View Full Version : My life has been hijacked and i can see it!
dillagent
2011-09-01, 03:22
So i hope first of all to really relieve some stress briefly and to the point. I will be posting dds file if that is what i need to do and I have run ERUNT.
Here is what happened:
I was working on my pc...don't even remember what i was doing ...AVG popped up with do you want explorer to have access to internet...which i have said no to before because why does explorer need internet? ANyway
I clicked yes on accident..
Right away avg spotted or caught a bad program...i said clean or disinfect or whatever but then AVG hung and ever since then
1. I havent been able to upgrade or uninstall avg....
2. My browser search has been hijacked
3. SPybot finds some trojans (but cant remove them)
4. I am at war with my PC illness ....
I was getting a second problem on the spybot and i noted it here:
WindowsSecurityCenterFirewalBypass...but it didnt come up in the latest spybot report which is below along with DDS report.
If you can help I would appreciate it...soooo much thanks world...
Here is the spybot report:
Win32.AVKillsvc.e: [SBI $ACD9F3FA] Data (File, nothing done)
C:\WINDOWS\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb
Properties.size=3596
Properties.md5=5E7AC8D7611B66FD0B378E85EF175715
Properties.filedate=1314821920
Properties.filedatetext=2011-08-31 15:18:40
Win32.AVKillsvc.e: [SBI $A106152C] Data (File, nothing done)
C:\Documents and Settings\FaithLives\Local Settings\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb
Properties.size=3596
Properties.md5=5E7AC8D7611B66FD0B378E85EF175715
Properties.filedate=1314822039
Properties.filedatetext=2011-08-31 15:20:39
Win32.AVKillsvc.e: [SBI $A106152C] Data (File, nothing done)
C:\Documents and Settings\LocalService\Local Settings\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb
Properties.size=3596
Properties.md5=5E7AC8D7611B66FD0B378E85EF175715
Properties.filedate=1314821925
Properties.filedatetext=2011-08-31 15:18:44
Win32.AVKillsvc.e: [SBI $A106152C] Data (File, nothing done)
C:\Documents and Settings\NetworkService\Local Settings\Temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb
Properties.size=3596
Properties.md5=5E7AC8D7611B66FD0B378E85EF175715
Properties.filedate=1314822050
Properties.filedatetext=2011-08-31 15:20:49
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-10-08 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-08-29 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-05-16 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-08-31 Includes\Malware.sbi (*)
2011-08-30 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-05-24 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-05-03 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-06-14 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-06-20 Includes\Trojans.sbi (*)
2011-08-29 Includes\TrojansC-02.sbi (*)
2011-08-09 Includes\TrojansC-03.sbi (*)
2011-08-30 Includes\TrojansC-04.sbi (*)
2011-08-29 Includes\TrojansC-05.sbi (*)
2011-08-23 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
DDS printout:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21
Run by FaithLives at 20:14:32 on 2011-08-31
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2251 [GMT -5:00]
.
AV: AVG Internet Security *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\3543285177:1187171628.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:53414
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: YTD Toolbar Helper: {c462528a-e3b6-4ffb-b639-51efbbb5b77d} - c:\program files\ytd toolbar\Toolbar32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll
TB: YTD Toolbar: {9b596622-fdda-4e28-97f8-998c522fa58e} - c:\program files\ytd toolbar\Toolbar32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [SpybotDeletingB7561] command.com /c del "c:\windows\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
uRunOnce: [SpybotDeletingD4028] cmd.exe /c del "c:\windows\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
uRunOnce: [SpybotDeletingB7953] command.com /c del "c:\documents and settings\faithlives\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
uRunOnce: [SpybotDeletingD5214] cmd.exe /c del "c:\documents and settings\faithlives\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
uRunOnce: [SpybotDeletingB7685] command.com /c del "c:\documents and settings\localservice\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
uRunOnce: [SpybotDeletingD3042] cmd.exe /c del "c:\documents and settings\localservice\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
uRunOnce: [SpybotDeletingB1859] command.com /c del "c:\documents and settings\networkservice\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
uRunOnce: [SpybotDeletingD4786] cmd.exe /c del "c:\documents and settings\networkservice\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
uRunOnce: [SpybotDeletingB2172] command.com /c del "c:\windows\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
uRunOnce: [SpybotDeletingD1504] cmd.exe /c del "c:\windows\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
uRunOnce: [SpybotDeletingB2859] command.com /c del "c:\documents and settings\faithlives\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
uRunOnce: [SpybotDeletingD5129] cmd.exe /c del "c:\documents and settings\faithlives\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
uRunOnce: [SpybotDeletingB4783] command.com /c del "c:\documents and settings\localservice\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
uRunOnce: [SpybotDeletingD5698] cmd.exe /c del "c:\documents and settings\localservice\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
uRunOnce: [SpybotDeletingB9635] command.com /c del "c:\documents and settings\networkservice\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
uRunOnce: [SpybotDeletingD1901] cmd.exe /c del "c:\documents and settings\networkservice\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\8.0"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRunOnce: [SpybotDeletingA7673] command.com /c del "c:\windows\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
mRunOnce: [SpybotDeletingC7364] cmd.exe /c del "c:\windows\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
mRunOnce: [SpybotDeletingA6926] command.com /c del "c:\documents and settings\faithlives\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
mRunOnce: [SpybotDeletingC8798] cmd.exe /c del "c:\documents and settings\faithlives\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
mRunOnce: [SpybotDeletingA420] command.com /c del "c:\documents and settings\localservice\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
mRunOnce: [SpybotDeletingC8037] cmd.exe /c del "c:\documents and settings\localservice\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
mRunOnce: [SpybotDeletingA6956] command.com /c del "c:\documents and settings\networkservice\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
mRunOnce: [SpybotDeletingC8888] cmd.exe /c del "c:\documents and settings\networkservice\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
mRunOnce: [SpybotDeletingA5979] command.com /c del "c:\windows\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
mRunOnce: [SpybotDeletingC8208] cmd.exe /c del "c:\windows\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
mRunOnce: [SpybotDeletingA4617] command.com /c del "c:\documents and settings\faithlives\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
mRunOnce: [SpybotDeletingC5067] cmd.exe /c del "c:\documents and settings\faithlives\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
mRunOnce: [SpybotDeletingA493] command.com /c del "c:\documents and settings\localservice\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
mRunOnce: [SpybotDeletingC4091] cmd.exe /c del "c:\documents and settings\localservice\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
mRunOnce: [SpybotDeletingA800] command.com /c del "c:\documents and settings\networkservice\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
mRunOnce: [SpybotDeletingC8212] cmd.exe /c del "c:\documents and settings\networkservice\local settings\temp\{E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb"
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1282367932323
DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{96DC3001-8A25-4D11-AE58-30FAFF6008BD} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{BC9D836C-520A-43D9-AF31-12F11D12B751} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\faithlives\application data\mozilla\firefox\profiles\3luu9z50.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z065&partner_id=287&product_id=463&affiliate_id=&channel=9007&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110513&user_guid=F47E801717CF4F169FA6A21E08FB25C7&machine_id=69f208bd564c5f5336effb21a89bc640&browser=FF&os=win&os_version=5.1-x86-SP3&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 53414
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\faithlives\application data\mozilla\firefox\profiles\3luu9z50.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npeRoom7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPLV80Win32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPLV82Win32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nplv86win32.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-8-21 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-8-21 52872]
R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2011-4-30 16384]
R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [2008-8-21 15448]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-8-21 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-8-21 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-8-21 243152]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2011-7-23 16400]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2008-6-25 11344]
R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2008-6-20 11360]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-8-21 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-8-21 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-8-21 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-8-21 26192]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\MAudioDelta.sys [2010-8-21 302472]
S2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-8-21 921952]
S2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-8-21 308136]
S2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-9-20 2331544]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-8-21 5897808]
S2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
S2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\system32\nipalsm.exe --> c:\windows\system32\nipalsm.exe [?]
S2 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe --> c:\windows\system32\nipalsm.exe [?]
S2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files\ivi foundation\visa\winnt\nivisa\niLxiDiscovery.exe [2008-6-20 129144]
S2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files\national instruments\shared\mdns responder\nimdnsResponder.exe [2008-6-18 192112]
S2 Toolbar Updater Service;Toolbar Updater Service;c:\program files\startnow toolbar\toolbarupdaterservice.exe --> c:\program files\startnow toolbar\ToolbarUpdaterService.exe [?]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2006-5-8 347648]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-8-21 30104]
S3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [2008-6-23 20104]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [2011-7-23 21648]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2011-7-23 21904]
S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2008-11-11 26192]
S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2008-11-11 11344]
S3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [2008-11-11 22608]
S3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [2008-9-4 16456]
S3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [2008-7-24 11352]
S3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [2008-7-31 11336]
S3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2008-6-13 11360]
S3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [2008-8-1 11336]
S3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2008-7-25 11344]
S3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2008-7-31 11336]
S3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2008-7-31 11336]
S3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [2008-7-29 11352]
S3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [2008-6-13 11360]
S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [2008-7-23 11392]
S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [2007-4-4 14464]
S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [2007-4-4 151683]
S3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [2008-7-23 11360]
S3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [2008-7-23 11368]
S3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [2008-7-30 11360]
S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2008-12-16 11904]
S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2008-12-16 11896]
S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2008-6-25 20568]
S3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [2008-7-30 11376]
S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [2008-8-7 11352]
S3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [2008-7-30 11344]
S3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [2008-7-30 11376]
S3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2008-7-31 11336]
S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [2008-7-25 11312]
S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2008-7-25 11360]
S3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [2008-7-28 11336]
S3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2008-7-24 11360]
S3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [2008-7-31 11368]
S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [2008-6-20 11384]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2008-6-20 11360]
S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2008-7-31 11336]
S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2008-7-31 11336]
S3 usb6xxxk;usb6xxxk;\??\c:\windows\system32\drivers\usb6xxxkl.sys --> c:\windows\system32\drivers\usb6xxxkl.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-8-21 11520]
.
=============== File Associations ===============
.
regfile="regedit.exe" "%1"
.
=============== Created Last 30 ================
.
2011-08-29 23:50:46 -------- d-----w- c:\documents and settings\faithlives\application data\AVG
2011-08-29 19:51:44 -------- d-----w- c:\program files\AVAST Software
2011-08-29 19:51:44 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-08-29 19:39:45 -------- d-----w- C:\AVGTemp
2011-08-29 18:45:18 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-08-14 17:43:27 61440 ----a-r- c:\documents and settings\faithlives\application data\microsoft\installer\{5f33c9b4-ddcd-4061-874e-e471310aeaae}\NewShortcut7_B56E5B51EA954C948003CC703E2AFAD5.exe
2011-08-14 17:43:27 61440 ----a-r- c:\documents and settings\faithlives\application data\microsoft\installer\{5f33c9b4-ddcd-4061-874e-e471310aeaae}\NewShortcut1_9046FC1E1C604E8F87F08E640274C274.exe
2011-08-14 17:43:17 -------- d-----w- c:\program files\Serato
.
==================== Find3M ====================
.
2011-08-20 21:57:17 90112 ----a-w- c:\windows\DUMP7ba8.tmp
2006-05-03 17:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 18:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 20:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
.
============= FINISH: 20:15:06.96 ===============
shelf life
2011-09-04, 14:46
hi dillagent,
We can start with this:
Please download the free version of Malwarebytes (http://www.malwarebytes.org/mbam.php) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click *Remove Selected.*
*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.
dillagent
2011-09-05, 03:53
Shelf life thank you for trying to help me...
show i downloaded and installed anti -malware like you said....install went fine...update went fine....started a full scan....looks like it starts then it just disappears....its not in processes or anything its just gone...when i try to run it again....error message from windows.....
"windows cannot access the specified device path or file. you may not have appropriate permission."
:(
shelf life
2011-09-05, 14:39
We will get another download to use. You can save it to your desktop.
Download this file. (http://download.bleepingcomputer.com/sUBs/MiniFixes/Inherit.exe)
Next using explorer, locate the Malwarebytes folder in C:/Program Files and locate mbam.exe icon inside the folder. drag and drop this (mbam.exe) icon right on top of the inherit.exe you saved to your desktop. Malwarebytes should then start up and run. Do the full scan.
dillagent
2011-09-06, 09:32
Shelf-life this is quite interesting:
I did what you asked. It came up with a dialog box saying
Finished!
OK
The ok was just a button.
shelf life
2011-09-06, 14:34
I left off that after you get the "ok" then try running Malwarebytes again.
If the shortcut on the desktop dosnt launch it then repeat what you did before by dragging the mbam.exe icon in C:/Program Files/Malwarebytes on to inherit.exe and after the "ok" double click the mbam.exe icon and see if it launches ok.
dillagent
2011-09-15, 07:19
Shelf-life,
Sorry i havent been able to follow up as i have been super busy. For now this PC stays mostly off the net cause i hate this virus....AVKillservice...but i see alot of people have it...too bad they didnt have something to fix it i mean they probably do...obviously you are helping me....but damn it seems like a bitch of a virus cause it still isnt working i have tried several times. Inherit works to the point where it says finished OK...CLick try to run it(scan) and it does the same thing (nothing).....what next?
shelf life
2011-09-16, 01:55
hi,
PC stays mostly off the net This is a good thing.
Try booting into safe mode, then use inherit. To reach safe mode you would tap the f8 key during a computer restart. Chose the first option from the list, safe mode. Log into your usual account.
While you are in safe mode you can do this to. you may want to copy/paste it into notepad and save it so you can find it in safe mode:
Click Start>Run then type %temp%
Hit OK. Delete all the files you can.
click Start>Run then type %windir%\temp
hit ok. delete all the files you can
Empty your Temp folders. Go to Start > Run and type:cleanmgr. Windows will scan. When done check these 3 and press *ok* to remove:
Temporary Files
Temporary Internet Files
Recycle Bin
After the above if it works or not you can download combofix and run it. There is a guide to read first. You can read the guide on a different machine if you want to. Try running it after a normal boot up, if it gives problems try combofix in safe mode. Guide to using Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
dillagent
2011-09-30, 01:01
Shelf Life I was out of town for a few weeks and never got to post....
I was able to fix the problem with last hints you gave......
However AVG still does not work.....any idea how this recent malware affected my pc behavior?
As u remember i had an AVGkillservice thing....any ideas?
shelf life
2011-09-30, 02:40
Its been awhile. We are making progress. Read the guide on using combofix and go ahead with running that. If you have to, you can run combofix in safe mode. Post its log.
dillagent
2011-09-30, 17:14
Shelflife Thanks for all your help! I need to make a donation to spybot! thank you
thank you thank you
shelf life
2011-10-01, 00:12
Ok your welcome. Did you run combofix? You can launch and update AVG now?
dillagent
2011-10-04, 00:22
Ok your welcome. Did you run combofix? You can launch and update AVG now?
I didnt run combofix....BECAUSE everything is working i dont want to mess with a good thing. AVG can update etc.....all is good....scans dont reveal any problems
shelf life
2011-10-05, 03:16
Thats good but the reason behind running combofix is to get a closer look for malware the other scans may not have detected. Malware is going deeper and deeper into the operating system and capable of hiding from scans.
dillagent
2011-10-05, 08:10
Thats good but the reason behind running combofix is to get a closer look for malware the other scans may not have detected. Malware is going deeper and deeper into the operating system and capable of hiding from scans.
where do i get this combofix....? i saw several places...which one is the horse's mouth?
shelf life
2011-10-05, 12:14
I guess I didnt post the link. There is a guide to read first. Read through the guide first then download combofix to your desktop and run it. Post the combofix log. The guide and download link:
Guide to using Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Combofix may not run with AVG installed. AVG flags some of its files as threats. You will have to uninstall AVG via the add/remove programs panel, reboot then run combofix. This is a problem because of AVG, not combofix.
Once we are done you can reinstall AVG.
dillagent
2011-10-06, 04:38
for combo fix
dillagent
2011-10-06, 04:40
i only see a Vista download for it....ill keep looking
shelf life
2011-10-07, 01:51
There is no link just for a Vista version if thats what you mean.
From the Guide (http://www.bleepingcomputer.com/combofix/how-to-use-combofix):
At this time ComboFix can only run on the following Windows versions:
* Windows XP (32-bit only)
* Windows 2000 (32-bit only)
* Windows Vista (32-bit/64-bit)
* Windows 7 (32-bit/64-bit)
Under the topic "Using Combofix" you will find two download links.
Once you get it on your desktop, you may have to right click on the icon and chose "run as Admin" you can "allow" if you get the UAC (user account control) prompts. UAC is a "security" feature built into Vista. If its not turned on you wont get the prompts. If it is turned on then you will know what Iam talking about having seen it before.
dillagent
2011-10-20, 06:56
So a few different things.
My computer is somehow still infected.
After much delay, I decided to run Combofix. But first i uninstalled AVG. Well I did a google search, and just like before...my results got hijacked and i was redirected....so obviously i was cursing the air thinking i had it fixed!
Well anyway i managed to get combo fix and it ran...and found a
zeroaccess rootkit or something like that. I don't know...the dialog box was gone before i knew it. It did say DONT manually reboot. Let combo fix reboot. Now my computer is just sitting there. it hasn't rebooted....but there is no mouse and no icons or task bar.....so now what....?
shelf life
2011-10-21, 02:55
hi,
Its been a while. If you havent yet, just go ahead and reboot your machine back to the desktop. And we will go from there. FYI: Zeroaccess is a nasty kernel mode rootkit:
They hide malicious files and components from traditional antivirus/antimalware software. Rootkits bury themselves deep in the operating system. Special software is needed to detect and remove them. Even if symptoms are gone and logs are clean its still not a 100% guarantee that your machine is clean once a rootkit has been detected and removed. You should consider a complete reformat/reinstall of Windows as an option.
The best source for information on how to do this would be the computer manufacturers website.
Also until its clean, your computer shouldnt have any network connectivity. If your not sure how to stop this then I would just power it off when not in use.
----------------------------------------
To manually clean up the computer with current utilities proceed as follows:
Once your running again download and run TDSSkiller:
Please download TDSS Killer.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your desktop
Double click to launch the utility. Vista and Windows 7 right click and "run as admin.." After it initializes click the start scan button.
"The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
A report can also be found in your Root drive Local Disk (C) as TDSSKiller.2.4.12.0_02.01.2011_17.32.21_log.txt (name, version, date, time, log.txt)
Please post the log report
dillagent
2011-10-21, 03:22
So here is the combofix results
by the way combofix said it found stuff and removed it so im not sure if its been fixed or what i will do a spybot search again, should i run malware again as well as this TDSS killer thing?
----------------
tried to paste combofix results but it says its too big.....
i also tried to attach results and it says its also too big....
dillagent
2011-10-21, 03:54
Also my google results are not being hijacked anymore and spybot is not finding anything. Still run TDSS killer?
dillagent
2011-10-21, 20:59
I am happy to report, but don't know if i should be, that after running combo fix my pc seems to have been ridden of this root kit.
I went a step further to run TDSS killer and it found nothing. So should i rejoice or can that trip wire still be out there?
Thanks so much for your help shelf life!
dillagent
2011-10-21, 22:48
Now the only problem i have had since this whole thing started is that,
windows installer service doesnt run...
i cant run itunes.....
and trying to reinstall AVG leads to a similar error.....
i saw some trouble shooting tips that say remove Windows Visual C+++ redistributibal 2005 but then i get the Windows Installer service error....i dont know if this is related but i thought i would throw that out there since u know so much....
peace!
shelf life
2011-10-22, 00:14
ok good. Just post these sections (in red below) for now from the combofix log: If its to large, edit out one of the sections. Were you trying to run itunes or install it when you got the error.
-------------------------------------------------------------------------
ComboFix 11-08-11.03 - JD 08/11/2011 22:02:48.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.332 [GMT -4:00]
Running from: c:\documents and settings\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
c:\windows\John the Ripper
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\Legacy_Ophcrack
((((((((((((((((((((((((( Files Created from 2011-07-12 to 2011-08-12 )))))))))))))))))))))))))))))))
2011-08-09 23:48 . 2011-08-09 23:48 -------- d-----w- c:\documents and settings\Local Settings\Application Data\AirCrack
2011-08-09 23:48 . 2011-08-09 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Angry IP-Scanner
2011-08-09 01:35 . 2011-08-10 01:32 -------- d-----w- c:\windows\system32\Kismet
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2011-07-06 23:52 . 2010-05-31 19:27 41272 ----a-w- c:\windows\system32\drivers\THC Hydra
dillagent
2011-10-22, 21:02
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_b93d32d3
-------\Legacy_Toolbar_Updater_Service
-------\Service_Toolbar Updater Service
.
.
((((((((((((((((((((((((( Files Created from 2011-09-20 to 2011-10-20 )))))))))))))))))))))))))))))))
.
.
2011-10-20 04:45 . 2008-08-14 10:04 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys
2011-10-20 04:45 . 2008-08-14 10:04 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-15 08:10 . 2011-10-15 08:10 -------- d-----w- c:\documents and settings\FaithLives\AppData
2011-10-15 08:10 . 2011-10-15 08:10 -------- d-----w- c:\documents and settings\FaithLives\Application Data\searchquband
2011-10-14 15:46 . 2011-10-14 15:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 19:01 . 2011-10-07 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2011-10-06 22:20 . 2011-10-19 23:57 -------- d-----w- c:\documents and settings\FaithLives\Application Data\searchqutoolbar
2011-10-06 22:20 . 2006-11-18 16:38 200704 ----a-w- c:\windows\system32\vbalExpBar6.ocx
2011-10-06 22:20 . 2011-10-06 22:20 -------- d-----w- c:\documents and settings\FaithLives\Application Data\FreeBurner
2011-10-06 22:20 . 2011-10-06 22:20 -------- d-----w- c:\program files\Free Easy CD DVD Burner
2011-10-06 22:20 . 2008-09-25 02:33 484352 ----a-w- c:\windows\system32\lame_enc.dll
2011-10-06 22:20 . 2003-01-26 17:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2011-10-06 22:20 . 2000-10-01 23:00 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2011-10-06 22:20 . 2000-05-22 19:58 115920 ----a-w- c:\windows\system32\msinet.OCX
2011-10-06 22:20 . 1999-03-25 23:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2011-10-06 22:20 . 1998-07-13 03:00 15360 ----a-w- c:\windows\system32\inetfr.DLL
2011-10-06 22:20 . 1998-07-13 03:00 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2011-10-06 22:20 . 1998-07-12 23:00 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2011-10-06 22:06 . 2011-10-06 22:16 -------- d-----w- c:\program files\Common Files\Akamai
2011-10-06 02:56 . 2011-10-19 23:27 -------- d-----w- c:\windows\system32\drivers\AVG
2011-10-06 02:43 . 2011-10-06 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2011-10-05 15:39 . 2008-04-13 18:40 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2011-10-05 15:39 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-09-30 05:10 . 2011-09-30 05:10 -------- d-----w- c:\documents and settings\FaithLives\Application Data\AVG2012
2011-09-29 23:24 . 2011-10-06 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-19 23:43 . 2011-09-17 01:54 50112 --sha-w- c:\windows\system32\c_31312.nl_
2011-08-31 22:00 . 2011-09-05 01:40 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-20 21:57 . 2010-08-20 23:42 90112 ----a-w- c:\windows\DUMP7ba8.tmp
2011-08-14 17:43 . 2011-08-14 17:43 61440 ----a-r- c:\documents and settings\FaithLives\Application Data\Microsoft\Installer\{5F33C9B4-DDCD-4061-874E-E471310AEAAE}\NewShortcut7_B56E5B51EA954C948003CC703E2AFAD5.exe
2011-08-14 17:43 . 2011-08-14 17:43 61440 ----a-r- c:\documents and settings\FaithLives\Application Data\Microsoft\Installer\{5F33C9B4-DDCD-4061-874E-E471310AEAAE}\NewShortcut1_9046FC1E1C604E8F87F08E640274C274.exe
2006-01-23 15:32 . 2006-01-23 15:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2007-02-08 15:48 . 2007-02-08 15:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2008-12-10 19:50 . 2008-12-10 19:50 118784 ----a-w- c:\program files\internet explorer\plugins\LV86ActiveXControl.dll
2011-10-04 05:38 . 2011-04-17 01:54 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 17:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 18:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 20:30 216064 --sha-r- c:\windows\system32\nbDX.dll
dillagent
2011-10-22, 21:03
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\FaithLives\Application Data\78CA.276
c:\documents and settings\FaithLives\Favorites\Thumbs.db
c:\documents and settings\NetworkService\Application Data\78CA.276
C:\Install.exe
c:\program files\messenger\msmsgsin.exe
c:\program files\msn\msncorefiles\custdial.dll
c:\program files\msn\msncorefiles\logonmgr.dll
c:\program files\StartNow Toolbar
c:\program files\StartNow Toolbar\Resources\images\btn-msn.png
c:\program files\StartNow Toolbar\Resources\images\chevronButton.png
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\separator.png
c:\program files\StartNow Toolbar\Resources\images\splitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\protect\index.html
c:\program files\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files\StartNow Toolbar\Resources\protect\window.css
c:\program files\StartNow Toolbar\Resources\protect\window.js
c:\program files\StartNow Toolbar\Resources\reactivate\index.html
c:\program files\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files\StartNow Toolbar\Resources\reactivate\window.css
c:\program files\StartNow Toolbar\Resources\reactivate\window.js
c:\program files\StartNow Toolbar\Resources\searchbox\dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\searchbox\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\searchbox\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\searchbox\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\searchbox\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Resources\toolbarbutton\hover_c.png
c:\program files\StartNow Toolbar\Resources\toolbarbutton\hover_l.png
c:\program files\StartNow Toolbar\Resources\toolbarbutton\hover_r.png
c:\program files\StartNow Toolbar\Resources\toolbarbutton\normal_c.png
c:\program files\StartNow Toolbar\Resources\toolbarbutton\normal_l.png
c:\program files\StartNow Toolbar\Resources\toolbarbutton\normal_r.png
c:\program files\StartNow Toolbar\Resources\update.xml
c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files\StartNow Toolbar\Toolbar32.dll
c:\program files\StartNow Toolbar\uninstall.dat
c:\program files\Windows Searchqu Toolbar
c:\program files\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\datamngr.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
c:\program files\Windows Searchqu Toolbar\Datamngr\DnsBHO.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest.alt
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\DnsBHO.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\Error404BHO.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\NewTabBHO.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\RelatedSearch.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\SearchBHO.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\SettingManager.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\Settings.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\Settings.xml.alt
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\install.rdf
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\install.rdf.alt
c:\program files\Windows Searchqu Toolbar\Datamngr\IEBHO.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\as_guid.dat
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\imeshcode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\template.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\.project
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\alert_coupon.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-next-off.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-next.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-previous.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\bg-coupon-blue.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\bg-save.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\border-radius.htc
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-getcoupon.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-next-blue.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-previous-blue.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-wide-close-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\coupon-activated.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\couponTooltip.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\css\dialog.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\css\ie7style.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\css\IE7Styles.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-coupon.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-dollar.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrow-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-left.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-right.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\bg_top.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-back.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-getcoupon.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\coupon-activated.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\delete.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\loader.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb-disable.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb-down.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt-disable.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt-down.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\sprite.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-arrow-hover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-arrow.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-l.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-l_BAK.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-r.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-r_BAK.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-on-l.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-on-r.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-over-l.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-over-r.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\vid-bg.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\index.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\jquery.contextMenu.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\jquery.contextMenu.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery-1.4.2.min.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.event.wheel.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.scrollTo-min.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\JSON.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\listnav.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\main.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\page_white_copy.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\panel.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\partner.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\placeholder-logo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css\dialog.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\bg.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-disablealert-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-disablealert.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-enablealert-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-enablealert.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-help-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-help.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-showalert-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-showalert.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-wide-close-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\default.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\poweredby-couponwinner.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\transparent.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right-resize.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\main.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts\defscript.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\tb_icon.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\widget.jsw
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\widget.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\widget_version.txt
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\tb_icon.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget_version
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ca.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\divider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\games.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\images.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search-go.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\mail.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\music.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\news.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\settings.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\translate.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\weather.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\web.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\components\windowmediator.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\manifest.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstall.exe
c:\program files\Windows Searchqu Toolbar\uninstall.exe
C:\Thumbs.db
c:\windows\$NtUninstallKB29713$
c:\windows\$NtUninstallKB29713$\1380394417
c:\windows\$NtUninstallKB29713$\3107795667\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\windows\$NtUninstallKB29713$\3107795667\L\akygdmgo
c:\windows\$NtUninstallKB29713$\3107795667\loader.tlb
c:\windows\$NtUninstallKB29713$\3107795667\U\@00000001
c:\windows\$NtUninstallKB29713$\3107795667\U\@000000c0
c:\windows\$NtUninstallKB29713$\3107795667\U\@000000cb
c:\windows\$NtUninstallKB29713$\3107795667\U\@000000cf
c:\windows\$NtUninstallKB29713$\3107795667\U\@80000000
c:\windows\$NtUninstallKB29713$\3107795667\U\@800000c0
c:\windows\$NtUninstallKB29713$\3107795667\U\@800000cb
c:\windows\$NtUninstallKB29713$\3107795667\U\@800000cf
c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
c:\windows\system32\c_31312.nls
c:\windows\system32\d3d9caps.dat
.
Infected copy of c:\windows\system32\drivers\afd.sys was found and disinfected
Restored copy from - The cat found it :)
Infected copy of c:\windows\system32\msiexec.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\msiexec.exe
.
Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\wuauclt.exe
dillagent
2011-10-22, 21:06
No install, i was just trying to run Itunes....it had previously worked.
At this point when i investigate things that arent working they all point to windows installer service.
The service doesnt even show up!
When i try to install the most recent windows installer.
I get an error message that tells me my service pack is up to date and i dont need to run it. However it doesnt even let me.
So i dont know what to do with that piece.
shelf life
2011-10-23, 01:05
Go to start>run and type in services.msc and click ok or enter.
Windows service panel will open, under the Name column find Windows Installer,
double click it and under the "start up type" make sure its set to "Manual" If its not: change it to manual then click apply/ok and reboot. If its already set to manual just close the windows and exit out.
Please post this section from your combofix log: ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
dillagent
2011-10-23, 01:49
Windows Installer does not show up in services. That is what i meant in the previous post when i was saying that it was missing.
Here is what u asked for.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\FaithLives\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\FaithLives\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\FaithLives\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\FaithLives\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=SUFXV0ktWFpMVjItTllGTjMtUURQTUgtNFdGVFMtSg&inst=NzYtOTM1MjA4MzM5LVhPMzYrMS1UQjkrMi1OMUQrMS1QTCs5LUREVCs0MTY2NS1JOTArMS1ERDkwKzEtU1Q5MEFQUCsxLVZPUDkrMS1TVDEyT0krMS1FVUxBKzEtU1QxMkFQUCsx&prod=94&ver=2012.0.1809&mid=01312ffd6725a2eafdf8f2fdc65dedee-4baa18fb1f48eccd05a4a8a2a01284a1a85c9300" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave9"=Digi32.dll
"MIDI10"=diomidi.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\avg\avg10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dynex Wireless Networking Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dynex Wireless Networking Utility.lnk
backup=c:\windows\pss\Dynex Wireless Networking Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Calendar Sync.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk
backup=c:\windows\pss\Google Calendar Sync.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^FaithLives^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\FaithLives\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^FaithLives^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\FaithLives\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-15 22:42 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 12:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2006-06-29 22:34 49152 ----a-w- c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
2011-09-23 11:31 2404704 ----a-w- c:\program files\AVG\AVG2012\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link RangeBooster G WUA-2340]
2006-09-01 17:09 1880064 ----a-w- c:\program files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 06:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 13:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon]
2009-07-27 18:44 236040 ----a-w- c:\windows\system32\DeltaIITray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-03-26 15:52 1234216 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\niDevMon]
2008-07-28 15:24 106576 ----a-w- c:\program files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-09 21:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-07-09 21:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-07-08 04:52 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 10:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-12-24 16:55 1242448 ----a-w- c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 18:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty black ops\\BlackOps.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty black ops\\BlackOpsMP.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Documents and Settings\\FaithLives\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Adobe\\Adobe Photoshop CS4\\Photoshop.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
"c:\\Program Files\\Mp3tag\\Mp3tag.exe"=
"c:\\WINDOWS\\system32\\WgaTray.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\Program Files\\edcast\\edcastStandalone.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Apple Software Update\\SoftwareUpdate.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [4/30/2011 9:03 PM 16384]
R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [8/21/2008 8:04 PM 15448]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [7/23/2011 10:05 PM 16400]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [6/25/2008 11:01 AM 11344]
R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [6/20/2008 9:27 PM 11360]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\MAudioDelta.sys [8/21/2010 4:33 AM 302472]
S2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\system32\nipalsm.exe --> c:\windows\system32\nipalsm.exe [?]
S2 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe --> c:\windows\system32\nipalsm.exe [?]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [5/8/2006 7:10 PM 347648]
S3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [6/23/2008 6:11 PM 20104]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [7/23/2011 10:06 PM 21648]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [7/23/2011 10:06 PM 21904]
S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [11/11/2008 1:50 PM 26192]
S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [11/11/2008 1:52 PM 11344]
S3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [11/11/2008 1:53 PM 22608]
S3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [9/4/2008 6:04 PM 16456]
S3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [7/24/2008 11:32 AM 11352]
S3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [7/31/2008 8:21 PM 11336]
S3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [6/13/2008 3:51 PM 11360]
S3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [8/1/2008 12:30 PM 11336]
S3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [7/25/2008 11:04 AM 11344]
S3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [7/31/2008 8:21 PM 11336]
S3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [7/31/2008 8:21 PM 11336]
S3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [7/29/2008 7:21 PM 11352]
S3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [6/13/2008 3:51 PM 11360]
S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [7/23/2008 1:00 PM 11392]
S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [4/4/2007 9:06 AM 14464]
S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [4/4/2007 9:06 AM 151683]
S3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [7/23/2008 12:54 PM 11360]
S3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [7/23/2008 12:55 PM 11368]
S3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [7/30/2008 9:58 AM 11360]
S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [12/16/2008 1:57 AM 11904]
S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [12/16/2008 1:55 AM 11896]
S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [6/25/2008 11:02 AM 20568]
S3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [7/30/2008 4:26 AM 11376]
S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [8/7/2008 5:23 PM 11352]
S3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [7/30/2008 9:59 AM 11344]
S3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [7/30/2008 4:26 AM 11376]
S3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [7/31/2008 8:21 PM 11336]
S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [7/25/2008 9:44 AM 11312]
S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [7/25/2008 9:44 AM 11360]
S3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [7/28/2008 3:08 PM 11336]
S3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [7/24/2008 5:38 PM 11360]
S3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [7/31/2008 8:21 PM 11368]
S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [6/20/2008 9:28 PM 11384]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [6/20/2008 9:27 PM 11360]
S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [7/31/2008 8:21 PM 11336]
S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [7/31/2008 8:21 PM 11336]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 usb6xxxk;usb6xxxk;\??\c:\windows\system32\drivers\usb6xxxkl.sys --> c:\windows\system32\drivers\usb6xxxkl.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [8/21/2010 4:28 AM 11520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NIPALK
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.searchqu.com/421
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\FaithLives\Application Data\Mozilla\Firefox\Profiles\3luu9z50.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com//web?src=ffb&appid=0&systemid=421&sr=0&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 53414
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Notify-avgrsstarter - avgrsstx.dll
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
MSConfigStartUp-DATAMNGR - c:\progra~1\WI9130~1\Datamngr\DATAMN~1.EXE
MSConfigStartUp-DigidesignMMERefresh - c:\program files\Digidesign\Drivers\MMERefresh.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-Searchqu 0 MediaBar - c:\program files\Windows Searchqu Toolbar\uninstall.exe
AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-20 14:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
shelf life
2011-10-23, 02:54
Please check malwarebytes for updates and do a scan with it.
If you look in C: Windows/System32 do you see this file: msiexec.exe
dillagent
2011-10-25, 07:50
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8004
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
10/23/2011 10:27:15 AM
mbam-log-2011-10-23 (10-27-15).txt
Scan type: Full scan (C:\|)
Objects scanned: 360948
Time elapsed: 2 hour(s), 14 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 34
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Qoobox\quarantine\C\program files\startnow toolbar\startnowtoolbaruninstall.exe.vir (PUP.Zugo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP396\A0099936.exe (PUP.Zugo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP355\A0089497.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP355\A0090497.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP355\A0091497.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP355\A0093501.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP355\A0094509.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP355\A0092497.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP356\A0095856.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP357\A0095934.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP357\A0095983.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP358\A0096067.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP358\A0096089.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP358\A0096099.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP359\A0096117.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP359\A0096136.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP360\A0096150.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP360\A0096195.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP360\A0096207.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP360\A0096214.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP361\A0096239.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP361\A0096250.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP362\A0096303.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP362\A0096311.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP363\A0096317.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP363\A0096322.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP364\A0096330.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP364\A0096338.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP364\A0096352.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP365\A0096369.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP365\A0096381.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP365\A0096436.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP366\A0096491.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45585ace-32fb-47bb-97cc-bc63b5dbbaeb}\RP366\A0096509.ini (Backdoor.0Access) -> Quarantined and deleted successfully.
shelf life
2011-10-25, 22:48
ok thanks for the info. Can you post the rest of the combofix log. Everything after:((((((((((((( Reg Loading Points )))))))))))) or whatever will fit.
Lets get one more download also. Download this tool (http://anywhere.webrootcloudav.com/antizeroaccess.exe) to your desktop. Double click to start and follow the prompts. Post the log it generates on your desktop when its finished.
For the Windows installer problem: Are you good at following directions?
There are two methods here. (http://wiki.williams.edu/display/docs/Windows+XP+Repairing+Installer+Service)
dillagent
2011-10-26, 05:06
so that antiaccesszero came up with nothing...that seems good. also i may have fixed the windowsinstaller service thing i was able to reinstall AVG which i couldnt do before. Also itunes works now.....will get the combo fix info up but is it still necessary? wow...what an adventure this has been....
shelf life
2011-10-27, 02:35
Yes please post the rest of the combofix log.