• Registrarse
  • Iniciar sesión


  • Resultados 1 al 8 de 8

    Troyano Patched_C.MIS en services.exe

    Hola a todos, A ver si me podéis echar una mano con este troyano. Mi antivirus AVG free detecta este troyano en el fichero services.exe y dice que lo mete en una lista blanca que ...

    1. #1
      Usuario Avatar de ZC-BBJB
      Registrado
      nov 2012
      Ubicación
      Barcelona
      Mensajes
      5

      Troyano Patched_C.MIS en services.exe

      Hola a todos,

      A ver si me podéis echar una mano con este troyano.

      Mi antivirus AVG free detecta este troyano en el fichero services.exe y dice que lo mete en una lista blanca que no se puede borrar. Es bastante molesto que cada X minutos vaya saliendo el mensajito de marras sin poder hacer nada.

      Alguna solución???????

      Gracias.

    2. #2
      Moderador.
      Avatar de @Tincho
      Registrado
      may 2008
      Ubicación
      Argentina
      Mensajes
      14.701

      Re: Troyano Patched_C.MIS en services.exe

      Buenas


      Realiza lo siguiente.


      1.-Descargá TDSSKiller a Tu escritorio.



      Ejecutá TDSSKiller tal cual lo indica Su manual.


      Cuando la Herramienta termine Su trabajo, Reiniciá el ordenador y conectate nuevamente a Internet.


      2.-Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

      • Desactiva temporalmente el Antivirus y/o Antispyware.
      • Cierra todas las ventanas abiertas.
      • Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
      • Cuando termine, generara un registro en C:\ComboFix.txt.
        • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
        • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.



      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.
      • Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.Comentando como esta funcionado tu sistema.


      Volves con su reporte y Nos comentas como sigue el ordenador ahora.


      Saludos
      Tyny's
      If on your journey, you should encounter God, God will be cut!

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de ZC-BBJB
      Registrado
      nov 2012
      Ubicación
      Barcelona
      Mensajes
      5

      Re: Troyano Patched_C.MIS en services.exe

      Gracias por tu solución. He ejectuado todo el proceso y éste es el report que me da Combofix: (te lo pongo en 2 posts que no me deja más de 75000 caracteres).

      ComboFix 12-11-13.03 - Toni 14/11/2012 22:05:28.1.2 - x64
      Microsoft Windows 7 Professional 6.1.7601.1.1252.34.3082.18.4094.2849 [GMT 1:00]
      Running from: c:\users\Toni\Desktop\ComboFix.exe
      AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
      SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\program files (x86)\Windows Searchqu Toolbar
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\datamngr.dll
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\DnsBHO.dll
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\IEBHO.dll
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\as_guid.dat
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\imeshcode.js
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\template.xml
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\.project
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\alert_coupon.css
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-next-off.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-next.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-previous-off.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-previous.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\bg-coupon-blue.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\bg-save.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\border-radius.htc
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-getcoupon.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-next-blue.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-previous-blue.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-wide-close-over.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-wide-close.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\coupon-activated.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\couponTooltip.js
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\css\dialog.css
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\css\ie7style.css
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\css\IE7Styles.css
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-coupon.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-dollar.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrow-grey.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-left.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-right.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\bg_top.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-back.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-getcoupon.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-search.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\coupon-activated.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\delete.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\loader.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb-disable.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb-down.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt-disable.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt-down.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\sprite.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-arrow-hover.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-arrow.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-l.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-l_BAK.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-r.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-r_BAK.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-on-l.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-on-r.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-over-l.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-over-r.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-left.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-mdl.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-right.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\vid-bg.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\index.html
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\jquery.contextMenu.css
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\jquery.contextMenu.js
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery-1.4.2.min.js
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.event.wheel.js
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.scrollTo-min.js
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\JSON.js
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\listnav.js
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\main.js
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\page_white_copy.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\panel.html
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\partner.xml
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\placeholder-logo.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css\dialog.css
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\bg.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-disablealert-over.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-disablealert.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-enablealert-over.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-enablealert.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-help-over.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-help.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-showalert-over.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-showalert.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-wide-close-over.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-wide-close.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\default.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\poweredby-couponwinner.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\transparent.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-left.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-mdl.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right-resize.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\main.html
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts\defscript.js
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\tb_icon.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\widget.jsw
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\widget.xml
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\widget_version.txt
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\tb_icon.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.js
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.xml
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget_version
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ca.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\divider.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\games.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\images.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search-go.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\mail.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\music.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\news.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\settings.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\translate.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\weather.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\web.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\components\windowmediator.js
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\manifest.xml
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstall.exe
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngrUI.exe
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\x64\DnsBHO.dll
      c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll
      c:\program files (x86)\Windows Searchqu Toolbar\uninstall.exe
      c:\windows\assembly\GAC_32\Desktop.ini
      c:\windows\assembly\GAC_64\Desktop.ini
      c:\windows\assembly\tmp\U
      .
      .
      ((((((((((((((((((((((((( Files Created from 2012-10-14 to 2012-11-14 )))))))))))))))))))))))))))))))
      .
      .
      2012-11-14 21:12 . 2012-11-14 21:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
      2012-11-14 20:55 . 2012-11-14 20:55 -------- d-----w- C:\TDSSKiller_Quarantine
      2012-10-20 20:37 . 2012-10-28 21:20 -------- d-----w- c:\users\Toni\AppData\Roaming\.Torrent Stream
      2012-10-20 20:36 . 2012-10-20 20:38 -------- d-----w- c:\users\Toni\AppData\Roaming\TorrentStream
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-11-14 20:56 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
      2012-11-08 18:38 . 2012-07-29 18:50 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
      2012-10-29 18:52 . 2012-02-21 21:36 88008 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
      2012-10-29 18:52 . 2012-02-21 21:36 35240 ----a-w- c:\windows\system32\LMIport.dll
      2012-10-29 18:52 . 2012-02-21 21:36 83880 ----a-w- c:\windows\system32\LMIinit.dll
      2012-08-18 20:46 . 2012-07-15 21:26 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
      2012-08-18 20:46 . 2011-07-19 20:26 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
      2012-11-08 18:38 1796552 ----a-w- c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
      "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-08 1796552]
      .
      [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
      [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
      [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
      "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
      "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
      "Spotify Web Helper"="c:\users\Toni\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-08 1199576]
      "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-22 39408]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
      "AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]
      "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
      "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
      "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
      "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
      "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-11-08 997320]
      "ROC_ROC_JULY_P1"="c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-08-29 1022048]
      "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
      "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
      .
      c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
      Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-8-21 113664]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 0 (0x0)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableLUA"= 0 (0x0)
      "EnableUIADesktopToggle"= 0 (0x0)
      "PromptOnSecureDesktop"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
      "LoadAppInit_DLLs"=1 (0x1)
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
      "mixer2"=wdmaud.drv
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
      BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
      SecurityProviders credssp.dll, UbwarrAqdinc.dll
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
      @=""
      .
      R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
      R3 EverestDriver;FinalWire EVEREST Kernel Driver;d:\descargas\Software\everestcorporate-discontinued-build-2225-kbjd7s3vqn\kerneld.amd64 [2010-08-11 27296]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
      R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
      S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 26704]
      S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-03-16 37456]
      S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2011-01-07 304720]
      S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-03-01 41552]
      S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-04-04 377936]
      S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-08 30568]
      S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-19 254528]
      S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
      S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
      S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
      S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2011-07-27 376400]
      S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
      S2 avgwd;WatchDog de AVG;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
      S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-10-29 375728]
      S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]
      S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
      S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-08 711112]
      S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 118864]
      S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 29264]
      S3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [2007-02-07 1095168]
      .
      .
      --- Other Services/Drivers In Memory ---
      .
      *NewlyCreated* - WS2IFSL
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
      iissvcs REG_MULTI_SZ w3svc was
      apphost REG_MULTI_SZ apphostsvc
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22 19:16]
      .
      2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22 19:16]
      .
      2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2129260629-2270616081-4198869538-1001Core.job
      - c:\users\Toni\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-13 10:31]
      .
      2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2129260629-2270616081-4198869538-1001UA.job
      - c:\users\Toni\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-13 10:31]
      .
      .
      --------- X64 Entries -----------
      .
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "C6501Sound"="c:\windows\Syswow64\C6501.cpl" [2007-02-06 6090752]
      "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
      "CmPCIaudio"="c:\windows\Syswow64\CMICNFG3.dll" [2009-05-11 8126464]
      "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
      .
      ------- Supplementary Scan -------
      .
      uLocal Page = c:\windows\system32\blank.htm
      uStart Page = hxxp://www.google.com/
      mLocal Page = c:\windows\SysWOW64\blank.htm
      uInternet Settings,ProxyOverride = *.local
      IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
      TCP: DhcpNameServer = 87.216.1.65 87.216.1.66
      Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
      .

    4. #4
      Usuario Avatar de ZC-BBJB
      Registrado
      nov 2012
      Ubicación
      Barcelona
      Mensajes
      5

      Re: Troyano Patched_C.MIS en services.exe

      - - - - ORPHANS REMOVED - - - -
      .
      BHO-{99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
      BHO-{9D717F81-9148-4f12-8568-69135F087DB0} - c:\progra~2\WIA6EB~1\Datamngr\BROWSE~1.DLL
      Toolbar-{99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
      Toolbar-10 - (no file)
      Wow6432Node-HKLM-Run-DATAMNGR - c:\progra~2\WIA6EB~1\Datamngr\DATAMN~1.EXE
      SafeBoot-21689683.sys
      HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
      Toolbar-10 - (no file)
      WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
      AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
      AddRemove-Searchqu 0 MediaBar - c:\program files (x86)\Windows Searchqu Toolbar\uninstall.exe
      .
      .
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
      "ImagePath"="\??\d:\descargas\Software\everestcorporate-discontinued-build-2225-kbjd7s3vqn\kerneld.amd64"
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_USERS\S-1-5-21-2129260629-2270616081-4198869538-1001\Software\SecuROM\License information*]
      "datasecu"=hex:b6,fe,d5,8b,de,0c,28,0d,98,b4,77,0d,e0,0c,c5,8c,53,b4,3c,5d,18,
      69,c2,de,ab,99,c7,50,b6,8c,9b,09,58,72,a5,3a,dc,f3,54,a3,0f,e0,7d,d9,61,e3,\
      "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Shockwave Flash Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
      @="0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
      @="ShockwaveFlash.ShockwaveFlash.11"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="ShockwaveFlash.ShockwaveFlash"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Macromedia Flash Factory Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
      @="FlashFactory.FlashFactory.1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="FlashFactory.FlashFactory"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker4"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      c:\windows\SysWOW64\PnkBstrA.exe
      c:\program files (x86)\AVG\AVG10\avgam.exe
      c:\windows\SysWOW64\rundll32.exe
      c:\windows\SysWOW64\rundll32.exe
      c:\program files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
      c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
      .
      **************************************************************************
      .
      Completion time: 2012-11-14 22:20:21 - machine was rebooted
      ComboFix-quarantined-files.txt 2012-11-14 21:20
      .
      Pre-Run: 21.673.197.568 bytes libres
      Post-Run: 21.964.890.112 bytes libres
      .
      - - End Of File - - 666A88350961AB7D57B8BA6C9177320C

    5. #5
      Moderador.
      Avatar de @Tincho
      Registrado
      may 2008
      Ubicación
      Argentina
      Mensajes
      14.701

      Re: Troyano Patched_C.MIS en services.exe

      Buenas.


      Como funciona tu PC ¿?


      Saludos.
      Tyny's
      If on your journey, you should encounter God, God will be cut!

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    6. #6
      Usuario Avatar de ZC-BBJB
      Registrado
      nov 2012
      Ubicación
      Barcelona
      Mensajes
      5

      Re: Troyano Patched_C.MIS en services.exe

      De momento solamente he podido limpiar el virus tal y como me dijiste. No he tenido tiempo de probarlo a fondo. Tan pronto pueda testear el funcionamiento te digo.

      Como has visto los reports???? Ha quedado limpio???

    7. #7
      Moderador.
      Avatar de @Tincho
      Registrado
      may 2008
      Ubicación
      Argentina
      Mensajes
      14.701

      Re: Troyano Patched_C.MIS en services.exe

      Buenas.


      Correcto en lineas generales.


      Saludos.,
      Tyny's
      If on your journey, you should encounter God, God will be cut!

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    8. #8
      Usuario Avatar de ZC-BBJB
      Registrado
      nov 2012
      Ubicación
      Barcelona
      Mensajes
      5

      Re: Troyano Patched_C.MIS en services.exe

      Ya he podido testear algo más el PC y me parece que va más rápido. El AVG no ha vuelto a detectar ningún virus, así que entiendo que el tema ha sido resuelto.

      Muchísimas gracias por tu ayuda.