\documents and settings\HP_Administrator\WINDOWS

C:\dvglbk.exe

c:\program files\Blinkx

c:\program files\Blinkx\blinkx.ico

c:\program files\Blinkx\blinkxss.exe

c:\program files\Blinkx\blinkxstop.exe

c:\program files\Blinkx\lang.dll

c:\program files\Blinkx\templates\beat.ico

c:\program files\Blinkx\templates\index.html

c:\program files\Blinkx\templates\noflash.html

c:\program files\Blinkx\templates\offline.html

c:\program files\Blinkx\templates\offline.swf

c:\program files\Blinkx\templates\uninstall.exe

c:\program files\Image Converter .EXE

c:\program files\Image Converter .EXE\blank.gif

c:\program files\Image Converter .EXE\compare template.html

c:\program files\Image Converter .EXE\detail template.html

c:\program files\Image Converter .EXE\Help\CommandLines.htm

c:\program files\Image Converter .EXE\Help\pv_registration.mht

c:\program files\Image Converter .EXE\imageconverter.exe

c:\program files\Image Converter .EXE\license.txt

c:\program files\Image Converter .EXE\logfile.txt

c:\program files\Image Converter .EXE\thumbnail template.html

c:\program files\Image Converter .EXE\unins000.dat

c:\program files\Image Converter .EXE\unins000.exe

c:\program files\Image Converter .EXE\Web\Image Converter .EXE Home Page.url

c:\program files\Image Converter .EXE\Web\Order Image Converter .EXE.url

c:\program files\Image Converter .EXE\Web\SoftTech InterCorp.url

c:\program files\Windows Searchqu Toolbar

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\as_guid.dat

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\imeshcode.js

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\template.xml

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\tb_icon.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.js

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.xml

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget_version

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ca.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\divider.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\games.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\images.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search-go.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\mail.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\music.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\news.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\settings.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\translate.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\weather.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\web.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\components\windowmediator.js

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\manifest.xml

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstall.exe

c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstallTB.exe

C:\s

C:\tixqapi.exe

c:\windows\$NtUninstallKB60485$

c:\windows\$NtUninstallKB60485$\1908818750

c:\windows\$NtUninstallKB60485$\2338809634\@

c:\windows\$NtUninstallKB60485$\2338809634\bckfg.tmp

c:\windows\$NtUninstallKB60485$\2338809634\cfg.ini

c:\windows\$NtUninstallKB60485$\2338809634\Desktop.ini

c:\windows\$NtUninstallKB60485$\2338809634\keywords

c:\windows\$NtUninstallKB60485$\2338809634\kwrd.dll

c:\windows\$NtUninstallKB60485$\2338809634\L\aqaeidou

c:\windows\$NtUninstallKB60485$\2338809634\U\00000001.@

c:\windows\$NtUninstallKB60485$\2338809634\U\00000002.@

c:\windows\$NtUninstallKB60485$\2338809634\U\00000004.@

c:\windows\$NtUninstallKB60485$\2338809634\U\80000000.@

c:\windows\$NtUninstallKB60485$\2338809634\U\80000004.@

c:\windows\$NtUninstallKB60485$\2338809634\U\80000032.@

c:\windows\iun6002.exe

c:\windows\mscplp.dll

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\ps2.bat

.

Infected copy of c:\windows\system32\samsrv.dll was found and disinfected

Restored copy from - c:\system volume information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0000179.dll

.

c:\windows\system32\drivers\intelppm.sys . . . is missing!!

.

((((((((((((((((((((((((( Files Created from 2012-06-16 to 2012-07-16 )))))))))))))))))))))))))))))))

.

2012-07-12 17:31 . 2012-07-12 17:31 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\FixZeroAccess

2012-07-12 06:17 . 2012-07-12 06:17 -------- d-----w- c:\program files\Oracle

2012-07-12 06:13 . 2012-07-12 06:13 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2012-07-11 23:07 . 2012-07-11 23:07 9822920 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2012-07-11 18:02 . 2012-07-03 20:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-09 20:50 . 2012-07-09 20:50 -------- d-----w- c:\program files\Comical

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-11 23:07 . 2012-04-10 16:14 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-11 23:07 . 2011-12-06 11:56 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-05 02:29 . 2012-01-30 02:27 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-05-05 02:29 . 2012-05-21 17:31 772504 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-05-05 02:29 . 2012-01-30 02:27 687504 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-26 13:12 . 2012-04-26 13:12 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll

2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-04 1514152]

.

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2012-01-04 00:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-04 1514152]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-04 1514152]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]

"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]

"nwiz"="nwiz.exe" [2006-01-25 1519616]

"RTHDCPL"="RTHDCPL.EXE" [2006-01-23 15969280]

"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]

"DISCover"="c:\program files\DISC\DISCover.exe" [2005-11-12 1064960]

"DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-11-12 61440]

"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]

"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-04 1391272]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-02-21 180269]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

Launch Utility Application.lnk - c:\documents and settings\All Users\Application Data\Verizon\UA_ar\UtilityApplication.exe [2010-12-15 491520]

Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-2-20 36903]

.

c:\documents and settings\Default User\Start Menu\Programs\Startup\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-20 27136]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"midi1"=ma_cmidn.dll

"midi2"=ma_cmidn.dll

"midi3"=ma_cmidn.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\DISC\\DISCover.exe"=

"c:\\Program Files\\DISC\\DiscStreamHub.exe"=

"c:\\Program Files\\DISC\\myFTP.exe"=

"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1307010.005\symds.sys [5/18/2012 4:41 AM 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1307010.005\symefa.sys [5/18/2012 4:41 AM 905336]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120711.002\BHDrvx86.sys [7/12/2012 3:15 AM 821920]

R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1307010.005\ccsetx86.sys [5/18/2012 4:41 AM 132744]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [4/26/2012 6:12 AM 242240]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1307010.005\ironx86.sys [5/18/2012 4:41 AM 149624]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/14/2009 10:23 PM 655944]

R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe [5/18/2012 4:41 AM 138232]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/4/2012 6:55 PM 106656]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120713.001\IDSXpx86.sys [7/13/2012 6:06 PM 369632]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/11/2012 11:02 AM 22344]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/10/2012 9:14 AM 250056]

S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [1/26/2012 2:30 PM 20168]

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 23:07]

.

2012-07-11 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]

.

2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 07:20]

.

2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 07:20]

.

2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-383295116-2668511268-2875537773-1008Core.job

- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-28 15:45]

.

2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-383295116-2668511268-2875537773-1008UA.job

- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-28 15:45]

.

2012-07-16 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2012-01-04 00:31]

.

2011-03-20 c:\windows\Tasks\videopadShakeIcon.job

- c:\program files\NCH Software\VideoPad\videopad.exe [2011-03-17 01:23]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

uInternet Settings,ProxyOverride = *.local

IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html

IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html

IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html

Trusted Zone: trymedia.com

TCP: DhcpNameServer = 192.168.1.254

DPF: {62FA83F7-20EC-4D62-AC86-BAB705EE1CCD} - hxxp://74.43.219.67/rcm/webcontrols/vnc/viewerx_static.cab

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-10 - (no file)

HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe

AddRemove-KeyStation1x1 - c:\windows\iun6002.exe

AddRemove-Searchqu 410 MediaBar - c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstallTB.exe

AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-16 11:29

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(804)

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

- - - - - - - > 'explorer.exe'(852)

c:\windows\system32\WININET.dll

c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\arservice.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\ARPWRMSG.EXE

c:\windows\RTHDCPL.EXE

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\nvsvc32.exe

c:\progra~1\SEARCH~1\SEARCH~1\DATAMN~1.EXE

c:\windows\system32\wdfmgr.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\wscntfy.exe

c:\windows\eHome\ehmsas.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\DISC\DiscStreamHub.exe

c:\hp\KBD\KBD.EXE

c:\windows\system\hpsysdrv.exe

.

**************************************************************************

.

Completion time: 2012-07-16 11:36:22 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-16 18:36

ComboFix2.txt 2009-04-05 20:22

.

Pre-Run: 10,038,919,168 bytes free

Post-Run: 10,269,528,064 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 6AE9DD1F07A2303C553D30120E0FA631

LDTate · July 16, 2012

Use add/remove programs and uninstall: Ask.com

After that:

Good job

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

Click START run
Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

Click START Search
Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Here's my usual final post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good

Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
(Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
Without a firewall your computer is succeptible to being hacked and taken over.
I am very serious about this and see it happen almost every day with my clients.
Simply using a Firewall in its default configuration can lower your risk greatly.
Securing Your Web Browser
This paper will help you configure your web browser for safer internet surfing.
Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.
•Free browser plug-in for Internet Explorer and Firefox
•Real-time safety ratings
•Ideal for Facebook, Twitter and LinkedIn
JAVA Click this link and click on the Free JAVA Download
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
This will ensure your computer has always the latest security updates available installed on your computer.
If there are new updates to install, install them immediately, reboot your computer, and revisit the site
until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

Dynamically Blocks Malware Sites & Servers
Malware Execution Prevention

Save yourself the hassle and get protected.

LDTate · July 20, 2012

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Sign In

Can't shake a virus

Recommended Posts

kayo714

Link to post

Share on other sites

LDTate

Link to post

Share on other sites

kayo714

Link to post

Share on other sites

LDTate

Link to post

Share on other sites

kayo714

Link to post

Share on other sites

LDTate

Link to post

Share on other sites

LDTate

Link to post

Share on other sites

Recently Browsing 0 members

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information