• Registrarse
  • Iniciar sesión


  • Página 3 de 3 PrimeroPrimero 123
    Resultados 21 al 26 de 26

    Tengo un win32/dorkbot.b worm, alguien me puede ayudar???

    YA LE HICE UN SCAN CON FRST A MI PC Y ME SALIO ESTO: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-10-2012 01 Ran by HP_Owner at 05-10-2012 08:21:22 Running from C:\Documents ...

    1. #21
      Usuario Avatar de JOHESA70
      Registrado
      jun 2012
      Ubicación
      BAJA CALIFORNIA
      Mensajes
      15

      Re: Tengo un win32/dorkbot.b worm, alguien me puede ayudar???

      YA LE HICE UN SCAN CON FRST A MI PC Y ME SALIO ESTO:

      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-10-2012 01
      Ran by HP_Owner at 05-10-2012 08:21:22
      Running from C:\Documents and Settings\HP_Owner\Desktop
      Service Pack 3 (X86) OS Language: English(US)
      Attention: Could not load system hive.
      Error: The process cannot access the file because it is being used by another process.
      ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


      ==================== One Month Created Files and Folders ========

      2012-10-05 08:20 - 2012-10-05 08:21 - 00000000 ____D C:\FRST
      2012-10-05 08:18 - 2012-10-05 08:18 - 00905956 ____A (Farbar) C:\Documents and Settings\HP_Owner\Desktop\FRST.exe
      2012-10-03 22:56 - 2012-10-03 22:58 - 00000000 ___SD C:\ComboFix
      2012-10-03 14:00 - 2012-10-03 14:00 - 00002129 ____A C:\Documents and Settings\HP_Owner\Desktop\FSS.txt
      2012-10-03 13:59 - 2012-10-03 13:59 - 00693265 ____A (Farbar) C:\Documents and Settings\HP_Owner\Desktop\FSS.exe
      2012-10-03 13:48 - 2012-10-03 13:48 - 00000000 ____D C:\_OTL
      2012-10-02 17:09 - 2012-10-02 17:09 - 00000000 ____D C:\Program Files\ESET
      2012-10-02 17:09 - 2012-10-02 17:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ESET
      2012-10-02 16:58 - 2011-06-25 23:45 - 00256000 ____A C:\Windows\PEV.exe
      2012-10-02 16:58 - 2010-11-07 10:20 - 00208896 ____A C:\Windows\MBR.exe
      2012-10-02 16:58 - 2009-04-19 21:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
      2012-10-02 16:58 - 2000-08-30 17:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
      2012-10-02 16:58 - 2000-08-30 17:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
      2012-10-02 16:58 - 2000-08-30 17:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
      2012-10-02 16:58 - 2000-08-30 17:00 - 00098816 ____A C:\Windows\sed.exe
      2012-10-02 16:58 - 2000-08-30 17:00 - 00080412 ____A C:\Windows\grep.exe
      2012-10-02 16:58 - 2000-08-30 17:00 - 00068096 ____A C:\Windows\zip.exe
      2012-10-02 16:51 - 2012-10-02 16:58 - 00000000 ____D C:\Qoobox
      2012-10-02 16:47 - 2012-10-03 22:55 - 04761955 ____R (Swearware) C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
      2012-09-26 16:03 - 2012-09-26 16:03 - 00000000 ____D C:\Documents and Settings\HP_Owner\Application Data\ESET
      2012-09-25 17:35 - 2012-09-26 15:34 - 00013799 ____A C:\UsbFix.txt
      2012-09-25 16:24 - 2012-09-25 16:24 - 00000000 ____D C:\Windows\erdnt
      2012-09-25 16:08 - 2012-09-26 15:36 - 00000000 ____D C:\UsbFix
      2012-09-24 21:49 - 2012-09-24 21:49 - 01271879 ____A (El Desaparecido) C:\Documents and Settings\HP_Owner\Desktop\UsbFix.exe
      2012-09-24 11:30 - 2012-09-24 11:31 - 00015197 ____A C:\Windows\KB2744842-IE8.log
      2012-09-24 00:24 - 2012-09-24 00:24 - 00000000 __HDC C:\Windows\$NtUninstallKB2736233$
      2012-09-24 00:20 - 2012-09-24 00:26 - 00007046 ____A C:\Windows\KB2736233.log
      2012-09-19 18:07 - 2012-09-23 20:01 - 00000795 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
      2012-09-19 18:07 - 2012-09-23 20:01 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
      2012-09-19 18:07 - 2012-09-07 17:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

      ==================== 3 Months Modified Files ==================

      2012-10-05 08:18 - 2012-10-05 08:18 - 00905956 ____A (Farbar) C:\Documents and Settings\HP_Owner\Desktop\FRST.exe
      2012-10-05 08:17 - 2005-01-28 02:12 - 01178271 ____A C:\Windows\WindowsUpdate.log
      2012-10-05 08:14 - 2005-01-26 13:49 - 00000159 ____A C:\Windows\wiadebug.log
      2012-10-05 08:14 - 2005-01-26 13:49 - 00000049 ____A C:\Windows\wiaservc.log
      2012-10-05 08:13 - 2012-01-07 01:54 - 00000284 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3203083456-1318358853-1980352211-1009.job
      2012-10-05 08:13 - 2011-12-21 08:10 - 00001024 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
      2012-10-05 08:13 - 2011-12-15 16:54 - 00000062 __ASH C:\Documents and Settings\HP_Owner\Local Settings\desktop.ini
      2012-10-05 08:13 - 2005-05-05 23:25 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
      2012-10-05 08:13 - 2005-05-05 23:25 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
      2012-10-05 08:13 - 2005-01-28 02:12 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
      2012-10-04 15:02 - 2011-12-15 16:54 - 00000178 ___SH C:\Documents and Settings\HP_Owner\ntuser.ini
      2012-10-04 15:02 - 2005-01-28 02:12 - 00032392 ____A C:\Windows\SchedLgU.Txt
      2012-10-04 14:46 - 2011-12-21 08:10 - 00001028 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
      2012-10-04 14:25 - 2012-06-04 10:25 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
      2012-10-04 14:23 - 2012-06-08 18:09 - 00004836 ____A C:\Windows\wmsetup.log
      2012-10-03 22:55 - 2012-10-02 16:47 - 04761955 ____R (Swearware) C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
      2012-10-03 14:00 - 2012-10-03 14:00 - 00002129 ____A C:\Documents and Settings\HP_Owner\Desktop\FSS.txt
      2012-10-03 13:59 - 2012-10-03 13:59 - 00693265 ____A (Farbar) C:\Documents and Settings\HP_Owner\Desktop\FSS.exe
      2012-10-02 17:14 - 2011-12-16 07:51 - 00125560 ____A C:\Documents and Settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2012-10-02 17:10 - 2012-06-12 16:52 - 00123096 ____A C:\Windows\setupapi.log
      2012-10-02 16:44 - 2005-01-26 21:56 - 00403920 ____A C:\Windows\System32\FNTCACHE.DAT
      2012-10-02 16:40 - 2005-01-28 02:04 - 00001158 ____A C:\Windows\System32\wpa.dbl
      2012-09-29 19:49 - 2011-12-21 08:11 - 00001824 ____A C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
      2012-09-26 15:34 - 2012-09-25 17:35 - 00013799 ____A C:\UsbFix.txt
      2012-09-25 16:25 - 2012-06-04 10:25 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
      2012-09-25 16:25 - 2011-12-21 08:10 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
      2012-09-25 16:02 - 2012-06-08 18:08 - 00000913 ____A C:\Windows\setupact.log
      2012-09-24 21:49 - 2012-09-24 21:49 - 01271879 ____A (El Desaparecido) C:\Documents and Settings\HP_Owner\Desktop\UsbFix.exe
      2012-09-24 11:31 - 2012-09-24 11:30 - 00015197 ____A C:\Windows\KB2744842-IE8.log
      2012-09-24 11:31 - 2012-06-12 16:54 - 00012581 ____A C:\Windows\updspapi.log
      2012-09-24 11:31 - 2012-06-12 16:53 - 00040113 ____A C:\Windows\tsoc.log
      2012-09-24 11:31 - 2012-06-12 16:53 - 00005814 ____A C:\Windows\ocmsn.log
      2012-09-24 11:31 - 2012-06-12 16:53 - 00005151 ____A C:\Windows\msgsocm.log
      2012-09-24 11:31 - 2012-06-12 16:53 - 00001374 ____A C:\Windows\imsins.log
      2012-09-24 11:31 - 2012-06-12 16:52 - 00104708 ____A C:\Windows\FaxSetup.log
      2012-09-24 11:31 - 2012-06-12 16:52 - 00050252 ____A C:\Windows\ocgen.log
      2012-09-24 11:31 - 2012-06-12 16:52 - 00034801 ____A C:\Windows\comsetup.log
      2012-09-24 11:31 - 2012-06-12 16:52 - 00021133 ____A C:\Windows\ntdtcsetup.log
      2012-09-24 11:31 - 2012-06-12 16:52 - 00016729 ____A C:\Windows\iis6.log
      2012-09-24 11:31 - 2011-12-18 09:35 - 62164608 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
      2012-09-24 00:26 - 2012-09-24 00:20 - 00007046 ____A C:\Windows\KB2736233.log
      2012-09-24 00:26 - 2012-06-12 16:53 - 00001374 ____A C:\Windows\imsins.BAK
      2012-09-23 20:01 - 2012-09-19 18:07 - 00000795 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
      2012-09-23 19:40 - 2012-04-03 11:28 - 00002516 __ASH C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
      2012-09-07 17:04 - 2012-09-19 18:07 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
      2012-09-01 09:31 - 2005-01-27 21:31 - 00000281 ____N C:\boot.ini
      2012-09-01 09:31 - 2005-01-26 21:53 - 00000637 ____A C:\Windows\win.ini
      2012-09-01 09:31 - 2005-01-26 13:47 - 00000227 ____A C:\Windows\system.ini
      2012-08-30 22:55 - 2012-01-06 21:01 - 00065536 ____A C:\Windows\System32\config\OAlerts.evt
      2012-08-28 20:44 - 2011-12-18 09:46 - 11111424 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\ieframe.dll
      2012-08-28 20:44 - 2009-03-08 05:39 - 11111424 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
      2012-08-28 20:24 - 2012-07-19 07:05 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
      2012-08-28 20:24 - 2012-01-10 14:04 - 00473072 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
      2012-08-28 20:10 - 2012-09-01 09:39 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
      2012-08-28 20:10 - 2012-09-01 09:39 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
      2012-08-28 20:09 - 2012-09-01 09:39 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
      2012-08-28 18:39 - 2012-07-19 07:05 - 00073728 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javacpl.cpl
      2012-08-28 08:14 - 2012-06-12 16:40 - 00521728 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\jsdbgui.dll
      2012-08-28 08:14 - 2011-12-18 09:46 - 02000384 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\iertutil.dll
      2012-08-28 08:14 - 2011-12-18 09:46 - 00743424 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\iedvtool.dll
      2012-08-28 08:14 - 2011-12-18 09:46 - 00630272 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\msfeeds.dll
      2012-08-28 08:14 - 2011-12-18 09:46 - 00247808 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\ieproxy.dll
      2012-08-28 08:14 - 2011-12-18 09:46 - 00055296 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\msfeedsbs.dll
      2012-08-28 08:14 - 2011-12-18 09:46 - 00012800 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\xpshims.dll
      2012-08-28 08:14 - 2009-03-08 05:32 - 02000384 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
      2012-08-28 08:14 - 2009-03-08 05:32 - 00630272 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
      2012-08-28 08:14 - 2009-03-08 05:31 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
      2012-08-28 08:14 - 2004-08-04 05:00 - 01469440 ____N (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
      2012-08-28 08:14 - 2004-08-04 05:00 - 01469440 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\inetcpl.cpl
      2012-08-28 08:14 - 2004-08-04 05:00 - 00611840 ____N (Microsoft Corporation) C:\Windows\System32\mstime.dll
      2012-08-28 08:14 - 2004-08-04 05:00 - 00611840 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\mstime.dll
      2012-08-28 08:14 - 2004-08-04 05:00 - 00387584 ____N (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
      2012-08-28 08:14 - 2004-08-04 05:00 - 00387584 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\iedkcs32.dll
      2012-08-28 08:14 - 2004-08-04 05:00 - 00206848 ____N (Microsoft Corporation) C:\Windows\System32\occache.dll
      2012-08-28 08:14 - 2004-08-04 05:00 - 00206848 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\occache.dll
      2012-08-28 08:14 - 2004-08-04 05:00 - 00105984 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
      2012-08-28 08:14 - 2004-08-04 05:00 - 00105984 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\url.dll
      2012-08-28 08:14 - 2004-08-04 05:00 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
      2012-08-28 08:14 - 2004-08-04 05:00 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\mshtmled.dll
      2012-08-28 08:14 - 2004-08-04 05:00 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
      2012-08-28 08:14 - 2004-08-04 05:00 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\licmgr10.dll
      2012-08-28 08:14 - 2004-08-04 05:00 - 00025600 ____N (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
      2012-08-28 08:14 - 2004-08-04 05:00 - 00025600 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\jsproxy.dll
      2012-08-28 08:14 - 2004-08-04 04:00 - 06008832 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
      2012-08-28 08:14 - 2004-08-04 04:00 - 06008832 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
      2012-08-28 08:14 - 2004-08-04 04:00 - 01212416 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\urlmon.dll
      2012-08-28 08:14 - 2004-08-04 04:00 - 01212416 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
      2012-08-28 08:14 - 2004-08-04 04:00 - 00916992 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\wininet.dll
      2012-08-28 08:14 - 2004-08-04 04:00 - 00916992 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
      2012-08-28 08:14 - 2004-08-04 04:00 - 00184320 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\iepeers.dll
      2012-08-28 08:14 - 2004-08-04 04:00 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
      2012-08-28 05:07 - 2004-08-04 05:00 - 00385024 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
      2012-08-28 05:07 - 2004-08-04 05:00 - 00174080 ____N (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
      2012-08-28 05:07 - 2004-08-04 05:00 - 00174080 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\ie4uinit.exe
      2012-08-27 15:33 - 2012-03-23 16:30 - 00002265 ____A C:\Documents and Settings\All Users\Desktop\Skype.lnk
      2012-08-20 20:26 - 2012-08-20 20:26 - 00015378 ____A C:\Windows\KB2723135.log
      2012-08-20 20:23 - 2012-08-20 20:22 - 00015444 ____A C:\Windows\KB2731847.log
      2012-08-20 20:22 - 2012-08-20 20:21 - 00017867 ____A C:\Windows\KB2722913-IE8.log
      2012-08-20 20:22 - 2012-08-20 20:14 - 00018199 ____A C:\Windows\KB2712808.log
      2012-08-20 20:22 - 2012-08-20 20:13 - 00019391 ____A C:\Windows\KB2705219.log
      2012-07-29 16:55 - 2012-03-28 12:56 - 00001516 ____A C:\Documents and Settings\All Users\Desktop\Vuze.lnk
      2012-07-21 09:08 - 2012-01-07 01:54 - 00000292 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3203083456-1318358853-1980352211-1009.job
      2012-07-17 18:51 - 2012-07-17 18:51 - 00011357 ____A C:\Windows\KB2698365.log
      2012-07-17 18:47 - 2012-07-17 18:27 - 00014277 ____A C:\Windows\KB2719985.log
      2012-07-17 18:44 - 2012-07-17 18:44 - 00008539 ____A C:\Windows\KB2718523.log
      2012-07-17 18:44 - 2012-07-17 18:28 - 00013248 ____A C:\Windows\KB2655992.log
      2012-07-17 18:44 - 2012-07-17 18:28 - 00012914 ____A C:\Windows\KB2691442.log


      ==================== Bamital & volsnap Check =================

      C:\Windows\explorer.exe => MD5 is legit
      C:\Windows\System32\winlogon.exe => MD5 is legit
      C:\Windows\System32\svchost.exe => MD5 is legit
      C:\Windows\System32\services.exe => MD5 is legit
      C:\Windows\System32\User32.dll => MD5 is legit
      C:\Windows\System32\userinit.exe => MD5 is legit
      C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

      ==================== Restore Points (XP) =====================


      ==================== Memory info ===========================

      Percentage of memory in use: 24%
      Total physical RAM: 2039.48 MB
      Available physical RAM: 1539.01 MB
      Total Pagefile: 5389.48 MB
      Available Pagefile: 5084.45 MB
      Total Virtual: 2047.88 MB
      Available Virtual: 1994.93 MB

      ==================== Partitions =============================

      1 Drive c: (HP_PAVILION) (Fixed) (Total:142.08 GB) (Free:89.75 GB) NTFS ==>[Drive with boot components (Windows XP)]
      2 Drive d: (HP_RECOVERY) (Fixed) (Total:6.96 GB) (Free:1.25 GB) FAT32 ==>[Drive with boot components (Windows XP)]

      Disk ### Status Size Free Dyn Gpt
      -------- ---------- ------- ------- --- ---
      Disk 0 Online 149 GB 0 B

      Partitions of Disk 0:
      ===============

      Partition ### Type Size Offset
      ------------- ---------------- ------- -------
      Partition 1 Primary 7139 MB 32 KB
      Partition 2 Primary 142 GB 7139 MB
      =========================================================

      Disk: 0
      Partition 1
      Type : 0C
      Hidden: No
      Active: No

      Volume ### Ltr Label Fs Type Size Status Info
      ---------- --- ----------- ----- ---------- ------- --------- --------
      * Volume 2 D HP_RECOVERY FAT32 Partition 7139 MB Healthy
      =========================================================

      Disk: 0
      Partition 2
      Type : 07
      Hidden: No
      Active: Yes

      Volume ### Ltr Label Fs Type Size Status Info
      ---------- --- ----------- ----- ---------- ------- --------- --------
      * Volume 3 C HP_PAVILION NTFS Partition 142 GB Healthy System (partition with boot components)
      =========================================================
      ==================== End Of Log ============================

      QUE ES LO QUE SIGUE???, GRACIAS Y SALUDOS!!!

    2. #22
      Moderador Gral.
      Avatar de @Javier_HF
      Registrado
      jun 2006
      Ubicación
      Spain.
      Mensajes
      21.704

      Re: Tengo un win32/dorkbot.b worm, alguien me puede ayudar???

      Buenas JOHESA70, por indicación de la compañera Sanmar.

      Vas a realizar estos pasos :

      Descarga el archivo adjunto a esta respuesta que se llama Cuatro_Ficheros.zip en tu escritorio.

      Extrae su contenido, te quedara en el escritorio una carpeta llamada Cuatro_Ficheros.

      Copia esa carpeta en la raíz del disco C: con lo que tendrás una carpeta en el disco de esta manera "C:\Cuatro_Ficheros."

      A continuación descarga >> BlitzBlank en el Escritorio.

      Con todos los programas cerrados, y para ejecutarlo, haces doble clic sobre BlitzBlank.exe.

      Se abrirá una ventana/mensaje, advirtiendo de lo poderosa que es la Herramienta, debes pulsar en "Aceptar".

      En la ventana/pestaña Script, copia y pega el contenido del siguiente texto (Se excluye la palabra código).

      Código:
      CopyFile: 
          c:\windows\system32\drivers\afd.sys c:\cuatro_ficheros\viejos\afd.sys
          c:\windows\system32\drivers\ipsec.sys c:\cuatro_ficheros\viejos\ipsec.sys
          c:\windows\system32\drivers\netbt.sys c:\cuatro_ficheros\viejos\netbt.sys
          c:\windows\system32\drivers\tcpip.sys c:\cuatro_ficheros\viejos\tcpip.sys
          c:\cuatro_ficheros\afd.sys c:\windows\system32\drivers\afd.sys
          c:\cuatro_ficheros\ipsec.sys c:\windows\system32\drivers\ipsec.sys
          c:\cuatro_ficheros\netbt.sys c:\windows\system32\drivers\netbt.sys
          c:\cuatro_ficheros\tcpip.sys c:\windows\system32\drivers\tcpip.sys
      Execute: 
          "ipconfig /flushdns"
          "ipconfig /renew"
          "shutdown -r -t 00"
      Presionar en >> "Execute Now", el programa solicitará Reiniciar, presionar en "Aceptar".

      Tardará unos minutos, y justo antes del reinicio de Windows, verás la herramienta trabajando.

      Cuando inicie Windows, y después de poner tu contraseña (en caso de que tuvieras que hacerlo), veras que Windows se cierra de nuevo y se Reinicia, esto es normal.

      Cuando inicie de nuevo Windows normalmente, debes buscar el reporte que se encuentra en C:\BlitzBlank.log y lo pegas en tu próxima respuesta.

      Después de pasar la herramienta, vuelve a pasar ComboFix siguiendo las indicaciones que te puso SanMar en el post #12

      Y también nos comentas como funciona ahora el proceso de ComboFix y si funciona pones el informe.

      Saludos, Javier.

      Última edición por @Javier_HF fecha: 10/10/12 a las 06:55:40 Razón: Retirar fiichero adjunto.
      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #23
      Usuario Avatar de JOHESA70
      Registrado
      jun 2012
      Ubicación
      BAJA CALIFORNIA
      Mensajes
      15

      Re: Tengo un win32/dorkbot.b worm, alguien me puede ayudar???

      HOLA JAVIER!!!, YA REALICE EL PROCEDIMIENTO COMO ME INDICASTE Y ESTE ES EL LOG QUE ARROJO:


      BlitzBlank 1.0.0.32

      File/Registry Modification Engine native application
      CopyFileOnReboot: sourceFile = "\??\c:\windows\system32\drivers\afd.sys", destinationFile = "\??\c:\cuatro_ficheros\viejos\afd.sys"CopyFileOnReboot: sourceFile = "\??\c:\windows\system32\drivers\ipsec.sys", destinationFile = "\??\c:\cuatro_ficheros\viejos\ipsec.sys"CopyFileOnReboot: sourceFile = "\??\c:\windows\system32\drivers\netbt.sys", destinationFile = "\??\c:\cuatro_ficheros\viejos\netbt.sys"CopyFileOnReboot: sourceFile = "\??\c:\windows\system32\drivers\tcpip.sys", destinationFile = "\??\c:\cuatro_ficheros\viejos\tcpip.sys"CopyFileOnReboot: sourceFile = "\??\c:\cuatro_ficheros\afd.sys", destinationFile = "\??\c:\windows\system32\drivers\afd.sys"CopyFileOnReboot: sourceFile = "\??\c:\cuatro_ficheros\ipsec.sys", destinationFile = "\??\c:\windows\system32\drivers\ipsec.sys"CopyFileOnReboot: sourceFile = "\??\c:\cuatro_ficheros\netbt.sys", destinationFile = "\??\c:\windows\system32\drivers\netbt.sys"CopyFileOnReboot: sourceFile = "\??\c:\cuatro_ficheros\tcpip.sys", destinationFile = "\??\c:\windows\system32\drivers\tcpip.sys"LaunchOnReboot: launchName = "ipconfig /flushdns", commandLine = "ipconfig /flushdns"
      LaunchOnReboot: launchName = "ipconfig /renew", commandLine = "ipconfig /renew"
      LaunchOnReboot: launchName = "shutdown -r -t 00", commandLine = "shutdown -r -t 00"

      DESPUES CORRI EL CF COMO ME INDICO SANMAR Y ME SIGUE SALIENDO EL MISMO MENSAJE QUE COPIE EN EL POST 13!!!

      BENDICIONES Y SALUDOS!!!

    4. #24
      Moderador Gral.
      Avatar de @Javier_HF
      Registrado
      jun 2006
      Ubicación
      Spain.
      Mensajes
      21.704

      Re: Tengo un win32/dorkbot.b worm, alguien me puede ayudar???

      Realiza estos pasos :

      Desinstala todas la versiones que tengas de Java >> Manual de JavaRa.

      Descarga y ejecuta >> Ccleaner.

      • Usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.
      • Después usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).


      Ejecuta un análisis con ESET Online, al finalizar guardas el informe.

      Reinicia tu PC, y a continuación sigues con este paso :

      Descarga >> AT-Destroyer (Adwares/Toolbars-Destroyer) by @Infospyware.
      • Desactiva temporalmente el Antivirus y/o Antispyware.
      • Ejecuta AT-Destroyer. (Si usas Windows Vista o 7 Presiona clic derecho y selecciona "Ejecutar como Administrador.")
      • Aparecerá el Disclaimer, si estás de acuerdo, presiona SI para continuar.
      • Presiona sobre la opción 1 (Buscar y Destruir) para comenzar es escaneo.
      • AT-Destroyer desconectará el escritorio momentáneamente.
      • En caso de estar infectado, AT-Destroyer lo indicará con lineas rojas donde se haya encontrado la infección, sino, serán lineas verdes.
      • Una vez terminado el escaneo, podrás volver a ver el escritorio y se te abrirá un reporte, que deberás copiar en tu próxima respuesta comentando cómo funciona el sistema.(También lo puedes encontrar en C:\AT-Destroyer.log)
      • Inmediatamente debes Reiniciar el equipo.


      En tu próxima respuesta recuerda, ponernos los informes de Eset Online y AT-Destroyer.

      Saludos, Javier.
      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #25
      Usuario Avatar de JOHESA70
      Registrado
      jun 2012
      Ubicación
      BAJA CALIFORNIA
      Mensajes
      15

      Re: Tengo un win32/dorkbot.b worm, alguien me puede ayudar???

      HOLA OTRA VEZ!!!, ESPERO ESTES BIEN JAVIER, EJECUTE TODO LO QUE ME ACONSEJASTE ANTES Y ESTE ES EL LOG DE AT-DESTROYER:

      #################################################### A/T-Destroyer by InfoSpyware ############

      A/T-Destroyer 1.0.7 By Infospyware
      www.infospyware.com
      Fecha iniciada en el analisis Thu 10/11/2012
      Hora iniciada en el analisis 13:15:14.48
      Usuario Actual : [C:\Documents and Settings\HP_Owner]
      Sistema Operativo: Windows XP
      Service pack: 2
      Arquitectura: Sistema operativo de 32 bits
      Versión Internet Explorer: 8.0.6001.18702
      Modo Actual: Modo Normal.
      Privilegios: [HP_Owner-Administrador]
      Versión Google Chrome:
      Versión Mozilla Firefox:

      ====== Servicios Eliminados By A/T-Destroyer ======




      ====== Claves Eliminadas By A/T-Destroyer ======




      ====== Archivos/Carpetas Eliminados By A/T-Destroyer ======


      C:\Program Files\Windows searchqu Toolbar\Datamngr
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\as_guid.dat
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\components
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\manifest.xml
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\searchquband.dll
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\uninstall.exe
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\uninstallTB.exe
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\data
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\template.xml
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\imeshcode.js
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\tb_icon.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.js
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.xml
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget_version
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ca.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\divider.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\games.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\images.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\mail.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\music.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\news.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\settings.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\translate.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\weather.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\web.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search-go.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
      C:\Program Files\Windows searchqu Toolbar\Datamngr\ToolBar\components\windowmediator.js
      "C:\Program Files\Windows searchqu Toolbar"
      C:\Program Files\SearchCore for Browsers\SearchCore for Browsers
      C:\Program Files\SearchCore for Browsers\sysid.ini
      C:\Program Files\SearchCore for Browsers\uninstall.exe
      C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll
      C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\DnsBHO.dll
      "C:\Program Files\SearchCore for Browsers"
      C:\Documents and Settings\HP_Owner\Application Data\searchqutoolbar\dtx.ini
      C:\Documents and Settings\HP_Owner\Application Data\searchqutoolbar\geodata.xml
      C:\Documents and Settings\HP_Owner\Application Data\searchqutoolbar\geoip.xml
      C:\Documents and Settings\HP_Owner\Application Data\searchqutoolbar\guid.dat
      C:\Documents and Settings\HP_Owner\Application Data\searchqutoolbar\log.txt
      C:\Documents and Settings\HP_Owner\Application Data\searchqutoolbar\preferences.dat
      C:\Documents and Settings\HP_Owner\Application Data\searchqutoolbar\stats.dat
      C:\Documents and Settings\HP_Owner\Application Data\searchqutoolbar\uninstallIE.dat
      C:\Documents and Settings\HP_Owner\Application Data\searchqutoolbar\version.xml
      C:\Documents and Settings\HP_Owner\Application Data\searchqutoolbar\weather
      C:\Documents and Settings\HP_Owner\Application Data\searchqutoolbar\weatherbutton_prefs.xml
      C:\Documents and Settings\HP_Owner\Application Data\searchqutoolbar\weather\29dcc30c46c4a16ee5aa734a33f534e4
      C:\Documents and Settings\HP_Owner\Application Data\searchqutoolbar\weather\b7974346827291993f35920e4c828c59
      C:\Documents and Settings\HP_Owner\Application Data\searchqutoolbar\weather\ea6a84e2beaf4d6ac5f77713d6f0c8c0
      C:\Documents and Settings\HP_Owner\Application Data\searchqutoolbar\weather\forecasts_cache.xml
      C:\Documents and Settings\HP_Owner\Application Data\searchqutoolbar\weather\observations_cache.xml
      "C:\Documents and Settings\HP_Owner\Application Data\searchqutoolbar"
      "C:\Documents and Settings\HP_Owner\Application Data\searchquband"
      C:\codec-info\codec_info.html
      "C:\codec-info"
      C:\Documents and Settings\HP_Owner\Application Data\PriceGong\Data
      C:\Documents and Settings\HP_Owner\Application Data\PriceGong\Data\1.txt
      C:\Documents and Settings\HP_Owner\Application Data\PriceGong\Data\4489.txt
      C:\Documents and Settings\HP_Owner\Application Data\PriceGong\Data\a.txt
      C:\Documents and Settings\HP_Owner\Application Data\PriceGong\Data\b.txt
      C:\Documents and Settings\HP_Owner\Application Data\PriceGong\Data\c.txt
      C:\Documents and Settings\HP_Owner\Application Data\PriceGong\Data\d.txt
      C:\Documents and Settings\HP_Owner\Application Data\PriceGong\Data\e.txt
      C:\Documents and Settings\HP_Owner\Application Data\PriceGong\Data\f.txt
      C:\Documents and Settings\HP_Owner\Application Data\PriceGong\Data\g.txt
      C:\Documents and Settings\HP_Owner\Application Data\PriceGong\Data\h.txt
      C:\Documents and Settings\HP_Owner\Application Data\PriceGong\Data\i.txt
      C:\Documents and Settings\HP_Owner\Application Data\PriceGong\Data\j.txt
      C:\Documents and Settings\HP_Owner\Application Data\PriceGong\Data\k.txt
      C:\Documents and Settings\HP_Owner\Application Data\PriceGong\Data\l.txt
      C:\Documents and Settings\HP_Owner\Application Data\PriceGong\Data\m.txt
      C:\Documents and Settings\HP_Owner\Application Data\PriceGong\Data\mru.xml
      C:\Documents and Settings\HP_Owner\Application Data\PriceGong\Data\n.txt
      C:\Documents and Settings\HP_Owner\Application Data\PriceGong\Data\o.txt
      C:\Documents and Settings\HP_Owner\Application Data\PriceGong\Data\p.txt
      C:\Documents and Settings\HP_Owner\Application Data\PriceGong\Data\q.txt
      C:\Documents and Settings\HP_Owner\Application Data\PriceGong\Data\r.txt
      C:\Documents and Settings\HP_Owner\Application Data\PriceGong\Data\s.txt
      C:\Documents and Settings\HP_Owner\Application Data\PriceGong\Data\t.txt
      C:\Documents and Settings\HP_Owner\Application Data\PriceGong\Data\u.txt
      C:\Documents and Settings\HP_Owner\Application Data\PriceGong\Data\v.txt
      C:\Documents and Settings\HP_Owner\Application Data\PriceGong\Data\w.txt
      C:\Documents and Settings\HP_Owner\Application Data\PriceGong\Data\wlu.txt
      C:\Documents and Settings\HP_Owner\Application Data\PriceGong\Data\x.txt
      C:\Documents and Settings\HP_Owner\Application Data\PriceGong\Data\y.txt
      C:\Documents and Settings\HP_Owner\Application Data\PriceGong\Data\z.txt
      "C:\Documents and Settings\HP_Owner\Application Data\PriceGong"
      C:\Program Files\Conduit\Community Alerts
      C:\Program Files\Conduit\Community Alerts\Alert.dll
      "C:\Program Files\Conduit"
      C:\Documents and Settings\HP_Owner\WINDOWS\system
      "C:\Documents and Settings\HP_Owner\WINDOWS"


      ====== Información Extra ======


      -_-_-_-_-_-_-_-_ Configuraciones de internet Explorer -_-_-_-_-_-_-_-_
      "HKCU\Software\Microsoft\Internet Explorer\Main"
      -
      Start Page == http://www.google.com
      -
      Search Page == http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
      -
      Local Page == C:\WINDOWS\system32\blank.htm
      -
      Default_Search_URL == http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
      -
      Default_Page_URL == http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop

      "HKLM\Software\Microsoft\Internet Explorer\Main"
      -
      Start Page == http://www.google.com
      -
      Search Page == http://go.microsoft.com/fwlink/?LinkId=54896
      -
      Local Page == C:\WINDOWS\system32\blank.htm
      -
      Default_Search_URL == http://go.microsoft.com/fwlink/?LinkId=54896
      -
      Default_Page_URL == http://go.microsoft.com/fwlink/?LinkId=69157


      "HKEY_USERS\S-1-5-21-2342909119-2949819624-1996319450-1009\Software\Microsoft\Internet Explorer\Main"
      -
      Start Page == http://www.google.com
      -
      Search Page == http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
      -
      Local Page == C:\WINDOWS\system32\blank.htm
      -
      Default_Search_URL == http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
      -
      Default_Page_URL == http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop








      ======= EOF =======


      ESET ONLINE NO DETECTO NADA Y NO ARROJO LOG (ES ESTO CORRECTO???),

      SALUDOS!!!

    6. #26
      Moderador Gral.
      Avatar de @Javier_HF
      Registrado
      jun 2006
      Ubicación
      Spain.
      Mensajes
      21.704

      Re: Tengo un win32/dorkbot.b worm, alguien me puede ayudar???

      Cita Originalmente publicado por JOHESA70 Ver Mensaje
      ESET ONLINE NO DETECTO NADA Y NO ARROJO LOG (ES ESTO CORRECTO???),
      Si no detecta nada efectivamente no sale el log.

      Sistema Operativo: Windows XP
      Service pack: 2
      Arquitectura: Sistema operativo de 32 bits
      Versión Internet Explorer: 8.0.6001.18702
      Lo primero que debes hacer es actualizar tu windows, TODAVÍA TIENES el service pack 2, y hace muchooooooo tiempo que ya existe el service pack 3, esta situación es muy grave, ya que estas totalmente desprotegido por los muchos fallos de seguridad que tiene tu sistema operativo.

      Revisa desde windows update o descarga el SP3 desde aquí >> Download - Windows XP Service Pack 3 - Microsoft Download Center

      Cuando termines ya nos dices como ha ido.

      Saludos.
      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    Página 3 de 3 PrimeroPrimero 123