• Registrarse
  • Iniciar sesión


  • Página 1 de 2 12 ÚltimoÚltimo
    Resultados 1 al 10 de 13

    virus hj9ol0.exe

    Hola. Tengo un problema en el PC desde hace un par de meses que me apareció el famoso virus de la página web de la polícia y los 100€. Entonces elimine el virus sin problema, ...

    1. #1
      Usuario Avatar de dsclink
      Registrado
      nov 2006
      Ubicación
      España
      Mensajes
      8

      Molesto virus hj9ol0.exe

      Hola. Tengo un problema en el PC desde hace un par de meses que me apareció el famoso virus de la página web de la polícia y los 100€. Entonces elimine el virus sin problema, pero hace como 2 semanas mi ordenador se quedó con la pantalla completamente en negro. Inicie el ordenador en modo a prueba de fallos y pasé mi antivirus y me detecto varias amenazas, que creo elimine, pero ahora cuando inicio el PC me sale un Rundll error que dice "Error al cargar C:\users\appData\Local\temp\hj9ol0.exe, y me da continuamente un mensje de servidor ocupado.

      Podéis echarme una mano para deshacerme del virus?

      Muchas gracias

      David

    2. #2
      Moderador Gral.
      Avatar de @Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      58.637

      Re: virus hj9ol0.exe

      Hola dsclink





      Descargá e instalá la herramienta CCleaner según Su manual.


      Con esta Herramienta vas a realizar las siguientes acciones:



      ° Vas a Su Pestaña Limpiador, presionas Analizar, esperá a que lo haga completamente y luego pulsas Ejecutar El Limpiador, para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.



      ------------------------------------------------
      ------------------------------------------------


      Vas a Su pestaña Registro y Pulsas Buscar Problemas, esperá a que termine y luego Pulsas Reparar Seleccionados, para limpiar todo el registro de Windows.



      ------------------------------------------------
      ------------------------------------------------



      ° Vas a Su pestaña Herramientas (Círculo Rojo) y pulsas el Boton Inicio (Óvalo Verde).

      Se abrirá el cuadro donde figuran las aplicaciones que están iniciando junto a Windows.

      Vas a la parte inferior derecha y pulsas el botón Guardar en un archivo de texto (Flecha Roja).





      Se abrirá un nuevo cuadro, donde te muestra que, por defecto, ese archivo se llamará Startup (Flecha Roja). Elegí como destino el Escritorio (Óvalo verde) para guardarlo y presionas el botón Guardar (Rectángulo Rojo).




      Listo. Cerras CCleaner, vas a Tu escritorio, abris ese reporte, seleccionas todo y lo copias y pegas en Tu próxima respuesta.





      Saludos
      Síguenos en Twitter y hazte nuestro amigo en Facebook.

    3. #3
      Usuario Avatar de dsclink
      Registrado
      nov 2006
      Ubicación
      España
      Mensajes
      8

      Re: virus hj9ol0.exe

      Este es el fichero. Lo he tenido que ejecutar en modo a prueba de fallos porque al reiniciar el PC me da pantalla negra y no puedo hacer nada.

      Si HKCU:Run eMuleAutoStart eMule-Project.net - Official eMule Homepage. Downloads, Help, Docu, News... C:\Program Files\eMule\emule.exe -AutoStart
      Si HKCU:Run KiesPDLR Samsung Electronics CO., LTD. C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
      Si HKCU:Run KiesPreload Samsung C:\Program Files\Samsung\Kies\Kies.exe /preload
      Si HKCU:Run Skype Skype Technologies S.A. "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
      Si HKLM:Run Adobe Reader Speed Launcher Adobe Systems Incorporated "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      Si HKLM:Run Apoint Alps Electric Co., Ltd. C:\Program Files\Apoint\Apoint.exe
      Si HKLM:Run AppleSyncNotifier Apple Inc. C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
      Si HKLM:Run APSDaemon Apple Inc. "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      Si HKLM:Run AVG_UI AVG Technologies CZ, s.r.o. "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
      Si HKLM:Run DATAMNGR Bandoo Media, inc C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE
      Si HKLM:Run ISBMgr.exe Sony Corporation "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
      Si HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
      Si HKLM:Run KiesTrayAgent Samsung Electronics Co., Ltd. C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
      Si HKLM:Run LogMeIn GUI LogMeIn, Inc. "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
      Si HKLM:Run McAfeeUpdaterUI McAfee, Inc. "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
      Si HKLM:Run NvCplDaemon Microsoft Corporation RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      Si HKLM:Run NvMediaCenter Microsoft Corporation RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      Si HKLM:Run NvSvc Microsoft Corporation RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
      Si HKLM:Run QuickTime Task Apple Inc. "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      Si HKLM:Run ShStatEXE McAfee, Inc. "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
      Si HKLM:Run SunJavaUpdateSched Sun Microsystems, Inc. "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      Si HKLM:Run Telefonica Al "C:\Program Files\Telefonica\bin\StartCmd.exe"
      Si HKLM:Run Windows Defender Microsoft Corporation %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      Si HKLM:Run {599DCDF8-00AF-4422-A396-BE87EFF20F3E} F:\AT\asistente.exe C:\Users\ROBERT~1\AppData\Local\Temp\GLFE86D.tmp\settings.ini
      Si Startup Common BTTray.lnk Broadcom Corporation. C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      Si Startup User Dropbox.lnk Dropbox, Inc. C:\Users\Roberto Salamanca\AppData\Roaming\Dropbox\bin\Dropbox.exe
      Si Startup User hj8ol0.exe.lnk Microsoft Corporation C:\Windows\System32\rundll32.exe

    4. #4
      Moderador Gral.
      Avatar de @Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      58.637

      Re: virus hj9ol0.exe

      Hola de nuevo


      Ejecutá nuevamente CCleaner. Vas a Su pestaña Herramientas -- Inicio y desde ahí, vas a eliminar, de a una a la vez, las siguientes entradas:

      (Para eliminar una entrada, haces un clic sobre ella, y pulsas el botón Borrar Entrada)




      Si HKCU:Run eMuleAutoStart eMule-Project.net - Official eMule Homepage. Downloads, Help, Docu, News... C:\Program Files\eMule\emule.exe -AutoStart
      Si HKCU:Run KiesPDLR Samsung Electronics CO., LTD. C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
      Si HKCU:Run KiesPreload Samsung C:\Program Files\Samsung\Kies\Kies.exe /preload
      Si HKCU:Run Skype Skype Technologies S.A. "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
      Si HKLM:Run Adobe Reader Speed Launcher Adobe Systems Incorporated "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      Si HKLM:Run Apoint Alps Electric Co., Ltd. C:\Program Files\Apoint\Apoint.exe
      Si HKLM:Run AppleSyncNotifier Apple Inc. C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
      Si HKLM:Run APSDaemon Apple Inc. "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"


      Si HKLM:Run DATAMNGR Bandoo Media, inc C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE
      Si HKLM:Run ISBMgr.exe Sony Corporation "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
      Si HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
      Si HKLM:Run KiesTrayAgent Samsung Electronics Co., Ltd. C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
      Si HKLM:Run LogMeIn GUI LogMeIn, Inc. "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

      Si HKLM:Run NvCplDaemon Microsoft Corporation RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      Si HKLM:Run NvMediaCenter Microsoft Corporation RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      Si HKLM:Run NvSvc Microsoft Corporation RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
      Si HKLM:Run QuickTime Task Apple Inc. "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      Si HKLM:Run ShStatEXE McAfee, Inc. "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
      Si HKLM:Run SunJavaUpdateSched Sun Microsystems, Inc. "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      Si HKLM:Run Telefonica Al "C:\Program Files\Telefonica\bin\StartCmd.exe"
      Si HKLM:Run Windows Defender Microsoft Corporation %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      Si HKLM:Run {599DCDF8-00AF-4422-A396-BE87EFF20F3E} F:\AT\asistente.exe C:\Users\ROBERT~1\AppData\Local\Temp\GLFE86D.tmp\settings.ini
      Si Startup Common BTTray.lnk Broadcom Corporation. C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      Si Startup User Dropbox.lnk Dropbox, Inc. C:\Users\Roberto Salamanca\AppData\Roaming\Dropbox\bin\Dropbox.exe
      Si Startup User hj8ol0.exe.lnk Microsoft Corporation C:\Windows\System32\rundll32.exe



      Terminado esto, usas nuevamente las opciones Limpiador y Registro de CCleaner.


      Desinstalá completamente Tu antivirus AVG. Utiliza la Herramienta Específica de Desinstalación para ello.

      NOTA: No descargues nada ni instales nada que no te solicitemos, puesto que estaras momentaneamente SIN antivirus y podrias entorpecer el trabajo de limpieza.



      Descargá la herramienta ComboFix.exe a Tu escritorio.

      • Desactivá temporalmente el Antivirus y/o Antispyware. Cómo deshabilitar temporalmente su Antivirus
      • Cerrá todas las ventanas abiertas.
      • Hacá doble clic en el archivo ComboFix.exe y seguí las instrucciones.
      • Cuando termine, generará un registro en C:\ComboFix.txt.




      Notas Importantes:

      • Mientras CF este trabajando, no debes mover el mouse ya que pararía su proceso.
      • ComboFix Puede Reiniciar automáticamente el PC para completar el proceso de eliminación.
      • No Pongas los Reportes Dentro de Etiquetas Code ni HTML.




      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.


      El reporte generado, se encuentra en C:\ComboFix.txt . Abrilo, seleccionas Todo y lo copias y pegas en Tu próxima respuesta.



      Nos comentas como va el ordenador ahora.


      Saludos
      Síguenos en Twitter y hazte nuestro amigo en Facebook.

    5. #5
      Usuario Avatar de dsclink
      Registrado
      nov 2006
      Ubicación
      España
      Mensajes
      8

      Re: virus hj9ol0.exe

      Hola Leosolari y perdón por no haber contestado a tu último mail pero me estoy encontrando con algún que otro problemilla.

      Como te dije, no puedo reainiciar el ordenador en modo normal porque me da un pantallazo negro que no soy capaz de evitar. Por tanto todo lo tengo que hacer en modo a prueba de fallos. Y ahí creo que está mi problema. Al seguir tus pasos y desinstalar el AVG el sistema me dice que para que los cambios tengan efecto debo reiniciar el PC, pero como no lo puedo reiniciar en modo normal, el Combofix sigue detectando el AVG porque me temo que la desinstalación no está completeada debido al no reinicio en modo normal. El programa me da el warning de que hay un antivirus activo, que es el AVG, y no me he atrevido a seguir, pero ahora la situación es que en modo normal no puedo hacer nada, y en modo a prueba de fallo me sigue detectando el antivirus, con lo que la única solución que veo posible es tirar por la calle del medio y ejecutar el combofix caiga quien caiga. En cualquier caso y como el los comentarios del programa se indica que no se utilize sin la indicación de un experto quería ver si me podías guiar e indicar si esta es la mejor o única solución.

      Gracias

      David

    6. #6
      Moderador Gral.
      Avatar de @Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      58.637

      Re: virus hj9ol0.exe

      Hola


      Hacé igual el procedimiento con ComboFix, aunque aún te detecte al AVG como instalado ...
      Síguenos en Twitter y hazte nuestro amigo en Facebook.

    7. #7
      Usuario Avatar de dsclink
      Registrado
      nov 2006
      Ubicación
      España
      Mensajes
      8

      Re: virus hj9ol0.exe

      Leosolari;

      Aquí está el reporte. La verdad es que la situación del PC no ha mejorado nada.


      ComboFix 12-11-14.01 - Roberto Salamanca 14/11/2012 18:46:49.1.2 - x86 NETWORK
      Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.34.3082.18.2046.1579 [GMT 1:00]
      Running from: c:\users\Roberto Salamanca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLID23UM\ComboFix.exe
      AV: AVG Anti-Virus 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
      SP: AVG Anti-Virus 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\programdata\0tbpw.pad
      c:\windows\system32\muzapp.exe
      G:\Autorun.inf
      .
      Infected copy of c:\windows\system32\ntdll.dll was found and disinfected
      Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!ntdll.dll
      .
      .
      ((((((((((((((((((((((((( Files Created from 2012-10-14 to 2012-11-14 )))))))))))))))))))))))))))))))
      .
      .
      2012-11-14 17:56 . 2012-11-14 18:05 -------- d-----w- c:\users\Roberto Salamanca\AppData\Local\temp
      2012-11-14 17:56 . 2012-11-14 17:56 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
      2012-11-14 17:56 . 2012-11-14 17:56 -------- d-----w- c:\users\Default\AppData\Local\temp
      2012-11-06 17:27 . 2012-11-06 17:27 -------- d-----w- c:\program files\CCleaner
      2012-11-04 09:31 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll
      2012-11-04 09:31 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
      2012-11-04 09:31 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
      2012-11-04 09:30 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll
      2012-11-04 09:30 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll
      2012-11-04 09:29 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
      2012-11-04 09:29 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
      2012-11-04 09:10 . 2012-11-04 09:10 711240 ----a-w- c:\windows\is-3C9G4.exe
      2012-11-03 16:12 . 2012-11-03 16:12 -------- d-----w- c:\users\Roberto Salamanca\AppData\Roaming\TuneUp Software
      2012-11-03 16:06 . 2012-11-03 16:06 -------- d-----w- C:\$AVG
      2012-11-03 15:51 . 2012-11-03 15:51 -------- d--h--w- c:\programdata\Common Files
      2012-11-03 13:12 . 2012-10-17 01:32 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{890382B7-32AE-4B03-8350-ED1465A8B335}\mpengine.dll
      2012-11-01 21:37 . 2012-11-01 21:38 -------- d-----w- c:\program files\GUMF121.tmp
      2012-11-01 21:37 . 2012-11-01 21:37 4096000 ----a-w- c:\program files\GUTF122.tmp
      2012-11-01 19:31 . 2012-11-04 02:31 -------- d-----w- c:\programdata\AVAST Software
      2012-11-01 19:31 . 2012-11-01 19:31 -------- d-----w- c:\program files\AVAST Software
      2012-11-01 12:20 . 2009-06-30 09:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
      2012-11-01 12:20 . 2012-11-01 12:20 -------- d-----w- c:\program files\Panda Security
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-09-29 18:54 . 2012-08-31 20:48 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
      2012-08-31 21:31 . 2012-08-31 21:34 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
      2012-08-31 21:31 . 2011-10-10 19:10 473072 ----a-w- c:\windows\system32\deployJava1.dll
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
      @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
      2011-02-18 05:12 94208 ----a-w- c:\users\Roberto Salamanca\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
      @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
      2011-02-18 05:12 94208 ----a-w- c:\users\Roberto Salamanca\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
      @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
      2011-02-18 05:12 94208 ----a-w- c:\users\Roberto Salamanca\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2008-07-17 136512]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
      "GrpConv"="grpconv -o" [X]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableUIADesktopToggle"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
      2007-07-12 06:33 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=c:\progra~1\SEARCH~1\Datamngr\datamngr.dll c:\progra~1\SEARCH~1\Datamngr\IEBHO.dll
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
      @="Service"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      bthsvcs REG_MULTI_SZ BthServ
      LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cdb87a8f85ff59.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2012-11-01 19:32]
      .
      2012-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2012-11-01 19:32]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.google.es/
      uInternet Settings,ProxyOverride = *.local
      IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
      IE: Enviar imagen al dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
      IE: Enviar página al dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
      TCP: DhcpNameServer = 192.168.1.1
      FF - ProfilePath - c:\users\Roberto Salamanca\AppData\Roaming\Mozilla\Firefox\Profiles\3yw9p8u5.default\
      FF - prefs.js: browser.search.selectedEngine - Search Results
      FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406
      FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=161&systemid=406&sr=0&q=
      FF - prefs.js: network.proxy.type - 0
      FF - ExtSQL: !HIDDEN! 2011-03-17 03:02; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
      .
      - - - - ORPHANS REMOVED - - - -
      .
      Toolbar-10 - (no file)
      HKLM-RunOnce-<NO NAME> - (no file)
      AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
      AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
      AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
      AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
      AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
      AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
      AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
      AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
      AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
      AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
      AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
      AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
      AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
      AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
      AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
      AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
      AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
      AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
      .
      .
      .
      **************************************************************************
      .
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2012-11-14 19:07
      Windows 6.0.6002 Service Pack 2 NTFS
      .
      scanning hidden processes ...
      .
      scanning hidden autostart entries ...
      .
      scanning hidden files ...
      .
      scan completed successfully
      hidden files: 0
      .
      **************************************************************************
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      "MSCurrentCountry"=dword:000000a0
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------
      .
      - - - - - - - > 'Explorer.exe'(1716)
      c:\users\Roberto Salamanca\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      c:\windows\system32\btncopy.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\windows\helppane.exe
      .
      **************************************************************************
      .
      Completion time: 2012-11-14 1954 - machine was rebooted
      ComboFix-quarantined-files.txt 2012-11-14 18:10
      .
      Pre-Run: 106.195.274.752 bytes libres
      Post-Run: 106.144.022.528 bytes libres
      .
      - - End Of File - - F3C97C15155538438F726030ED4EE7D5

    8. #8
      Moderador Gral.
      Avatar de @Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      58.637

      Re: virus hj9ol0.exe

      Hola de nuevo


      Realiza lo siguiente :

      • Clic en INICIO > EJECUTAR >
        • Y ahí pones notepad.exe y ACEPTAR
        • Ahora copia y pega el texto del cuadro de mas abajo dentro del Notepad


      Código:
      KillAll::
      ClearJavaCache::
      Firefox::
      FF - ProfilePath - c:\users\Roberto Salamanca\AppData\Roaming\Mozilla\Firefox\Profiles\3yw9p8u5.default\
      FF - prefs.js: browser.search.selectedEngine - Search Results
      FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406
      Folder::
      c:\progra~1\SEARCH~1\Datamngr
      Registry::
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
      "GrpConv"=-
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=-


      • Guarda este archivo con el nombre CFScript.txt
      • Arrastra y suelta el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra el screenshot de abajo.



      • ComboFix comenzará otra vez a ejecutarse. Cuando termine generara un nuevo reporte que tendras que pegar en este mismo tema.




      Después de reiniciar, comprobas en funcionamiento y nos comentás.



      saludos
      Síguenos en Twitter y hazte nuestro amigo en Facebook.

    9. #9
      Usuario Avatar de dsclink
      Registrado
      nov 2006
      Ubicación
      España
      Mensajes
      8

      Re: virus hj9ol0.exe

      Aquí está el nuevo reporte

      KillAll::
      ClearJavaCache::
      Firefox::
      FF - ProfilePath - c:\users\Roberto Salamanca\AppData\Roaming\Mozilla\Firefox\Profiles\3yw9p8u5.default\
      FF - prefs.js: browser.search.selectedEngine - Search Results
      FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406
      Folder::
      c:\progra~1\SEARCH~1\Datamngr
      Registry::
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
      "GrpConv"=-
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=-

      Más corto, pero al reiniciar el PC nada, pantalla negra. La diferencia es que ahora intenta iniciar y me sale el siguiente código: Malwarebytes anti-malware, y en la ventana Shield_notify Icom, no se pudo realizar la acción deseada. Codigo de error 2.

      Cuando acepto este código de error se queda en negro, pero se mantiene la pantalla del combofix

    10. #10
      Usuario Avatar de dsclink
      Registrado
      nov 2006
      Ubicación
      España
      Mensajes
      8

      Re: virus hj9ol0.exe

      Leosolari;

      Me corrijo sobre mi propio mail porque he corrido demasiado. El PC se ha reiniciado y el Combofix ha generado el siguiente reporte;

      ComboFix 12-11-15.01 - Roberto Salamanca 15/11/2012 20:17:00.1.2 - x86 NETWORK
      Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.34.3082.18.2046.1576 [GMT 1:00]
      Running from: c:\users\Roberto Salamanca\Desktop\ComboFix.exe
      Command switches used :: c:\users\Roberto Salamanca\Desktop\CFScript.txt
      AV: AVG Anti-Virus 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
      SP: AVG Anti-Virus 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\progra~1\SEARCH~1\Datamngr
      c:\progra~1\SEARCH~1\Datamngr\BrowserConnection.dll
      c:\progra~1\SEARCH~1\Datamngr\datamngr.dll
      c:\progra~1\SEARCH~1\Datamngr\datamngrUI.exe
      c:\progra~1\SEARCH~1\Datamngr\DnsBHO.dll
      c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\chrome.manifest
      c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\chrome.manifest.alt
      c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\components\DataMngrHlp.dll
      c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt
      c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\components\DataMngrHlpFF10.dll
      c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\components\DataMngrHlpFF11.dll
      c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll
      c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll
      c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll
      c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll
      c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll
      c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\components\DataMngrHlpFF8.dll
      c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\components\DataMngrHlpFF9.dll
      c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\content\DataMngr.js
      c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\content\DnsBHO.js
      c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\content\Error404BHO.js
      c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\content\NewTabBHO.js
      c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\content\overlay.js
      c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\content\overlay.xul
      c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\content\RelatedSearch.js
      c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\content\SearchBHO.js
      c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\content\SessionRestore.js
      c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\content\SettingManager.js
      c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\content\Settings.xml
      c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\content\Settings.xml.alt
      c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\install.rdf
      c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\install.rdf.alt
      c:\progra~1\SEARCH~1\Datamngr\IEBHO.dll
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\as_guid.dat
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\bandoocode.js
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\data\search\engines.xml
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\data\search\search.xsl
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\about.xml
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\bandoocode.js
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\external.js
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\vmncode.js
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\modules\datastore.jsm
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\neterror.xhtml
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\partner.coupons.xml
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\preferences.xml
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\radiobeta.js
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\template.xml
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\toolbar.htm
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\toolbar.xul
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\vmncode.js
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\vmnrsswin.xml
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\babylon_logo.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\bandoo.css
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\bluelite.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\bluesky.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn-search-over.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn-search.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn-settings-over.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn-settings.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn-widgets.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn_settings.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\ca.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\dictionary.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\divider.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\downloadcom.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\dtxlogo.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\ebay.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\email.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\email_on.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\facebook.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\games.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred0.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred0_5.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred1.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred1_5.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred2.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred2_5.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred3.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred3_5.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred4.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred4_5.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred5.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphredna.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\grey.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\ico-shield.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\icon_amazon.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\icon_games.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\icon_radio_png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\icon_seperator_png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\icon_twitter.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\icon_youtube.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\images.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\imesh.css
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\add.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\aol.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\blank.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\checkmark.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\chevron.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\collapse.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\comcast.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\dtx.css
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\edit-back.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\expand.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\found.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\gmail.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\highlight.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\hotmail.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\ico-check.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\imap.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\lock.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\mailcom.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\modify.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\move.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\movetarget.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\pop.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\reload.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\remove.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\rename.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\rss.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\search-go.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\search.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\throbber.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\yahoo.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lichen.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\logo-about.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\logo-over.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\logo-separator.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\logo.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\mail.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\maps.bmp
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\modify-save.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\modify.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\modifyhot.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\music.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\news.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\options\options-main.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\options\options-search.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\options\options-weather.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\options\options-weather.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\options\options-widgets.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\orange.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\pixsy.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\protect-id.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\radiobeta.ico
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\relatedlinks.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-collapse.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-delete.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-expand.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-feed.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-folder.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-found.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-reload.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-subscribe.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\rssback.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\rsstopback.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\search-over.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\search.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\search_button_over_png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\search_button_png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\settings.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\shopping.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\siteinfo.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin-bluelite.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin-bluesky.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin-grey.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin-lichen.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin-orange.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin-yellow.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin.xml
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\technorati.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\throbber.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\translate.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\video.bmp
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\vmn.css
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\vmn.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\weather.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\web.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\wikipedia.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\yahoosearch.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\yellow.gif
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\youtube.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\zoom.png
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\components\windowmediator.js
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\dtUser.exe
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\manifest.xml
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\searchquband.dll
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
      c:\progra~1\SEARCH~1\Datamngr\ToolBar\uninstall.exe
      .
      .
      ((((((((((((((((((((((((( Files Created from 2012-10-15 to 2012-11-15 )))))))))))))))))))))))))))))))
      .
      .
      2012-11-15 19:24 . 2012-11-15 19:55 -------- d-----w- c:\users\Roberto Salamanca\AppData\Local\temp
      2012-11-15 19:24 . 2012-11-15 19:24 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
      2012-11-15 19:24 . 2012-11-15 19:24 -------- d-----w- c:\users\Default\AppData\Local\temp
      2012-11-06 17:27 . 2012-11-06 17:27 -------- d-----w- c:\program files\CCleaner
      2012-11-04 09:31 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll
      2012-11-04 09:31 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
      2012-11-04 09:31 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
      2012-11-04 09:30 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll
      2012-11-04 09:30 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll
      2012-11-04 09:29 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
      2012-11-04 09:29 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
      2012-11-04 09:10 . 2012-11-04 09:10 711240 ----a-w- c:\windows\is-3C9G4.exe
      2012-11-03 16:12 . 2012-11-03 16:12 -------- d-----w- c:\users\Roberto Salamanca\AppData\Roaming\TuneUp Software
      2012-11-03 16:06 . 2012-11-03 16:06 -------- d-----w- C:\$AVG
      2012-11-03 15:51 . 2012-11-03 15:51 -------- d--h--w- c:\programdata\Common Files
      2012-11-01 21:37 . 2012-11-01 21:38 -------- d-----w- c:\program files\GUMF121.tmp
      2012-11-01 21:37 . 2012-11-01 21:37 4096000 ----a-w- c:\program files\GUTF122.tmp
      2012-11-01 19:31 . 2012-11-04 02:31 -------- d-----w- c:\programdata\AVAST Software
      2012-11-01 19:31 . 2012-11-01 19:31 -------- d-----w- c:\program files\AVAST Software
      2012-11-01 12:20 . 2009-06-30 09:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
      2012-11-01 12:20 . 2012-11-01 12:20 -------- d-----w- c:\program files\Panda Security
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-10-17 01:32 . 2012-11-03 13:12 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{890382B7-32AE-4B03-8350-ED1465A8B335}\mpengine.dll
      2012-09-29 18:54 . 2012-08-31 20:48 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
      2012-08-31 21:31 . 2012-08-31 21:34 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
      2012-08-31 21:31 . 2011-10-10 19:10 473072 ----a-w- c:\windows\system32\deployJava1.dll
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
      @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
      2011-02-18 05:12 94208 ----a-w- c:\users\Roberto Salamanca\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
      @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
      2011-02-18 05:12 94208 ----a-w- c:\users\Roberto Salamanca\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
      @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
      2011-02-18 05:12 94208 ----a-w- c:\users\Roberto Salamanca\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2008-07-17 136512]
      "AsistenteTecnico"="c:\program files\Telefonica\agent\common\snapins\AvisoDesinst.exe" [2012-11-07 53248]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableUIADesktopToggle"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
      2007-07-12 06:33 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
      @="Service"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      bthsvcs REG_MULTI_SZ BthServ
      LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cdb87a8f85ff59.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2012-11-01 19:32]
      .
      2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2012-11-01 19:32]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.google.es/
      uInternet Settings,ProxyOverride = *.local
      IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
      IE: Enviar imagen al dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
      IE: Enviar página al dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
      TCP: DhcpNameServer = 192.168.1.1
      FF - ProfilePath - c:\users\Roberto Salamanca\AppData\Roaming\Mozilla\Firefox\Profiles\3yw9p8u5.default\
      FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=161&systemid=406&sr=0&q=
      FF - prefs.js: network.proxy.type - 0
      FF - ExtSQL: !HIDDEN! 2011-03-17 03:02; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
      .
      .
      **************************************************************************
      .
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
      Rootkit scan 2012-11-15 20:56
      Windows 6.0.6002 Service Pack 2 NTFS
      .
      scanning hidden processes ...
      .
      scanning hidden autostart entries ...
      .
      scanning hidden files ...
      .
      scan completed successfully
      hidden files: 0
      .
      **************************************************************************
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      "MSCurrentCountry"=dword:000000a0
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------
      .
      - - - - - - - > 'Explorer.exe'(3524)
      c:\users\Roberto Salamanca\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      c:\windows\system32\btncopy.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      c:\program files\Bonjour\mDNSResponder.exe
      c:\program files\LogMeIn\x86\LMIGuardianSvc.exe
      c:\program files\LogMeIn\x86\RaMaint.exe
      c:\program files\LogMeIn\x86\LogMeIn.exe
      c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
      c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
      c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe
      c:\program files\McAfee\Common Framework\FrameworkService.exe
      c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
      c:\windows\system32\mfevtps.exe
      c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
      c:\program files\LogMeIn\x86\LogMeInSystray.exe
      c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
      c:\program files\Telefonica\bin\sprtsvc.exe
      c:\windows\system32\stacsv.exe
      c:\program files\McAfee\Common Framework\naPrdMgr.exe
      c:\program files\Sony\VAIO Event Service\VESMgr.exe
      c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
      c:\windows\system32\WUDFHost.exe
      c:\windows\system32\DRIVERS\xaudio.exe
      c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
      c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
      c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
      c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
      c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
      c:\program files\Sony\VAIO Power Management\SPMgr.exe
      c:\program files\Sony\VAIO Update 5\VAIOUpdt.exe
      c:\windows\system32\conime.exe
      c:\program files\McAfee\VirusScan Enterprise\ShStat.exe
      c:\program files\McAfee\Common Framework\McTray.exe
      c:\program files\Sony\VAIO Update Common\VUAgent.exe
      .
      **************************************************************************
      .
      Completion time: 2012-11-15 21:05:40 - machine was rebooted
      ComboFix-quarantined-files.txt 2012-11-15 20:05
      ComboFix2.txt 2012-11-14 18:10
      .
      Pre-Run: 106.176.730.624 bytes libres
      Post-Run: 103.714.868.224 bytes libres
      .
      - - End Of File - - 88AF1324E20889644103D6AAB800F016

      Una de las cosas que he podido comprobar que no funcionan son el explorer o mozilla porque en ambos me indica que una entrada en el registro se ha eliminado previamente. La verdad es que no he probado los otros programas.

      Saludos

    Página 1 de 2 12 ÚltimoÚltimo