1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Have a "used" computer...but very slow. Is it infected?

Discussion in 'Virus & Other Malware Removal' started by 12FindersKeepers, Aug 11, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. 12FindersKeepers

    12FindersKeepers Thread Starter

    Joined:
    Apr 27, 2012
    Messages:
    84
    At times when surfing the web I get redirected to this website called "searchnu.com/searchqu.com" when opening a new tab up, as well as some odd host.dll prompting at times to be enabled as an add on...help please?


    SysInfo
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, 64 bit
    Processor: Intel(R) Celeron(R) CPU 450 @ 2.20GHz, Intel64 Family 6 Model 22 Stepping 1
    Processor Count: 1
    RAM: 2012 Mb
    Graphics Card: Intel(R) G45/G43 Express Chipset, 782 Mb
    Hard Drives: C: Total - 291241 MB, Free - 248637 MB; D: Total - 14000 MB, Free - 7880 MB;
    Motherboard: Dell Inc., 018D1Y
    Antivirus: McAfee Anti-Virus and Anti-Spyware, Updated and Enabled

    HijackThis.Log
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 4:38:22 PM, on 8/11/2012
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v9.00 (9.00.8112.16447)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
    C:\Program Files (x86)\Bandoo\BndCore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
    C:\Users\brandon\Desktop\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
    O2 - BHO: EpicPlay Games - {56E4076B-A42B-4745-BA35-34DA8AC4C2F2} - C:\Program Files (x86)\EpicPlay\epicPlayGames.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120116144105.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
    O2 - BHO: Loader Class - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WI3C8A~1\Datamngr\BROWSE~1.DLL
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
    O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll
    O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
    O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
    O4 - HKCU\..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O20 - AppInit_DLLs: c:\progra~2\wi3c8a~1\datamngr\datamngr.dll c:\progra~2\wi3c8a~1\datamngr\iebho.dll c:\progra~2\bandoo\bndhook.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bandoo Coordinator - Bandoo Media Inc. - C:\Program Files (x86)\Bandoo\Bandoo.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 10310 bytes
     
  2. Cheeseball81

    Cheeseball81 Moderator Malware Specialist

    Joined:
    Mar 3, 2004
    Messages:
    83,940
    Yes, it's infected.

    Please download DDS by sUBs to your desktop from one of the following locations:

    http://download.bleepingcomputer.com/sUBs/dds.scr
    http://www.forospyware.com/sUBs/dds

    Disable any script blocker you may have, as they may interfere and then double-click the DDS.scr to run the tool.

    When DDS has finished scanning, it will open two logs named as follows:

    DDS.txt
    Attach.txt


    Save them both to your desktop and then proceed on to the next step.

    Please download GMER from: http://gmer.net/index.php

    Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

    Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.

    Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

    If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are unchecked on the right-hand side:

    IAT/EAT
    Any drive letter other than the primary system drive (which is generally C).

    Click the Scan button and when the scan is finished, click Save and save the log in Notepad with the name ark.txt to your desktop.

    Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the PC during the scan as it may cause it to freeze.

    Please post the requested logs/reports, as follows:

    Copy and paste the contents of the DDS.txt file.
    Upload as an attachment the Attach.txt file.
    Copy and paste the contents of the ark.txt file.
     
  3. 12FindersKeepers

    12FindersKeepers Thread Starter

    Joined:
    Apr 27, 2012
    Messages:
    84
    Alright how do I go about removing CD emulation programs? ....what are they exactly?
     
  4. 12FindersKeepers

    12FindersKeepers Thread Starter

    Joined:
    Apr 27, 2012
    Messages:
    84
    Alright here are the first logs from the DDS:

    DDS.txt

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by brandon at 19:27:28 on 2012-08-12
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2013.1154 [GMT -7:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\mfevtps.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files (x86)\Bandoo\Bandoo.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
    C:\Program Files (x86)\Bandoo\BndCore.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\wuauclt.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
    C:\Windows\system32\SearchProtocolHost.exe
    c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = about:blank
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: EpicPlay Games: {56e4076b-a42b-4745-ba35-34da8ac4c2f2} - C:\Program Files (x86)\EpicPlay\epicPlayGames.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120116144105.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
    BHO: Loader Class: {9d717f81-9148-4f12-8568-69135f087db0} - C:\PROGRA~2\WI3C8A~1\Datamngr\BROWSE~1.DLL
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
    BHO: BandooIEPlugin Class: {eb5cee80-030a-4ed8-8e20-454e9c68380f} - C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll
    TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll"
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.7.254
    TCP: Interfaces\{2EDE879D-EE42-40A4-AC24-AC3ED51099D5} : DhcpNameServer = 192.168.7.254
    AppInit_DLLs: c:\progra~2\wi3c8a~1\datamngr\datamngr.dll c:\progra~2\wi3c8a~1\datamngr\iebho.dll c:\progra~2\bandoo\bndhook.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO-X64: McAfee Phishing Filter - No File
    BHO-X64: EpicPlay Games: {56E4076B-A42B-4745-BA35-34DA8AC4C2F2} - C:\Program Files (x86)\EpicPlay\epicPlayGames.dll
    BHO-X64: EpicPlay Games - No File
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120116144105.dll
    BHO-X64: scriptproxy - No File
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
    BHO-X64: Searchqu Toolbar - No File
    BHO-X64: Loader Class: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WI3C8A~1\Datamngr\BROWSE~1.DLL
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
    BHO-X64: BandooIEPlugin Class: {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll
    BHO-X64: Bandoo IE Plugin - No File
    TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll"
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
    AppInit_DLLs-X64: c:\progra~2\wi3c8a~1\datamngr\datamngr.dll c:\progra~2\wi3c8a~1\datamngr\iebho.dll c:\progra~2\bandoo\bndhook.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
    R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
    R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-5-15 355440]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-5-15 355440]
    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-5-15 355440]
    R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-5-15 200056]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-5-15 245352]
    R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
    R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-13 250056]
    S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-07-14 20:29:54 -------- d-----w- C:\Nexon
    .
    ==================== Find3M ====================
    .
    2012-08-02 20:31:04 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-02 20:31:04 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-06-12 03:02:52 3147264 ----a-w- C:\Windows\System32\win32k.sys
    2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll
    2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    .
    ============= FINISH: 19:28:23.32 ===============

    Attach.txt is attached as instructed by the program.
     

    Attached Files:

  5. Cheeseball81

    Cheeseball81 Moderator Malware Specialist

    Joined:
    Mar 3, 2004
    Messages:
    83,940
    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT! Save ComboFix.exe to your Desktop

    Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

    Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    Remember to re-enable the protection again afterwards before connecting to the Internet.

    Double click on ComboFix.exe & follow the prompts.

    Click on Yes to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
     
  6. 12FindersKeepers

    12FindersKeepers Thread Starter

    Joined:
    Apr 27, 2012
    Messages:
    84
    Alright here's the combofix log:

    ComboFix 12-08-13.01 - brandon 08/13/2012 14:47:44.1.1 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2013.1180 [GMT -7:00]
    Running from: c:\users\brandon\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-13 21:55 . 2012-08-13 21:55 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-11 19:36 . 2012-08-11 19:36 -------- d-----w- c:\users\Rossana
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-02 20:31 . 2012-07-13 18:14 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-02 20:31 . 2011-05-14 23:12 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-13 07:01 . 2011-06-05 17:42 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-06-12 03:02 . 2012-07-13 07:06 3147264 ----a-w- c:\windows\system32\win32k.sys
    2012-06-09 05:30 . 2012-07-12 22:10 14165504 ----a-w- c:\windows\system32\shell32.dll
    2012-06-06 05:50 . 2012-07-12 22:09 2003968 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 05:50 . 2012-07-12 22:09 1880064 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-06 05:09 . 2012-07-12 22:09 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-06-06 05:09 . 2012-07-12 22:09 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-06-02 22:19 . 2012-06-23 03:02 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-23 03:03 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-23 03:03 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-23 03:03 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-23 03:02 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 22:19 . 2012-06-23 03:02 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-23 03:03 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-23 03:02 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 22:15 . 2012-06-23 03:02 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 12:49 . 2012-07-13 06:59 17807360 ----a-w- c:\windows\system32\mshtml.dll
    2012-06-02 12:17 . 2012-07-13 06:59 10924032 ----a-w- c:\windows\system32\ieframe.dll
    2012-06-02 12:12 . 2012-07-13 06:59 2311680 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-02 12:05 . 2012-07-13 06:59 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-06-02 12:05 . 2012-07-13 06:59 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-06-02 12:04 . 2012-07-13 06:59 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-06-02 12:04 . 2012-07-13 06:59 237056 ----a-w- c:\windows\system32\url.dll
    2012-06-02 12:03 . 2012-07-13 06:59 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-06-02 12:01 . 2012-07-13 06:59 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-06-02 12:00 . 2012-07-13 06:59 818688 ----a-w- c:\windows\system32\jscript.dll
    2012-06-02 11:59 . 2012-07-13 06:59 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-06-02 11:57 . 2012-07-13 06:59 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-06-02 11:57 . 2012-07-13 06:59 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-06-02 11:54 . 2012-07-13 06:59 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-06-02 08:33 . 2012-07-13 06:59 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-06-02 08:25 . 2012-07-13 06:59 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-06-02 08:25 . 2012-07-13 06:59 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20 . 2012-07-13 06:59 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16 . 2012-07-13 06:59 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-06-02 05:38 . 2012-07-12 22:09 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 05:38 . 2012-07-12 22:09 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 05:37 . 2012-07-12 22:09 459216 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 05:27 . 2012-07-12 22:09 340992 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 05:27 . 2012-07-12 22:09 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2012-06-02 04:48 . 2012-07-12 22:09 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2012-06-02 04:48 . 2012-07-12 22:09 225280 ----a-w- c:\windows\SysWow64\schannel.dll
    2012-06-02 04:47 . 2012-07-12 22:09 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2012-06-02 04:42 . 2012-07-12 22:09 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
    "PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\IEBHO.dll c:\progra~2\Bandoo\BndHook.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056]
    R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
    R3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0;PCDSRVC{67F2314B-25F2B3C0-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\gencotst\pcdsrvc_x64.pkms [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-15 1255736]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 138752]
    S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-31 236544]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 20:31]
    .
    2012-04-30 c:\windows\Tasks\Norton Security Scan for brandon.job
    - c:\progra~2\NORTON~2\Engine\361~1.11\Nss.exe [2011-11-30 07:47]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-13 165912]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-13 387608]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-13 365592]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-20 8306208]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.7.254
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-10 - (no file)
    Wow6432Node-HKCU-Run-Weather - c:\program files (x86)\AWS\WeatherBug\Weather.exe
    Toolbar-Locked - (no file)
    Toolbar-10 - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{67F2314B-25F2B3C0-06020101}_0]
    "ImagePath"="\??\c:\gencotst\pcdsrvc_x64.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Bandoo\Bandoo.exe
    c:\program files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-13 15:02:02 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-13 22:02
    .
    Pre-Run: 261,158,281,216 bytes free
    Post-Run: 261,570,543,616 bytes free
    .
    - - End Of File - - A821487449047A39C0BC0175E0107D48

    The computer seems to be running a lot faster without pop-ups...thanks alot! :D Also I tried running GMER but I had no results of any detected threats.
     
  7. Cheeseball81

    Cheeseball81 Moderator Malware Specialist

    Joined:
    Mar 3, 2004
    Messages:
    83,940
    Glad to hear that! Just a few more steps...

    The following programs should be uninstalled via Control Panel > Programs and Features:

    Bandoo
    Windows iLivid Toolbar




    Open Notepad and copy and paste the text in the quote box below into it:





    Save the file to you desktop and name it CFScript.txt

    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.



    [​IMG]



    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
     
  8. 12FindersKeepers

    12FindersKeepers Thread Starter

    Joined:
    Apr 27, 2012
    Messages:
    84
    Alright here's the new combofix log:

    ComboFix 12-08-13.01 - brandon 08/13/2012 20:45:21.2.1 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2013.1133 [GMT -7:00]
    Running from: c:\users\brandon\Desktop\ComboFix.exe
    Command switches used :: c:\users\brandon\Desktop\CFScript.txt
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\progra~2\WI3C8A~1
    c:\progra~2\WI3C8A~1\Datamngr\BrowserConnection.dll
    c:\progra~2\WI3C8A~1\Datamngr\datamngr.dll
    c:\progra~2\WI3C8A~1\Datamngr\datamngrUI.exe
    c:\progra~2\WI3C8A~1\Datamngr\DnsBHO.dll
    c:\progra~2\WI3C8A~1\Datamngr\IEBHO.dll
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\as_guid.dat
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\bandoocode.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\data\search\engines.xml
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\data\search\search.xsl
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\imeshcode.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\about.xml
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\bandoocode.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\external.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\imeshcode.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\vmncode.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\modules\datastore.jsm
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\neterror.xhtml
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\partner.coupons.xml
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\preferences.xml
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\radiobeta.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\template.xml
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\toolbar.htm
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\toolbar.xul
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\vmncode.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\vmnrsswin.xml
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_icon.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_iconFF.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_iconPressed.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_iconPressedFF.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_pref_icon.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\thumbs\tb_thumb_icon.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\widget.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\widget.jsw
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\widget.xml
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\alert_coupon.css
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-next-off.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-next.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-previous-off.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-previous.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\bg-coupon-blue.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\bg-save.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-getcoupon.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-next-blue.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-previous-blue.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-wide-close-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-wide-close.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\coupon-activated.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\couponTooltip.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\css\dialog.css
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\css\ie7style.css
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-coupon.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-dollar.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrow-grey.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-left.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-right.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\bg_top.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-back.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-getcoupon.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-search.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\coupon-activated.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\delete.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\loader.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb-disable.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb-down.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt-disable.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt-down.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\sprite.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-arrow-hover.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-arrow.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-l.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-l_BAK.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-r.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-r_BAK.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-on-l.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-on-r.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-over-l.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-over-r.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-left.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-mdl.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-right.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\vid-bg.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\index.html
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\jquery.contextMenu.css
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\jquery.contextMenu.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery-1.4.2.min.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.event.wheel.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.scrollTo-min.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\JSON.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\listnav.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\main.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\page_white_copy.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\panel.html
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\partner.xml
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\placeholder-logo.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css\dialog.css
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\bg.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-wide-close-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-wide-close.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\default.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\transparent.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-left.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-mdl.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right-resize.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\main.html
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts\defscript.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\tb_icon.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\widget.jsw
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\widget.xml
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\widget_version.txt
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\css\dialog.css
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrow-grey.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-left.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-right.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\back.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\delete.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-disable.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-down.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-disable.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-down.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow-hover.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-l.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-r.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-l.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-r.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-l.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-r.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-left.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-mdl.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-right.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-left.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-mdl.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-right.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\throbber.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\vid-bg.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\youtube.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\index.html
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\function.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\jquery-1.4.2.min.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\JSON.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css\dialog.css
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\bg-facebook.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\blank.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\default.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\transparent.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-left.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-mdl.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right-resize.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\main.html
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\defscript.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\jquery-1.4.2.min.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\tb_icon.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.jsw
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.xml
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget_version.txt
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\tb_icon.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.xml
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget_version
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\babylon_logo.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\bandoo.css
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\bluelite.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\bluesky.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\btn-search-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\btn-search.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\btn-settings-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\btn-settings.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\btn-widgets.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\btn_settings.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\ca.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\dictionary.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\divider.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\downloadcom.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\dtxlogo.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\ebay.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\email.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\email_on.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\facebook.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\games.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\graphred0.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\graphred0_5.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\graphred1.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\graphred1_5.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\graphred2.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\graphred2_5.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\graphred3.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\graphred3_5.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\graphred4.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\graphred4_5.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\graphred5.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\graphredna.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\grey.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\ico-shield.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\icon_radio_png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\icon_seperator_png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\icon_twitter.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\icon_youtube.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\images.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\imesh.css
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\add.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\aol.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\blank.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\checkmark.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\chevron.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\collapse.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\comcast.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\dtx.css
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\edit-back.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\expand.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\found.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\gmail.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\highlight.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\hotmail.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\ico-check.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\imap.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\lock.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\mailcom.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\modify.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\move.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\movetarget.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\pop.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\reload.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\remove.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\rename.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\rss.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\search-go.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\search.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\throbber.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lib\yahoo.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\lichen.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\logo-about.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\logo-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\logo-separator.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\logo.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\mail.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\maps.bmp
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\modify-save.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\modify.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\modifyhot.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\music.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\news.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\options\options-main.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\options\options-search.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\options\options-weather.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\options\options-weather.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\options\options-widgets.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\orange.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\pixsy.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\protect-id.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\radiobeta.ico
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\relatedlinks.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rss-collapse.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rss-delete.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rss-expand.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rss-feed.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rss-folder.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rss-found.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rss-reload.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rss-subscribe.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rss.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rssback.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\rsstopback.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\search-over.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\search.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\search_button_over_png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\search_button_png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\settings.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\shopping.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\siteinfo.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\skin-bluelite.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\skin-bluesky.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\skin-grey.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\skin-lichen.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\skin-orange.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\skin-yellow.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\skin.xml
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\technorati.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\throbber.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\translate.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\video.bmp
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\vmn.css
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\vmn.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\weather.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\web.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\wikipedia.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\yahoosearch.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\yellow.gif
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\youtube.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\chrome\skin\zoom.png
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\components\windowmediator.js
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\dtUser.exe
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\manifest.xml
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\searchquband.dll
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
    c:\progra~2\WI3C8A~1\Datamngr\ToolBar\uninstall.exe
    c:\progra~2\WI3C8A~1\Datamngr\x64\BrowserConnection.dll
    c:\progra~2\WI3C8A~1\Datamngr\x64\datamngr.dll
    c:\progra~2\WI3C8A~1\Datamngr\x64\datamngrUI.exe
    c:\progra~2\WI3C8A~1\Datamngr\x64\DnsBHO.dll
    c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll
    c:\users\brandon\AppData\Local\Temp\{B8A859E4-4BD8-4CDE-A516-7C07B3F78F02}\fpb.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-14 03:54 . 2012-08-14 03:54 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-14 00:10 . 2012-08-14 00:10 -------- d-----w- c:\users\brandon\AppData\Roaming\Apple Computer
    2012-08-13 22:25 . 2012-08-13 22:25 -------- d-----w- c:\program files\Bonjour
    2012-08-13 22:25 . 2012-08-13 22:25 -------- d-----w- c:\program files (x86)\Bonjour
    2012-08-11 19:36 . 2012-08-11 19:36 -------- d-----w- c:\users\Rossana
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-02 20:31 . 2012-07-13 18:14 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-02 20:31 . 2011-05-14 23:12 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-13 07:01 . 2011-06-05 17:42 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-06-12 03:02 . 2012-07-13 07:06 3147264 ----a-w- c:\windows\system32\win32k.sys
    2012-06-09 05:30 . 2012-07-12 22:10 14165504 ----a-w- c:\windows\system32\shell32.dll
    2012-06-06 05:50 . 2012-07-12 22:09 2003968 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 05:50 . 2012-07-12 22:09 1880064 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-06 05:09 . 2012-07-12 22:09 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-06-06 05:09 . 2012-07-12 22:09 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-06-02 22:19 . 2012-06-23 03:02 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-23 03:03 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-23 03:03 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-23 03:03 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-23 03:02 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 22:19 . 2012-06-23 03:02 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-23 03:03 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-23 03:02 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 22:15 . 2012-06-23 03:02 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 12:49 . 2012-07-13 06:59 17807360 ----a-w- c:\windows\system32\mshtml.dll
    2012-06-02 12:17 . 2012-07-13 06:59 10924032 ----a-w- c:\windows\system32\ieframe.dll
    2012-06-02 12:12 . 2012-07-13 06:59 2311680 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-02 12:05 . 2012-07-13 06:59 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-06-02 12:05 . 2012-07-13 06:59 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-06-02 12:04 . 2012-07-13 06:59 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-06-02 12:04 . 2012-07-13 06:59 237056 ----a-w- c:\windows\system32\url.dll
    2012-06-02 12:03 . 2012-07-13 06:59 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-06-02 12:01 . 2012-07-13 06:59 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-06-02 12:00 . 2012-07-13 06:59 818688 ----a-w- c:\windows\system32\jscript.dll
    2012-06-02 11:59 . 2012-07-13 06:59 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-06-02 11:57 . 2012-07-13 06:59 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-06-02 11:57 . 2012-07-13 06:59 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-06-02 11:54 . 2012-07-13 06:59 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-06-02 08:33 . 2012-07-13 06:59 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-06-02 08:25 . 2012-07-13 06:59 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-06-02 08:25 . 2012-07-13 06:59 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20 . 2012-07-13 06:59 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16 . 2012-07-13 06:59 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-06-02 05:38 . 2012-07-12 22:09 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 05:38 . 2012-07-12 22:09 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 05:37 . 2012-07-12 22:09 459216 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 05:27 . 2012-07-12 22:09 340992 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 05:27 . 2012-07-12 22:09 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2012-06-02 04:48 . 2012-07-12 22:09 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2012-06-02 04:48 . 2012-07-12 22:09 225280 ----a-w- c:\windows\SysWow64\schannel.dll
    2012-06-02 04:47 . 2012-07-12 22:09 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2012-06-02 04:42 . 2012-07-12 22:09 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-08-13_21.57.52 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-08-31 06:05 . 2011-08-31 06:05 50536 c:\windows\SysWOW64\jdns_sd.dll
    + 2011-08-31 06:05 . 2011-08-31 06:05 73064 c:\windows\SysWOW64\dnssd.dll
    + 2011-08-31 06:05 . 2011-08-31 06:05 83816 c:\windows\SysWOW64\dns-sd.exe
    - 2009-07-14 04:54 . 2012-08-13 21:43 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-08-14 03:38 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-08-14 03:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-08-13 21:43 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-04-11 23:34 . 2012-08-14 03:42 42776 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-08-14 03:42 34774 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-05-15 12:19 . 2012-08-14 03:42 14012 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2197944498-1659953468-3839740700-1003_UserData.bin
    + 2011-08-31 06:05 . 2011-08-31 06:05 61288 c:\windows\system32\jdns_sd.dll
    - 2009-07-14 05:30 . 2012-08-13 21:41 86016 c:\windows\system32\DriverStore\infpub.dat
    + 2009-07-14 05:30 . 2012-08-13 22:25 86016 c:\windows\system32\DriverStore\infpub.dat
    + 2012-04-25 19:11 . 2012-04-25 19:11 52736 c:\windows\system32\DriverStore\FileRepository\usbaapl64.inf_amd64_neutral_509d7a31d0ee45f2\usbaapl64.sys
    + 2011-05-10 15:06 . 2011-05-10 15:06 22528 c:\windows\system32\DriverStore\FileRepository\netaapl64.inf_amd64_neutral_bf785db627c6d127\netaapl64.sys
    + 2011-08-31 06:05 . 2011-08-31 06:05 85864 c:\windows\system32\dnssd.dll
    + 2011-08-31 06:05 . 2011-08-31 06:05 96104 c:\windows\system32\dns-sd.exe
    + 2009-07-14 04:46 . 2012-08-14 03:46 78720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2011-05-27 23:47 . 2012-08-13 22:30 3378 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    + 2012-08-14 03:54 . 2012-08-14 03:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-08-13 21:56 . 2012-08-13 21:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-08-14 03:54 . 2012-08-14 03:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-08-13 21:56 . 2012-08-13 21:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-08-31 06:05 . 2011-08-31 06:05 178536 c:\windows\SysWOW64\dnssdX.dll
    - 2009-07-14 04:54 . 2012-08-13 21:43 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-08-14 03:38 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 02:36 . 2012-08-14 03:43 624162 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-08-13 21:51 624162 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-08-13 21:51 106538 c:\windows\system32\perfc009.dat
    + 2009-07-14 02:36 . 2012-08-14 03:43 106538 c:\windows\system32\perfc009.dat
    + 2009-07-14 05:30 . 2012-08-13 22:25 143360 c:\windows\system32\DriverStore\infstrng.dat
    - 2009-07-14 05:30 . 2012-08-13 21:41 143360 c:\windows\system32\DriverStore\infstrng.dat
    + 2009-07-14 05:30 . 2012-08-13 22:25 143360 c:\windows\system32\DriverStore\infstor.dat
    - 2009-07-14 05:30 . 2012-08-13 21:41 143360 c:\windows\system32\DriverStore\infstor.dat
    + 2011-08-31 06:05 . 2011-08-31 06:05 212840 c:\windows\system32\dnssdX.dll
    + 2009-07-14 05:01 . 2012-08-14 03:54 275584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2012-08-13 21:56 275584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-05-24 20:29 . 2012-05-24 20:29 236904 c:\windows\Installer\$PatchCache$\Managed\FAEB67A6F1D637247AB9AD48012A5EB6\5.2.0\OutlookChangeNotifierAddIn_x64.dll
    + 2012-05-24 20:29 . 2012-05-24 20:29 227176 c:\windows\Installer\$PatchCache$\Managed\FAEB67A6F1D637247AB9AD48012A5EB6\5.2.0\OutlookChangeNotifierAddIn.dll
    + 2012-04-25 19:11 . 2012-04-25 19:11 4547944 c:\windows\system32\DriverStore\FileRepository\usbaapl64.inf_amd64_neutral_509d7a31d0ee45f2\usbaaplrc.dll
    + 2011-04-08 21:59 . 2011-04-08 21:59 1721576 c:\windows\system32\DriverStore\FileRepository\netaapl64.inf_amd64_neutral_bf785db627c6d127\wdfcoinstaller01009.dll
    + 2009-07-14 04:45 . 2012-08-14 00:12 3802445 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    - 2009-07-14 04:45 . 2012-07-13 18:10 3802445 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2012-08-12 02:22 . 2012-08-13 22:30 3077976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2197944498-1659953468-3839740700-1005-4096.dat
    + 2012-01-15 04:17 . 2012-08-14 03:54 8001995 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2197944498-1659953468-3839740700-1003-4096.dat
    - 2012-01-15 04:17 . 2012-08-13 21:43 8001995 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2197944498-1659953468-3839740700-1003-4096.dat
    + 2012-01-15 04:17 . 2012-08-14 03:38 2212324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2197944498-1659953468-3839740700-1003-12288.dat
    - 2012-01-15 04:17 . 2012-08-13 21:43 2212324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2197944498-1659953468-3839740700-1003-12288.dat
    + 2012-04-06 00:23 . 2012-04-06 00:23 2682368 c:\windows\Installer\19c151.msi
    - 2009-07-14 02:34 . 2012-08-13 20:16 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2009-07-14 02:34 . 2012-08-14 03:52 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2012-05-25 01:34 . 2012-05-25 01:34 11071488 c:\windows\Installer\19c1af.msi
    + 2012-05-31 08:47 . 2012-05-31 08:47 20403200 c:\windows\Installer\19c0df.msi
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
    "PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056]
    R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
    R3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0;PCDSRVC{67F2314B-25F2B3C0-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\gencotst\pcdsrvc_x64.pkms [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-15 1255736]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 138752]
    S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-31 236544]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 20:31]
    .
    2012-04-30 c:\windows\Tasks\Norton Security Scan for brandon.job
    - c:\progra~2\NORTON~2\Engine\361~1.11\Nss.exe [2011-11-30 07:47]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-13 165912]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-13 387608]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-13 365592]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-20 8306208]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.7.254
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-10 - (no file)
    Wow6432Node-HKLM-Run-DATAMNGR - c:\progra~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{67F2314B-25F2B3C0-06020101}_0]
    "ImagePath"="\??\c:\gencotst\pcdsrvc_x64.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-13 21:02:48 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-14 04:02
    ComboFix2.txt 2012-08-13 22:02
    .
    Pre-Run: 261,510,615,040 bytes free
    Post-Run: 261,479,235,584 bytes free
    .
    - - End Of File - - 45F33195F79C913B1868E8D8F7979CDF

    Hijackthis log

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:07:17 PM, on 8/13/2012
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v9.00 (9.00.8112.16447)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe
    C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe
    C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe
    C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe
    C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
    C:\Users\brandon\Desktop\HijackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
    O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 6937 bytes
     
  9. Cheeseball81

    Cheeseball81 Moderator Malware Specialist

    Joined:
    Mar 3, 2004
    Messages:
    83,940
    How are things running now?
     
  10. 12FindersKeepers

    12FindersKeepers Thread Starter

    Joined:
    Apr 27, 2012
    Messages:
    84
    Fast and smooth...thank you! :)
     
  11. Cheeseball81

    Cheeseball81 Moderator Malware Specialist

    Joined:
    Mar 3, 2004
    Messages:
    83,940
    You are welcome! :)
     
  12. 12FindersKeepers

    12FindersKeepers Thread Starter

    Joined:
    Apr 27, 2012
    Messages:
    84
    Oh one last question

    how do I go about removing the programs I installed to fix it? ;) thanks so much!
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1064762