Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue Screen Crashes


  • This topic is locked This topic is locked
31 replies to this topic

#1 purplehero

purplehero

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 02 February 2012 - 11:56 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421
Run by SYSTEM at 0:34:07 on 2012-02-01
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2937.2381 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\ctfmon.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: ooVoo Video Chat Toolbar: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - c:\program files\oovoo_video_chat\prxtbooVo.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: {007df30f-0616-47c0-959c-0729a1c721f1} - c:\windows\system32\api-ms-win-core-interlocked-l1-1-032.dll
BHO: Shop to Win 9: {0095c290-a428-4bdd-b98c-e0a116f1c702} - c:\program files\shop to win 9\ShoppingBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: ooVoo Toolbar: {59c6f12b-f004-43e5-9997-08f2123119b6} - c:\program files\oovootoolbar\oovootoolbarX.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Facetheme: {66d8fba6-d90f-40a9-ac55-84896f79ca69} - c:\program files\object\bho_project.dll
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - c:\progra~1\bearsh~1\mediabar\datamngr\IEBHO.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\common files\freecause\dca\dca-bho.dll
BHO: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\toolbar\bsdtxmltbpi.dll
BHO: 5cadb5c0: {ca42994c-1b1b-d732-98f6-e821b7e28b41} - c:\programdata\api-ms-win-core-interlocked-l1-1-032.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: ooVoo Video Chat Toolbar: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - c:\program files\oovoo_video_chat\prxtbooVo.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\drop down deals\YontooIEClient.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: ooVoo Toolbar: {59c6f12b-f004-43e5-9997-08f2123119b6} - c:\program files\oovootoolbar\oovootoolbarX.dll
TB: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\toolbar\bsdtxmltbpi.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: ooVoo Video Chat Toolbar: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - c:\program files\oovoo_video_chat\prxtbooVo.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10t_Plugin.exe -update plugin
mRun: [<NO NAME>]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun: [ConexantAudioPatch] %ProgramFiles%\ConexantAudioPatch\Audioreset.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [DATAMNGR] c:\progra~1\bearsh~1\mediabar\datamngr\DATAMN~1.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [BrandClearStubs] RUNDLL32 IEDKCS32.DLL,BrandCleanInstallStubs >{05a8b730-c37c-4238-b746-135952927472}
mRunOnce: [NoIE4StubProcessing] c:\windows\system32\reg.exe delete "hklm\software\microsoft\active setup\Installed Components" /v "NoIE4StubProcessing" /f
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10t_Plugin.exe -update plugin
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{1036047C-365C-4B28-95F5-D615F3DD2D4C} : DhcpNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{1036047C-365C-4B28-95F5-D615F3DD2D4C}\0484F6D65643736323 : DhcpNameServer = 192.168.1.1 192.168.1.1 0.0.0.0
TCP: Interfaces\{1036047C-365C-4B28-95F5-D615F3DD2D4C}\34F4850264255454027594649402D20264F4F44434F4552545 : DhcpNameServer = 10.1.12.1
TCP: Interfaces\{1036047C-365C-4B28-95F5-D615F3DD2D4C}\34F6870235F6C6574796F6E637023547F62756 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1036047C-365C-4B28-95F5-D615F3DD2D4C}\34F6D607574756272556071696273456E6475627 : DhcpNameServer = 208.67.222.222 208.67.220.220 68.105.28.17
TCP: Interfaces\{1036047C-365C-4B28-95F5-D615F3DD2D4C}\4656661657C647 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1036047C-365C-4B28-95F5-D615F3DD2D4C}\65438415A4 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1036047C-365C-4B28-95F5-D615F3DD2D4C}\D44707F5C4962627162797 : DhcpNameServer = 10.90.7.8 10.90.7.3
TCP: Interfaces\{CD0CC067-9BF2-4AF5-9293-E637C509B087} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\bearsh~1\mediabar\datamngr\datamngr.dll c:\progra~1\bearsh~1\mediabar\datamngr\iebho.dll avgrsstx.dll,c:\programdata\api-ms-win-core-interlocked-l1-1-032.dll
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2009-6-29 30272]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2009-6-29 13120]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-26 243152]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 12920]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-7-27 51712]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2009-6-15 9216]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-8-13 859136]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-26 216400]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-26 29584]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
S1 MpKsl45e23819;MpKsl45e23819;c:\programdata\microsoft\microsoft antimalware\definition updates\{2582eda1-fbc0-46b0-ab66-f3fd9f4c0d06}\MpKsl45e23819.sys [2012-1-31 28752]
S1 MpKsleebc66c5;MpKsleebc66c5;c:\programdata\microsoft\microsoft antimalware\definition updates\{2582eda1-fbc0-46b0-ab66-f3fd9f4c0d06}\MpKsleebc66c5.sys [2012-1-31 28752]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-9-26 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-26 308136]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
S2 clr_optimization_v2.0.50727_3232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;c:\windows\system32\bootstr32.exe [2011-6-18 764416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-14 135664]
S2 MMCSS32;Multimedia Class Scheduler ;c:\windows\system32\igdumdx3232.exe --> c:\windows\system32\igdumdx3232.exe [?]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-27 185712]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2011-1-19 947528]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-14 135664]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-7-10 122880]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-8-13 24064]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-8-13 171520]
S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-8-13 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]
S3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-6 685424]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-16 1343400]
.
=============== Created Last 30 ================
.
2012-02-01 02:35:19 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2582eda1-fbc0-46b0-ab66-f3fd9f4c0d06}\MpKsleebc66c5.sys
2012-02-01 02:09:16 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2582eda1-fbc0-46b0-ab66-f3fd9f4c0d06}\MpKsl45e23819.sys
2012-02-01 02:09:03 6962000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2582eda1-fbc0-46b0-ab66-f3fd9f4c0d06}\mpengine.dll
2012-01-31 23:50:56 -------- d-----w- c:\windows\system32\%LocalAppData%
.
==================== Find3M ====================
.
.
============= FINISH: 0:36:01.77 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:34 AM

Posted 04 February 2012 - 01:32 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 purplehero

purplehero
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 04 February 2012 - 07:58 AM

ComboFix 12-02-03.02 - SYSTEM 02/04/2012 1:55.1.2 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2937.2287 [GMT -5:00]
Running from: c:\windows\system32\config\systemprofile\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Enabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AVG Antivirus 2011
c:\program files\ClickPotatoLite
c:\program files\ClickPotatoLite\bin\10.0.659.0\firefox\extensions\install.rdf
c:\program files\ClickPotatoLite\bin\10.0.668.0\ClickPotatoLiteSAAX.dll
c:\program files\ClickPotatoLite\bin\10.0.668.0\firefox\extensions\install.rdf
c:\program files\Drop Down Deals
c:\program files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}
c:\program files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome\scanquery.jar
c:\program files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\install.rdf
c:\program files\Object
c:\program files\Object\bho_project.dll
c:\program files\Object\ChromeAddon.pem
c:\program files\Object\chromeaddon\._included.js
c:\program files\Object\chromeaddon\background.html
c:\program files\Object\chromeaddon\included.js
c:\program files\Object\chromeaddon\manifest.json
c:\program files\Object\config.ini
c:\program files\Object\facetheme\build.sh
c:\program files\Object\facetheme\chrome.manifest
c:\program files\Object\facetheme\config_build.sh
c:\program files\Object\facetheme\content\.DS_Store
c:\program files\Object\facetheme\content\firefoxOverlay.xul
c:\program files\Object\facetheme\content\installid.js
c:\program files\Object\facetheme\content\overlay.js
c:\program files\Object\facetheme\content\sudoku.js
c:\program files\Object\facetheme\defaults\.DS_Store
c:\program files\Object\facetheme\defaults\preferences\.DS_Store
c:\program files\Object\facetheme\defaults\preferences\sudoku.js
c:\program files\Object\facetheme\files
c:\program files\Object\facetheme\install.rdf
c:\program files\Object\facetheme\locale\.DS_Store
c:\program files\Object\facetheme\locale\en-US\.DS_Store
c:\program files\Object\facetheme\locale\en-US\sudoku.dtd
c:\program files\Object\facetheme\locale\en-US\sudoku.properties
c:\program files\Object\facetheme\readme.txt
c:\program files\Object\facetheme\skin\overlay.css
c:\program files\Object\facetheme_uninstall.exe
c:\program files\Object\status.txt
c:\program files\Object\status2.txt
c:\program files\ScanQuery
c:\program files\ScanQuery\uninstall.exe
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\program files\Shop to Win 9\ShOPpingbho.dll
c:\program files\ShoppingReport2
c:\program files\ShoppingReport2\Uninst.exec:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSA.dat
c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\programdata\api-ms-win-core-interlocked-l1-1-032.dll
c:\programdata\ClickPotatoLiteSA
c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSA.dat
c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf_update.dat
c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht
c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat
c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht
c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato
c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk
c:\programdata\ScanQuery
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\users\Administrator\AppData\Roaming\ClickPotatoLite
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dd66ce8a.default\extensions\{efd2c3b3-2e14-4bfa-8524-311975dbea49}
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dd66ce8a.default\extensions\{efd2c3b3-2e14-4bfa-8524-311975dbea49}\chrome.manifest
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dd66ce8a.default\extensions\{efd2c3b3-2e14-4bfa-8524-311975dbea49}\chrome\xulcache.jar
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dd66ce8a.default\extensions\{efd2c3b3-2e14-4bfa-8524-311975dbea49}\defaults\preferences\xulcache.js
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dd66ce8a.default\extensions\{efd2c3b3-2e14-4bfa-8524-311975dbea49}\install.rdf
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-01-04 to 2012-02-04 )))))))))))))))))))))))))))))))
.
.
2012-02-04 07:18 . 2012-02-04 07:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-04 07:18 . 2012-02-04 07:18 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-02-03 21:03 . 2012-02-03 21:03 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKsl15e2470f.sys
2012-02-03 16:34 . 2012-02-03 16:34 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKsla37a5140.sys
2012-02-03 04:39 . 2012-02-03 04:39 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKsl8a9c90e1.sys
2012-02-01 12:23 . 2012-02-01 12:23 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKslc5b15200.sys
2012-02-01 02:35 . 2012-02-01 02:35 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKsleebc66c5.sys
2012-02-01 02:09 . 2012-02-01 02:09 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKsl45e23819.sys
2012-02-01 02:09 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\mpengine.dll
2012-01-31 23:50 . 2012-01-31 23:50 -------- d-----w- c:\windows\system32\%LocalAppData%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{007DF30F-0616-47C0-959C-0729A1C721F1}]
2011-06-18 05:50 349696 ----a-w- c:\windows\System32\api-ms-win-core-interlocked-l1-1-032.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 20:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59c6f12b-f004-43e5-9997-08f2123119b6}]
2011-01-19 20:10 81920 ----a-w- c:\program files\oovootoolbar\oovootoolbarX.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2011-02-08 17:22 721840 ----a-w- c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-03-18 12:11 2471240 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
2011-01-18 13:05 87480 ----a-w- c:\progra~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]
2011-01-17 20:54 175912 ----a-w- c:\program files\ooVoo_Video_Chat\prxtbooVo.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
"{59c6f12b-f004-43e5-9997-08f2123119b6}"= "c:\program files\oovootoolbar\oovootoolbarX.dll" [2011-01-19 81920]
"{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}"= "c:\progra~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll" [2011-01-18 87480]
"{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}"= "c:\program files\ooVoo_Video_Chat\prxtbooVo.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CLASSES_ROOT\clsid\{59c6f12b-f004-43e5-9997-08f2123119b6}]
.
[HKEY_CLASSES_ROOT\clsid\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
.
[HKEY_CLASSES_ROOT\clsid\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\system32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2009-07-20 484920]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-31 1545512]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-07 611672]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-27 1324384]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-07-29 163840]
"ConexantAudioPatch"="c:\program files\ConexantAudioPatch\Audioreset.exe" [2009-09-02 214328]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]
"TUSBSleepChargeSrv"="c:\program files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-07-02 252288]
"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-03-15 2071904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\system32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-09-27 216400]
R1 cupmfyvf;cupmfyvf;c:\windows\system32\drivers\cupmfyvf.sys [x]
R1 dqqvnjgf;dqqvnjgf;c:\windows\system32\drivers\dqqvnjgf.sys [x]
R1 MpKsl15e2470f;MpKsl15e2470f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKsl15e2470f.sys [2012-02-03 28752]
R1 MpKsl1e71ded2;MpKsl1e71ded2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C3212DB9-EA8B-4F85-BB66-C620AB2391D9}\MpKsl1e71ded2.sys [x]
R1 MpKsl20451edc;MpKsl20451edc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C50F501C-5640-48EE-99D4-FFD2CCA18D09}\MpKsl20451edc.sys [x]
R1 MpKsl20da145b;MpKsl20da145b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C50F501C-5640-48EE-99D4-FFD2CCA18D09}\MpKsl20da145b.sys [x]
R1 MpKsl23d87555;MpKsl23d87555;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A8F291B-E16D-4C21-A8A8-12E92229BFF4}\MpKsl23d87555.sys [x]
R1 MpKsl2769471e;MpKsl2769471e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E975EF7C-6C99-49FA-9750-040C8FADBE83}\MpKsl2769471e.sys [x]
R1 MpKsl2955b912;MpKsl2955b912;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6C96D32F-14CB-4CC4-9ABC-42D60234FF2F}\MpKsl2955b912.sys [x]
R1 MpKsl2eaa8dc9;MpKsl2eaa8dc9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6294D5CF-6042-4384-9892-539B101BC007}\MpKsl2eaa8dc9.sys [x]
R1 MpKsl33688145;MpKsl33688145;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D158E7D5-BE8F-4896-9A66-A59B0BAF8234}\MpKsl33688145.sys [x]
R1 MpKsl3cc53adc;MpKsl3cc53adc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB118703-3F8D-4EF1-B7C3-1C998CA137C5}\MpKsl3cc53adc.sys [x]
R1 MpKsl3fa19fb0;MpKsl3fa19fb0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0B67BAA-824F-4183-A740-F2EA63FBEB19}\MpKsl3fa19fb0.sys [x]
R1 MpKsl426d44f5;MpKsl426d44f5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E194081-A864-4E9C-9C76-95356FF809BD}\MpKsl426d44f5.sys [x]
R1 MpKsl45e23819;MpKsl45e23819;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKsl45e23819.sys [2012-02-01 28752]
R1 MpKsl4cfe7755;MpKsl4cfe7755;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7F865C77-9339-42A9-AEF7-D4A5FAF31205}\MpKsl4cfe7755.sys [x]
R1 MpKsl4dc110f8;MpKsl4dc110f8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CE84459-491B-44D3-A7ED-DC9B8AC76967}\MpKsl4dc110f8.sys [x]
R1 MpKsl527cc119;MpKsl527cc119;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKsl527cc119.sys [2012-02-01 28752]
R1 MpKsl54db6d97;MpKsl54db6d97;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E194081-A864-4E9C-9C76-95356FF809BD}\MpKsl54db6d97.sys [x]
R1 MpKsl5a81e4ba;MpKsl5a81e4ba;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6C96D32F-14CB-4CC4-9ABC-42D60234FF2F}\MpKsl5a81e4ba.sys [x]
R1 MpKsl6e4a0dc6;MpKsl6e4a0dc6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{98C18028-B700-49F6-94AA-E2DD61773CAC}\MpKsl6e4a0dc6.sys [x]
R1 MpKsl6f1bfd32;MpKsl6f1bfd32;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2E21592A-D84A-41F2-8EF3-49EBBF48B225}\MpKsl6f1bfd32.sys [x]
R1 MpKsl6fed662a;MpKsl6fed662a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7F865C77-9339-42A9-AEF7-D4A5FAF31205}\MpKsl6fed662a.sys [x]
R1 MpKsl72e71226;MpKsl72e71226;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C24BF591-9B33-4D20-ABD1-875A703EF44B}\MpKsl72e71226.sys [x]
R1 MpKsl7409bcf1;MpKsl7409bcf1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7303645F-AC11-4F50-BD6C-63B73F798939}\MpKsl7409bcf1.sys [x]
R1 MpKsl76f1a1eb;MpKsl76f1a1eb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE3BC3EE-613D-429A-93EB-97F1DF2CE00C}\MpKsl76f1a1eb.sys [x]
R1 MpKsl8a9c90e1;MpKsl8a9c90e1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKsl8a9c90e1.sys [2012-02-03 28752]
R1 MpKsl9003807a;MpKsl9003807a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{99393D36-5ABC-4562-B450-08D28CE4CCE2}\MpKsl9003807a.sys [x]
R1 MpKsl9108edbe;MpKsl9108edbe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0B67BAA-824F-4183-A740-F2EA63FBEB19}\MpKsl9108edbe.sys [x]
R1 MpKsl91ab1eb1;MpKsl91ab1eb1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKsl91ab1eb1.sys [2012-02-03 28752]
R1 MpKsl9c404c1a;MpKsl9c404c1a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6ECBD958-ECC2-433B-AB11-5A288444E490}\MpKsl9c404c1a.sys [x]
R1 MpKsl9d8a8b02;MpKsl9d8a8b02;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B3129F08-51CE-42E6-94F9-9D6465F4E5D3}\MpKsl9d8a8b02.sys [x]
R1 MpKsl9e317c20;MpKsl9e317c20;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{99393D36-5ABC-4562-B450-08D28CE4CCE2}\MpKsl9e317c20.sys [x]
R1 MpKsla37a5140;MpKsla37a5140;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKsla37a5140.sys [2012-02-03 28752]
R1 MpKslb0aff8b1;MpKslb0aff8b1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56DD996C-617E-46E1-84A1-C1FAC581AB92}\MpKslb0aff8b1.sys [x]
R1 MpKslb29bf5ff;MpKslb29bf5ff;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{36177D76-B900-414A-AB5F-2EC21F8A954C}\MpKslb29bf5ff.sys [x]
R1 MpKslb464eb87;MpKslb464eb87;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A40BA2F-3743-4102-8B6B-D07DBB76F5AA}\MpKslb464eb87.sys [x]
R1 MpKslba159908;MpKslba159908;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{611A5193-49DD-47D8-ACA4-0B684B30E43F}\MpKslba159908.sys [x]
R1 MpKslc5b15200;MpKslc5b15200;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKslc5b15200.sys [2012-02-01 28752]
R1 MpKslc6526e16;MpKslc6526e16;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BEC6D34B-6987-4564-8F13-7E79B1702D2D}\MpKslc6526e16.sys [x]
R1 MpKslc84dc89d;MpKslc84dc89d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB4B7E40-2FF6-4295-9EE7-DE0EF86C35A7}\MpKslc84dc89d.sys [x]
R1 MpKslcbab2ee7;MpKslcbab2ee7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5E429D1-457D-44A9-923C-31466E493C3F}\MpKslcbab2ee7.sys [x]
R1 MpKsld02a3318;MpKsld02a3318;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ED57DD26-89EB-4EF6-898B-0603025A7293}\MpKsld02a3318.sys [x]
R1 MpKsld381237e;MpKsld381237e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BEC6D34B-6987-4564-8F13-7E79B1702D2D}\MpKsld381237e.sys [x]
R1 MpKsle5371904;MpKsle5371904;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0B67BAA-824F-4183-A740-F2EA63FBEB19}\MpKsle5371904.sys [x]
R1 MpKsleebc66c5;MpKsleebc66c5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKsleebc66c5.sys [2012-02-01 28752]
R1 MpKslef93a836;MpKslef93a836;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6DDBD99-9CC1-4333-8C42-A4F65BD7E249}\MpKslef93a836.sys [x]
R1 MpKslff970119;MpKslff970119;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7F865C77-9339-42A9-AEF7-D4A5FAF31205}\MpKslff970119.sys [x]
R1 psiystvy;psiystvy;c:\windows\system32\drivers\psiystvy.sys [x]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-09-27 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-09-27 308136]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
R2 clr_optimization_v2.0.50727_3232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;c:\windows\system32\bootstr32.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-14 135664]
R2 MMCSS32;Multimedia Class Scheduler ;c:\windows\system32\igdumdx3232.exe [x]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 185712]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2011-03-18 947528]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-14 135664]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 171520]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-07 685424]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-16 1343400]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 30272]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 13120]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2011-05-06 243152]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 9216]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-28 859136]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-14 20:37]
.
2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-14 20:37]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{CA42994C-1B1B-D732-98F6-E821B7E28B41} - c:\programdata\api-ms-win-core-interlocked-l1-1-032.dll
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\Drop Down Deals\YontooIEClient.dll
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-facetheme - c:\program files\Object\facetheme_uninstall.exe
AddRemove-ScanQuery - c:\program files\ScanQuery\uninstall.exe
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\progra~2\TARMAI~1\{889DF~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-04 02:29:33
ComboFix-quarantined-files.txt 2012-02-04 07:29
.
Pre-Run: 271,573,381,120 bytes free
Post-Run: 272,943,742,976 bytes free
.
- - End Of File - - C68052A45D8423CAC54314171FDBDE24

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:34 AM

Posted 04 February 2012 - 12:01 PM

Greetings

I need you to give me a little bit of feedback after each step so I can have an idea of how the computer is doing

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

Folder::
c:\program files\ConduitEngine
c:\progra~1\BEARSH~1\MediaBar
c:\program files\Drop Down Deals
c:\program files\Search Toolbar

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 purplehero

purplehero
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 04 February 2012 - 02:56 PM

When I run combofix the program gets to the 4th stage before the computer crashes. I am running it in safe mode with networking.

#6 purplehero

purplehero
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 04 February 2012 - 03:28 PM

I am also experiencing redirects in google chrome.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:34 AM

Posted 04 February 2012 - 09:03 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 purplehero

purplehero
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 04 February 2012 - 09:48 PM

This seemed to fix the computer somewhat. Since I restarted I have not experienced a blue screen crash. I am proceeding to run combofix.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:34 AM

Posted 04 February 2012 - 09:55 PM

let me have both reports when it is done

tdsskiller and combofix


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 purplehero

purplehero
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 04 February 2012 - 11:00 PM

ComboFix 12-02-05.01 - Administrator 02/04/2012 21:57:18.5.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2937.1506 [GMT -5:00]
Running from: c:\users\Administrator\Downloads\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Enabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~1\BEARSH~1\MediaBar
c:\progra~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll
c:\progra~1\BEARSH~1\MediaBar\Datamngr\datamngrUI.exe
c:\progra~1\BEARSH~1\MediaBar\Datamngr\FirefoxExtension\chrome.manifest
c:\progra~1\BEARSH~1\MediaBar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll
c:\progra~1\BEARSH~1\MediaBar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt
c:\progra~1\BEARSH~1\MediaBar\Datamngr\FirefoxExtension\content\DataMngr.js
c:\progra~1\BEARSH~1\MediaBar\Datamngr\FirefoxExtension\content\FFBHO.js
c:\progra~1\BEARSH~1\MediaBar\Datamngr\FirefoxExtension\content\overlay.js
c:\progra~1\BEARSH~1\MediaBar\Datamngr\FirefoxExtension\content\overlay.xul
c:\progra~1\BEARSH~1\MediaBar\Datamngr\FirefoxExtension\content\Settings.xml
c:\progra~1\BEARSH~1\MediaBar\Datamngr\FirefoxExtension\install.rdf
c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
c:\progra~1\BEARSH~1\MediaBar\del_DataMngrHlp_30.dll
c:\progra~1\BEARSH~1\MediaBar\del_DM_DLL_5.dll
c:\progra~1\BEARSH~1\MediaBar\del_DM_DLL_78.dll
c:\progra~1\BEARSH~1\MediaBar\del_DM_EXE_23.dll
c:\progra~1\BEARSH~1\MediaBar\del_DM_EXE_97.dll
c:\progra~1\BEARSH~1\MediaBar\del_IEBHO_74.dll
c:\progra~1\BEARSH~1\MediaBar\del_IEBHO_90.dll
c:\progra~1\BEARSH~1\MediaBar\ToolBar\bsbandmltbpi.dll
c:\progra~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\data\search\engines.xml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\data\search\search.xsl
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\imeshcode.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\lib\about.xml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\lib\dtxpanel.xul
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\lib\dtxtransparentwin.xul
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\lib\dtxwin.xul
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\lib\external.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\lib\imeshcode.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\lib\neterror.xhtml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\lib\nsDragAndDrop.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\lib\rsspreview.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\lib\rsswin.xml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\lib\rsswin.xsl
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\lib\vmncode.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\lib\wmpstreamer.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\modules\datastore.jsm
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\neterror.xhtml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\preferences.xml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\template.xml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\toolbar.htm
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\toolbar.xul
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\vmncode.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\vmnrsswin.xml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\css\dialog.css
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrow-grey.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-left.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-right.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\back.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\delete.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-disable.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-down.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-disable.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-down.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow-hover.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-l.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-r.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-l.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-r.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-l.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-r.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-left.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-mdl.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-right.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-left.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-mdl.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-right.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\throbber.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\vid-bg.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\youtube.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\index.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\function.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\jquery-1.4.2.min.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\JSON.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css\dialog.css
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\bg-facebook.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\blank.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\default.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\transparent.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-left.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-mdl.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right-resize.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\main.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\defscript.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\jquery-1.4.2.min.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\tb_icon.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.jsw
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.xml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget_version.txt
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\tb_icon.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.xml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget_version
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\css\twitter.css
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-submit.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\loginbg.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\refresh-over.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\refresh.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-disable.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-down.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-disable.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-down.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-l.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-r.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-l.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-r.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\throbber.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\twitter-logo48.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images\twitter_top.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\index.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\js\defscript.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\js\jquery.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\js\scripts.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\login.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\css\dialog.css
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\bg.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\default.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\transparent.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-left.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-mdl.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right-resize.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\main.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts\defscript.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\tb_icon.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\widget.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\widget.jsw
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\widget.xml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\widget_version.txt
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\css\dialog.css
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\arrow-grey.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\arrows_grey-left.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\arrows_grey-right.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\bg.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\btn-search-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\btn-search.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\powered-by-youtube.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb-disable.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb-down.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt-disable.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt-down.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-off-l.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-off-r.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-on-l.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-on-r.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-over-l.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-over-r.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-left.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-mdl.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-right.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-left.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-mdl.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-right.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\throbber.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\vid-bg.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\images\youtube.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\index.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery-1.3.2.min.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery-1.4.3.min.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery.autocomplete.min.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery.event.wheel.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery.scrollTo-min.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\js\youtube.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\css\dialog.css
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\bg.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-search.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-wide-close-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-wide-close.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\default.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\tab-off-l.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\tab-off-r.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\tab-on-l.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\tab-on-r.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\Thumbs.db
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\transparent.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-left.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-mdl.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-right-resize.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-right.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\main.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\skin\scripts\defscript.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\tb_icon.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\widget.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\widget.jsw
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\widget.xml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube\widget_version.txt
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\about_logo.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\babylon_logo.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\bluelite.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\bluesky.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\bs_logo_over_png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\bs_logo_png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\btn-search-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\btn-search.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\btn-settings-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\btn-settings.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\btn-widgets-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\btn-widgets.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\btn_settings.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\ca.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\dictionary.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\divider.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\downloadcom.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\dtxlogo.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\ebay.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\ebay_png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\email.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\email_on.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\email_png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\facebook.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\games.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\graphred0.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\graphred0_5.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\graphred1.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\graphred1_5.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\graphred2.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\graphred2_5.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\graphred3.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\graphred3_5.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\graphred4.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\graphred4_5.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\graphred5.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\graphredna.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\grey.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\ico-shield.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\icon_seperator_png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\images.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\imesh.css
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\add.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\aol.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\arrow-right.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\arrow-up.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\bg-btn-divider.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-divider.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\blank.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\btn-widgets-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\btn-widgets.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\btn_slider.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\btnback-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\btnright-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\checkmark.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\chevron.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\collapse.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\comcast.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\dtx.css
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\edit-back.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\expand.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\found.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\gmail.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\highlight.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\highlight_blue.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\highlight_lime.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\hotmail.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\ico-check.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\imap.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\loadingMid.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\lock.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\logo-separator.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\mailcom.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\modify.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\move.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\movetarget.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\css\panels.css
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\default.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\main.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\footer.htm
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\gameData.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\games.xsl
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-back.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\images\widgets.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\initHTML.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\popupHTML.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\popupRSS.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\panels\scroll.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\pop.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\images\track.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\reload.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\remove.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\rename.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\resize-box.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\rss.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\rsschannelback.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\RSSLogo.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\scroll-left.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\scroll-right.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\search-go.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\search.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\throbber.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\template.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\template.xml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lib\yahoo.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\lichen.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\logo-about.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\logo-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\logo-separator.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\logo.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\logo_about_png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\logo_over_png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\logo_over_t_png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\logo_png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\logo_t_png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\mail.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\maps.bmp
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\menuseparatorback.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\modify-save.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\modify.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\modifyhot.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\music.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\news.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\options\options-main.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\options\options-search.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\options\options-weather.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\options\options-weather.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\options\options-widgets.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\orange.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\pixsy.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\protect-id.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\relatedlinks.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rss-collapse.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rss-delete.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rss-expand.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rss-feed.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rss-folder-remove.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rss-folder-rename.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rss-folder.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rss-found.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rss-reload.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rss-subscribe.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rss.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rssback.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\rsstopback.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\search-over.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\search.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\search_button_over_png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\search_button_png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\settings.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\shopping.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\siteinfo.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\skin-bluelite.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\skin-bluesky.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\skin-grey.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\skin-lichen.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\skin-orange.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\skin-yellow.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\skin.xml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\technorati.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\throbber.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\toolbarsplitter.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\translate.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\TRUSTe_about.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\video.bmp
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\vmn.css
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\vmn.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\weather.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\web.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\widgets-square-16px.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\wikipedia.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\yahoosearch.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\yellow.gif
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\youtube.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\chrome\skin\zoom.png
c:\progra~1\BEARSH~1\MediaBar\ToolBar\components\windowmediator.js
c:\progra~1\BEARSH~1\MediaBar\ToolBar\manifest.xml
c:\progra~1\BEARSH~1\MediaBar\ToolBar\uninstall.exe
c:\progra~1\BEARSH~1\MediaBar\uninstall.exe
c:\program files\ConduitEngine
c:\program files\ConduitEngine\appContextMenu.xml
c:\program files\ConduitEngine\ConduitEngine.dll
c:\program files\ConduitEngine\ConduitEngineHelper.exe
c:\program files\ConduitEngine\ConduitEngineUninstall.exe
c:\program files\ConduitEngine\engineContextMenu.xml
c:\program files\ConduitEngine\EngineSettings.json
c:\program files\ConduitEngine\INSTALL.LOG
c:\program files\ConduitEngine\prxConduitEngine.dll
c:\program files\ConduitEngine\toolbar.cfg
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dd66ce8a.default\extensions\{9692bdc3-ac8d-424f-890b-de1455000996}
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dd66ce8a.default\extensions\{9692bdc3-ac8d-424f-890b-de1455000996}\chrome.manifest
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dd66ce8a.default\extensions\{9692bdc3-ac8d-424f-890b-de1455000996}\chrome\xulcache.jar
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dd66ce8a.default\extensions\{9692bdc3-ac8d-424f-890b-de1455000996}\defaults\preferences\xulcache.js
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dd66ce8a.default\extensions\{9692bdc3-ac8d-424f-890b-de1455000996}\install.rdf
c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dd66ce8a.default\searchplugins\bing-zugo.xml
.
.
((((((((((((((((((((((((( Files Created from 2012-01-05 to 2012-02-05 )))))))))))))))))))))))))))))))
.
.
2012-02-05 03:22 . 2012-02-05 03:26 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-02-05 03:22 . 2012-02-05 03:22 -------- d-----w- c:\users\User\AppData\Local\temp
2012-02-05 03:22 . 2012-02-05 03:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-05 03:22 . 2012-02-05 03:26 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FBFFB332-BF12-4379-9955-1A3EC7B39E4F}\offreg.dll
2012-02-05 02:56 . 2012-02-05 02:57 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FBFFB332-BF12-4379-9955-1A3EC7B39E4F}\MpKsleadad7cd.sys
2012-02-05 02:53 . 2012-01-17 09:39 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FBFFB332-BF12-4379-9955-1A3EC7B39E4F}\mpengine.dll
2012-02-05 02:09 . 2012-02-05 02:09 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-31 23:50 . 2012-01-31 23:50 -------- d-----w- c:\windows\system32\%LocalAppData%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-05 02:15 . 2010-09-27 00:40 29712 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-02-01 02:06 . 2012-02-01 02:06 152064 ----a-w- c:\windows\system32\wextract.exe
2012-02-01 02:06 . 2012-02-01 02:06 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-01-31 12:44 . 2010-09-13 23:00 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}"= "c:\program files\ooVoo_Video_Chat\prxtbooVo.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59c6f12b-f004-43e5-9997-08f2123119b6}]
2011-01-19 20:10 81920 ----a-w- c:\program files\oovootoolbar\oovootoolbarX.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-03-18 12:11 2471240 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]
2011-01-17 20:54 175912 ----a-w- c:\program files\ooVoo_Video_Chat\prxtbooVo.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
"{59c6f12b-f004-43e5-9997-08f2123119b6}"= "c:\program files\oovootoolbar\oovootoolbarX.dll" [2011-01-19 81920]
"{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}"= "c:\program files\ooVoo_Video_Chat\prxtbooVo.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CLASSES_ROOT\clsid\{59c6f12b-f004-43e5-9997-08f2123119b6}]
.
[HKEY_CLASSES_ROOT\clsid\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]
"ooVoo.exe"="c:\program files\ooVoo\oovoo.exe" [2011-05-18 22631608]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-01 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2009-07-20 484920]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-31 1545512]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-07 611672]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-27 1324384]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-07-29 163840]
"ConexantAudioPatch"="c:\program files\ConexantAudioPatch\Audioreset.exe" [2009-09-02 214328]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]
"TUSBSleepChargeSrv"="c:\program files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-07-02 252288]
"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2012-02-05 2076512]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 cupmfyvf;cupmfyvf;c:\windows\system32\drivers\cupmfyvf.sys [x]
R1 dqqvnjgf;dqqvnjgf;c:\windows\system32\drivers\dqqvnjgf.sys [x]
R1 psiystvy;psiystvy;c:\windows\system32\drivers\psiystvy.sys [x]
R2 clr_optimization_v2.0.50727_3232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;c:\windows\system32\bootstr32.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-14 135664]
R2 MMCSS32;Multimedia Class Scheduler ;c:\windows\system32\igdumdx3232.exe [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2011-03-18 947528]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-14 135664]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 171520]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-16 1343400]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 30272]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 13120]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-09-27 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2011-05-06 243152]
S1 MpKsleadad7cd;MpKsleadad7cd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FBFFB332-BF12-4379-9955-1A3EC7B39E4F}\MpKsleadad7cd.sys [2012-02-05 29904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-09-27 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-09-27 308136]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 185712]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 9216]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-28 859136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-07 685424]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-14 20:37]
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-14 20:37]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dd66ce8a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: AVG Security Toolbar em:version=7.007.026.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - Ext: ooVooToolbar: {59c6f12b-f004-43e5-9997-08f2123119b6} - %profile%\extensions\{59c6f12b-f004-43e5-9997-08f2123119b6}
FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: ooVoo Video Chat Community Toolbar: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - %profile%\extensions\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\prxConduitEngine.dll
BHO-{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
BHO-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
Toolbar-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\prxConduitEngine.dll
HKLM-Run-DATAMNGR - c:\progra~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
AddRemove-BearShare 2 MediaBar - c:\program files\BearShare Applications\MediaBar\uninstall.exe
AddRemove-conduitEngine - c:\progra~1\CONDUI~1\ConduitEngineUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{007DF30F-0616-47C0-959C-0729A1C721F1}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,ee,66,
1a,28,56,a6,0b,81,90,43,69,a3,87,60,ef
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,80,f8,1b,7c,ef,22,41,a0,81,e7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,80,f8,1b,7c,ef,22,41,a0,81,e7,\
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.aif"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.aifc"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.aiff"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ape\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BearShare.file"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BearShare.file"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BearShare.file"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BearShare.file"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.cda"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.cdda"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BearShare.file"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="docxfile"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipa"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipg"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipsw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipsw"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itdb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itdb"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ite\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ite"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itl"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itlp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itlp"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itls"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itms"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itpc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itpc"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ivf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BearShare.file"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lnk\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\firefox.exe"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BearShare.file"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m3u"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u8\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m3u8"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4a"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4b"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4e\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BearShare.file"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4p"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4r\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4r"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4v"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BearShare.file"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BearShare.file"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BearShare.file"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.mp2"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BearShare.file"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.mp3"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BearShare.file"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BearShare.file"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BearShare.file"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BearShare.file"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BearShare.file"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcast\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.pcast"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.pls"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BearShare.file"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BearShare.file"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BearShare.file"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BearShare.file"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmvb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BearShare.file"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BearShare.file"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BearShare.file"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vob\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BearShare.file"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.wav"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wave\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.wave"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BearShare.file"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BearShare.file"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BearShare.file"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BearShare.file"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BearShare.file"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="BearShare.file"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3939391876-2342452737-2953235849-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\ThpSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\System32\ThpSrv.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\system32\igfxext.exe
c:\program files\AVG\AVG9\avgtray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-02-04 22:35:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-05 03:35
ComboFix2.txt 2012-02-04 07:29
.
Pre-Run: 273,546,653,696 bytes free
Post-Run: 273,400,397,824 bytes free
.
- - End Of File - - BE88197149689B827743BE0060E4DCFC

#11 purplehero

purplehero
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 04 February 2012 - 11:01 PM

21:07:12.0255 1728 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
21:07:12.0669 1728 ============================================================
21:07:12.0669 1728 Current date / time: 2012/02/04 21:07:12.0669
21:07:12.0669 1728 SystemInfo:
21:07:12.0669 1728
21:07:12.0669 1728 OS Version: 6.1.7600 ServicePack: 0.0
21:07:12.0669 1728 Product type: Workstation
21:07:12.0670 1728 ComputerName: USER-PC
21:07:12.0670 1728 UserName: Administrator
21:07:12.0670 1728 Windows directory: C:\windows
21:07:12.0670 1728 System windows directory: C:\windows
21:07:12.0670 1728 Processor architecture: Intel x86
21:07:12.0670 1728 Number of processors: 2
21:07:12.0670 1728 Page size: 0x1000
21:07:12.0670 1728 Boot type: Safe boot with network
21:07:12.0670 1728 ============================================================
21:07:13.0206 1728 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:07:13.0209 1728 \Device\Harddisk0\DR0:
21:07:13.0209 1728 MBR used
21:07:13.0209 1728 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x24160800
21:07:13.0249 1728 Initialize success
21:07:13.0249 1728 ============================================================
21:07:17.0754 2912 ============================================================
21:07:17.0755 2912 Scan started
21:07:17.0755 2912 Mode: Manual;
21:07:17.0755 2912 ============================================================
21:07:20.0137 2912 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
21:07:20.0140 2912 1394ohci - ok
21:07:20.0298 2912 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
21:07:20.0302 2912 ACPI - ok
21:07:20.0434 2912 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
21:07:20.0435 2912 AcpiPmi - ok
21:07:20.0570 2912 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
21:07:20.0577 2912 adp94xx - ok
21:07:20.0701 2912 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
21:07:20.0705 2912 adpahci - ok
21:07:20.0825 2912 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
21:07:20.0830 2912 adpu320 - ok
21:07:20.0957 2912 AFD (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys
21:07:20.0962 2912 AFD - ok
21:07:21.0070 2912 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
21:07:21.0072 2912 agp440 - ok
21:07:21.0184 2912 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
21:07:21.0186 2912 aic78xx - ok
21:07:21.0326 2912 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
21:07:21.0327 2912 aliide - ok
21:07:21.0463 2912 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
21:07:21.0464 2912 amdagp - ok
21:07:21.0607 2912 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
21:07:21.0609 2912 amdide - ok
21:07:21.0765 2912 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
21:07:21.0766 2912 AmdK8 - ok
21:07:21.0910 2912 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
21:07:21.0912 2912 AmdPPM - ok
21:07:22.0073 2912 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys
21:07:22.0074 2912 amdsata - ok
21:07:22.0206 2912 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
21:07:22.0209 2912 amdsbs - ok
21:07:22.0343 2912 amdxata (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys
21:07:22.0344 2912 amdxata - ok
21:07:22.0462 2912 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
21:07:22.0464 2912 AppID - ok
21:07:22.0667 2912 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
21:07:22.0668 2912 arc - ok
21:07:22.0791 2912 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
21:07:22.0793 2912 arcsas - ok
21:07:22.0924 2912 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
21:07:22.0925 2912 AsyncMac - ok
21:07:23.0069 2912 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
21:07:23.0070 2912 atapi - ok
21:07:23.0301 2912 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\windows\system32\Drivers\avgldx86.sys
21:07:23.0304 2912 AvgLdx86 - ok
21:07:23.0481 2912 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\windows\system32\Drivers\avgmfx86.sys
21:07:23.0482 2912 AvgMfx86 - ok
21:07:23.0638 2912 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\windows\system32\Drivers\avgtdix.sys
21:07:23.0641 2912 AvgTdiX - ok
21:07:23.0803 2912 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
21:07:23.0810 2912 b06bdrv - ok
21:07:23.0949 2912 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
21:07:23.0953 2912 b57nd60x - ok
21:07:24.0104 2912 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
21:07:24.0105 2912 Beep - ok
21:07:24.0228 2912 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
21:07:24.0230 2912 blbdrive - ok
21:07:24.0385 2912 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
21:07:24.0387 2912 bowser - ok
21:07:24.0494 2912 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
21:07:24.0495 2912 BrFiltLo - ok
21:07:24.0594 2912 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
21:07:24.0595 2912 BrFiltUp - ok
21:07:24.0696 2912 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys
21:07:24.0698 2912 BridgeMP - ok
21:07:24.0841 2912 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
21:07:24.0845 2912 Brserid - ok
21:07:24.0974 2912 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
21:07:24.0976 2912 BrSerWdm - ok
21:07:25.0129 2912 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
21:07:25.0130 2912 BrUsbMdm - ok
21:07:25.0263 2912 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
21:07:25.0264 2912 BrUsbSer - ok
21:07:25.0408 2912 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\DRIVERS\BthEnum.sys
21:07:25.0410 2912 BthEnum - ok
21:07:25.0542 2912 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
21:07:25.0544 2912 BTHMODEM - ok
21:07:25.0677 2912 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
21:07:25.0679 2912 BthPan - ok
21:07:25.0828 2912 BTHPORT (4a34888e13224678dd062466afec4240) C:\windows\system32\Drivers\BTHport.sys
21:07:25.0834 2912 BTHPORT - ok
21:07:25.0990 2912 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\windows\system32\Drivers\BTHUSB.sys
21:07:25.0992 2912 BTHUSB - ok
21:07:26.0173 2912 catchme - ok
21:07:26.0300 2912 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
21:07:26.0302 2912 cdfs - ok
21:07:26.0442 2912 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
21:07:26.0444 2912 cdrom - ok
21:07:26.0573 2912 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
21:07:26.0574 2912 circlass - ok
21:07:26.0679 2912 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
21:07:26.0694 2912 CLFS - ok
21:07:26.0877 2912 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
21:07:26.0878 2912 CmBatt - ok
21:07:26.0987 2912 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
21:07:26.0988 2912 cmdide - ok
21:07:27.0106 2912 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
21:07:27.0112 2912 CNG - ok
21:07:27.0276 2912 CnxtHdAudService (2fbea8aaad105b93f1ef93f206664245) C:\windows\system32\drivers\CHDRT32.sys
21:07:27.0284 2912 CnxtHdAudService - ok
21:07:27.0454 2912 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
21:07:27.0456 2912 Compbatt - ok
21:07:27.0624 2912 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
21:07:27.0625 2912 CompositeBus - ok
21:07:27.0778 2912 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
21:07:27.0779 2912 crcdisk - ok
21:07:27.0947 2912 cupmfyvf - ok
21:07:28.0105 2912 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys
21:07:28.0107 2912 DfsC - ok
21:07:28.0236 2912 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
21:07:28.0237 2912 discache - ok
21:07:28.0412 2912 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
21:07:28.0416 2912 Disk - ok
21:07:28.0536 2912 dqqvnjgf - ok
21:07:28.0663 2912 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
21:07:28.0664 2912 drmkaud - ok
21:07:28.0806 2912 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
21:07:28.0819 2912 DXGKrnl - ok
21:07:29.0020 2912 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
21:07:29.0089 2912 ebdrv - ok
21:07:29.0233 2912 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
21:07:29.0239 2912 elxstor - ok
21:07:29.0330 2912 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
21:07:29.0331 2912 ErrDev - ok
21:07:29.0510 2912 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
21:07:29.0513 2912 exfat - ok
21:07:29.0631 2912 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
21:07:29.0634 2912 fastfat - ok
21:07:29.0769 2912 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
21:07:29.0770 2912 fdc - ok
21:07:29.0897 2912 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
21:07:29.0899 2912 FileInfo - ok
21:07:30.0020 2912 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
21:07:30.0021 2912 Filetrace - ok
21:07:30.0127 2912 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
21:07:30.0128 2912 flpydisk - ok
21:07:30.0259 2912 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
21:07:30.0262 2912 FltMgr - ok
21:07:30.0380 2912 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
21:07:30.0382 2912 FsDepends - ok
21:07:30.0502 2912 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
21:07:30.0504 2912 Fs_Rec - ok
21:07:30.0634 2912 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
21:07:30.0638 2912 fvevol - ok
21:07:30.0768 2912 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
21:07:30.0770 2912 gagp30kx - ok
21:07:30.0924 2912 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
21:07:30.0925 2912 GEARAspiWDM - ok
21:07:31.0085 2912 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
21:07:31.0086 2912 hcw85cir - ok
21:07:31.0232 2912 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
21:07:31.0236 2912 HdAudAddService - ok
21:07:31.0342 2912 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
21:07:31.0344 2912 HDAudBus - ok
21:07:31.0495 2912 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
21:07:31.0497 2912 HidBatt - ok
21:07:31.0611 2912 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
21:07:31.0613 2912 HidBth - ok
21:07:31.0735 2912 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
21:07:31.0737 2912 HidIr - ok
21:07:31.0870 2912 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
21:07:31.0871 2912 HidUsb - ok
21:07:32.0016 2912 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
21:07:32.0018 2912 HpSAMD - ok
21:07:32.0150 2912 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
21:07:32.0157 2912 HTTP - ok
21:07:32.0279 2912 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
21:07:32.0280 2912 hwpolicy - ok
21:07:32.0493 2912 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
21:07:32.0495 2912 i8042prt - ok
21:07:32.0643 2912 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
21:07:32.0647 2912 iaStor - ok
21:07:32.0796 2912 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys
21:07:32.0801 2912 iaStorV - ok
21:07:33.0115 2912 igfx (315aaaa2bc9bc778adc0454b3ca8dcce) C:\windows\system32\DRIVERS\igdkmd32.sys
21:07:33.0282 2912 igfx - ok
21:07:33.0416 2912 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
21:07:33.0418 2912 iirsp - ok
21:07:33.0566 2912 IntcHdmiAddService (264632ade8127b7baa2190cf6fad435b) C:\windows\system32\drivers\IntcHdmi.sys
21:07:33.0568 2912 IntcHdmiAddService - ok
21:07:33.0672 2912 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
21:07:33.0673 2912 intelide - ok
21:07:33.0794 2912 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
21:07:33.0795 2912 intelppm - ok
21:07:33.0908 2912 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
21:07:33.0910 2912 IpFilterDriver - ok
21:07:34.0065 2912 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
21:07:34.0067 2912 IPMIDRV - ok
21:07:34.0168 2912 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
21:07:34.0170 2912 IPNAT - ok
21:07:34.0283 2912 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
21:07:34.0284 2912 IRENUM - ok
21:07:34.0382 2912 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
21:07:34.0383 2912 isapnp - ok
21:07:34.0497 2912 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
21:07:34.0500 2912 iScsiPrt - ok
21:07:34.0606 2912 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
21:07:34.0607 2912 kbdclass - ok
21:07:34.0706 2912 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
21:07:34.0707 2912 kbdhid - ok
21:07:34.0840 2912 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
21:07:34.0842 2912 KSecDD - ok
21:07:34.0988 2912 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
21:07:34.0991 2912 KSecPkg - ok
21:07:35.0115 2912 L1C (a158cea8644b8a5c1ec0e9a81b70f65a) C:\windows\system32\DRIVERS\L1C62x86.sys
21:07:35.0116 2912 L1C - ok
21:07:35.0263 2912 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
21:07:35.0265 2912 lltdio - ok
21:07:35.0456 2912 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
21:07:35.0460 2912 LSI_FC - ok
21:07:35.0602 2912 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
21:07:35.0604 2912 LSI_SAS - ok
21:07:35.0731 2912 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
21:07:35.0733 2912 LSI_SAS2 - ok
21:07:35.0845 2912 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
21:07:35.0847 2912 LSI_SCSI - ok
21:07:35.0976 2912 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
21:07:35.0977 2912 luafv - ok
21:07:36.0103 2912 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
21:07:36.0105 2912 megasas - ok
21:07:36.0245 2912 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
21:07:36.0249 2912 MegaSR - ok
21:07:36.0462 2912 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
21:07:36.0465 2912 Modem - ok
21:07:36.0575 2912 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
21:07:36.0576 2912 monitor - ok
21:07:36.0698 2912 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
21:07:36.0699 2912 mouclass - ok
21:07:36.0824 2912 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
21:07:36.0826 2912 mouhid - ok
21:07:36.0933 2912 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
21:07:36.0935 2912 mountmgr - ok
21:07:37.0058 2912 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\windows\system32\DRIVERS\MpFilter.sys
21:07:37.0061 2912 MpFilter - ok
21:07:37.0186 2912 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
21:07:37.0188 2912 mpio - ok
21:07:37.0340 2912 MpKsl020970a1 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKsl020970a1.sys
21:07:37.0341 2912 MpKsl020970a1 - ok
21:07:37.0491 2912 MpKsl0302f28d (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKsl0302f28d.sys
21:07:37.0492 2912 MpKsl0302f28d - ok
21:07:37.0655 2912 MpKsl15e2470f (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKsl15e2470f.sys
21:07:37.0657 2912 MpKsl15e2470f - ok
21:07:37.0789 2912 MpKsl1d74a8af (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKsl1d74a8af.sys
21:07:37.0790 2912 MpKsl1d74a8af - ok
21:07:37.0895 2912 MpKsl1e71ded2 - ok
21:07:37.0985 2912 MpKsl20451edc - ok
21:07:38.0008 2912 MpKsl20da145b - ok
21:07:38.0107 2912 MpKsl23d87555 - ok
21:07:38.0196 2912 MpKsl2769471e - ok
21:07:38.0312 2912 MpKsl2955b912 - ok
21:07:38.0379 2912 MpKsl2bb05487 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKsl2bb05487.sys
21:07:38.0380 2912 MpKsl2bb05487 - ok
21:07:38.0463 2912 MpKsl2eaa8dc9 - ok
21:07:38.0493 2912 MpKsl33688145 - ok
21:07:38.0618 2912 MpKsl3cc53adc - ok
21:07:38.0627 2912 MpKsl3fa19fb0 - ok
21:07:38.0669 2912 MpKsl426d44f5 - ok
21:07:38.0729 2912 MpKsl45e23819 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKsl45e23819.sys
21:07:38.0731 2912 MpKsl45e23819 - ok
21:07:38.0835 2912 MpKsl4cfe7755 - ok
21:07:38.0941 2912 MpKsl4dc110f8 - ok
21:07:39.0082 2912 MpKsl527cc119 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKsl527cc119.sys
21:07:39.0083 2912 Suspicious file (Forged): c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKsl527cc119.sys. Real md5: 5f53edfead46fa7adb78eee9ecce8fdf, Fake md5: 7702b27661f74715060586b65246b849
21:07:39.0083 2912 MpKsl527cc119 ( ForgedFile.Multi.Generic ) - warning
21:07:39.0083 2912 MpKsl527cc119 - detected ForgedFile.Multi.Generic (1)
21:07:39.0163 2912 MpKsl54db6d97 - ok
21:07:39.0240 2912 MpKsl5a81e4ba - ok
21:07:39.0320 2912 MpKsl5e2f1032 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKsl5e2f1032.sys
21:07:39.0321 2912 MpKsl5e2f1032 - ok
21:07:39.0400 2912 MpKsl6e4a0dc6 - ok
21:07:39.0496 2912 MpKsl6f1bfd32 - ok
21:07:39.0505 2912 MpKsl6fed662a - ok
21:07:39.0561 2912 MpKsl72e71226 - ok
21:07:39.0663 2912 MpKsl7409bcf1 - ok
21:07:39.0728 2912 MpKsl76f1a1eb - ok
21:07:39.0819 2912 MpKsl8a9c90e1 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKsl8a9c90e1.sys
21:07:39.0820 2912 MpKsl8a9c90e1 - ok
21:07:39.0929 2912 MpKsl9003807a - ok
21:07:39.0941 2912 MpKsl9108edbe - ok
21:07:40.0025 2912 MpKsl91ab1eb1 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKsl91ab1eb1.sys
21:07:40.0026 2912 Suspicious file (Forged): c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKsl91ab1eb1.sys. Real md5: 5f53edfead46fa7adb78eee9ecce8fdf, Fake md5: 7702b27661f74715060586b65246b849
21:07:40.0027 2912 MpKsl91ab1eb1 ( ForgedFile.Multi.Generic ) - warning
21:07:40.0027 2912 MpKsl91ab1eb1 - detected ForgedFile.Multi.Generic (1)
21:07:40.0130 2912 MpKsl9c404c1a - ok
21:07:40.0218 2912 MpKsl9d8a8b02 - ok
21:07:40.0252 2912 MpKsl9e317c20 - ok
21:07:40.0344 2912 MpKsla37a5140 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKsla37a5140.sys
21:07:40.0345 2912 MpKsla37a5140 - ok
21:07:40.0466 2912 MpKsla42e225b (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKsla42e225b.sys
21:07:40.0467 2912 MpKsla42e225b - ok
21:07:40.0632 2912 MpKslab8235e2 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKslab8235e2.sys
21:07:40.0633 2912 MpKslab8235e2 - ok
21:07:40.0707 2912 MpKslb0aff8b1 - ok
21:07:40.0772 2912 MpKslb29bf5ff - ok
21:07:40.0829 2912 MpKslb464eb87 - ok
21:07:40.0919 2912 MpKslba159908 - ok
21:07:41.0063 2912 MpKslc5b15200 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKslc5b15200.sys
21:07:41.0064 2912 MpKslc5b15200 - ok
21:07:41.0141 2912 MpKslc6526e16 - ok
21:07:41.0241 2912 MpKslc84dc89d - ok
21:07:41.0312 2912 MpKslc9f63b9e (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKslc9f63b9e.sys
21:07:41.0313 2912 MpKslc9f63b9e - ok
21:07:41.0421 2912 MpKslcbab2ee7 - ok
21:07:41.0492 2912 MpKsld02a3318 - ok
21:07:41.0563 2912 MpKsld381237e - ok
21:07:41.0682 2912 MpKsld5d2c503 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKsld5d2c503.sys
21:07:41.0682 2912 MpKsld5d2c503 - ok
21:07:41.0723 2912 MpKsldfa9b4be (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKsldfa9b4be.sys
21:07:41.0724 2912 MpKsldfa9b4be - ok
21:07:41.0818 2912 MpKsle5371904 - ok
21:07:41.0894 2912 MpKslea8564c8 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKslea8564c8.sys
21:07:41.0895 2912 MpKslea8564c8 - ok
21:07:42.0021 2912 MpKsleebc66c5 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKsleebc66c5.sys
21:07:42.0022 2912 MpKsleebc66c5 - ok
21:07:42.0107 2912 MpKslef93a836 - ok
21:07:42.0176 2912 MpKslf57f4581 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKslf57f4581.sys
21:07:42.0176 2912 MpKslf57f4581 - ok
21:07:42.0249 2912 MpKslf6240f27 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKslf6240f27.sys
21:07:42.0251 2912 MpKslf6240f27 - ok
21:07:42.0318 2912 MpKslf74b408d (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKslf74b408d.sys
21:07:42.0319 2912 MpKslf74b408d - ok
21:07:42.0469 2912 MpKslfcd8aeb3 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2582EDA1-FBC0-46B0-AB66-F3FD9F4C0D06}\MpKslfcd8aeb3.sys
21:07:42.0470 2912 MpKslfcd8aeb3 - ok
21:07:42.0540 2912 MpKslff970119 - ok
21:07:42.0661 2912 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\windows\system32\DRIVERS\MpNWMon.sys
21:07:42.0662 2912 MpNWMon - ok
21:07:42.0757 2912 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
21:07:42.0758 2912 mpsdrv - ok
21:07:42.0858 2912 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
21:07:42.0861 2912 MRxDAV - ok
21:07:42.0989 2912 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys
21:07:42.0991 2912 mrxsmb - ok
21:07:43.0117 2912 mrxsmb10 (c108952d3660375dcb716b222912e868) C:\windows\system32\DRIVERS\mrxsmb10.sys
21:07:43.0121 2912 mrxsmb10 - ok
21:07:43.0233 2912 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys
21:07:43.0234 2912 mrxsmb20 - ok
21:07:43.0335 2912 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
21:07:43.0338 2912 msahci - ok
21:07:43.0490 2912 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
21:07:43.0493 2912 msdsm - ok
21:07:43.0635 2912 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
21:07:43.0636 2912 Msfs - ok
21:07:43.0781 2912 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
21:07:43.0781 2912 mshidkmdf - ok
21:07:43.0879 2912 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
21:07:43.0880 2912 msisadrv - ok
21:07:44.0008 2912 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
21:07:44.0009 2912 MSKSSRV - ok
21:07:44.0147 2912 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
21:07:44.0148 2912 MSPCLOCK - ok
21:07:44.0268 2912 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
21:07:44.0268 2912 MSPQM - ok
21:07:44.0383 2912 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
21:07:44.0385 2912 MsRPC - ok
21:07:44.0494 2912 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
21:07:44.0495 2912 mssmbios - ok
21:07:44.0602 2912 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
21:07:44.0603 2912 MSTEE - ok
21:07:44.0702 2912 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
21:07:44.0704 2912 MTConfig - ok
21:07:44.0818 2912 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
21:07:44.0820 2912 Mup - ok
21:07:44.0937 2912 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
21:07:44.0941 2912 NativeWifiP - ok
21:07:45.0065 2912 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
21:07:45.0075 2912 NDIS - ok
21:07:45.0191 2912 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
21:07:45.0193 2912 NdisCap - ok
21:07:45.0315 2912 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
21:07:45.0316 2912 NdisTapi - ok
21:07:45.0449 2912 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
21:07:45.0461 2912 Ndisuio - ok
21:07:45.0603 2912 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
21:07:45.0606 2912 NdisWan - ok
21:07:45.0710 2912 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
21:07:45.0712 2912 NDProxy - ok
21:07:45.0817 2912 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
21:07:45.0818 2912 NetBIOS - ok
21:07:45.0910 2912 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
21:07:45.0913 2912 NetBT - ok
21:07:46.0045 2912 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
21:07:46.0047 2912 nfrd960 - ok
21:07:46.0153 2912 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\windows\system32\DRIVERS\NisDrvWFP.sys
21:07:46.0155 2912 NisDrv - ok
21:07:46.0262 2912 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
21:07:46.0263 2912 Npfs - ok
21:07:46.0372 2912 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
21:07:46.0373 2912 nsiproxy - ok
21:07:46.0508 2912 Ntfs (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys
21:07:46.0527 2912 Ntfs - ok
21:07:46.0617 2912 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
21:07:46.0618 2912 Null - ok
21:07:46.0735 2912 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys
21:07:46.0737 2912 nvraid - ok
21:07:46.0835 2912 nvstor (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys
21:07:46.0838 2912 nvstor - ok
21:07:46.0934 2912 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
21:07:46.0936 2912 nv_agp - ok
21:07:47.0039 2912 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
21:07:47.0040 2912 ohci1394 - ok
21:07:47.0193 2912 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
21:07:47.0195 2912 Parport - ok
21:07:47.0290 2912 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
21:07:47.0292 2912 partmgr - ok
21:07:47.0402 2912 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
21:07:47.0403 2912 Parvdm - ok
21:07:47.0574 2912 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
21:07:47.0577 2912 pci - ok
21:07:47.0681 2912 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
21:07:47.0682 2912 pciide - ok
21:07:47.0792 2912 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
21:07:47.0795 2912 pcmcia - ok
21:07:47.0894 2912 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
21:07:47.0896 2912 pcw - ok
21:07:48.0013 2912 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
21:07:48.0023 2912 PEAUTH - ok
21:07:48.0142 2912 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\windows\system32\DRIVERS\pgeffect.sys
21:07:48.0143 2912 PGEffect - ok
21:07:48.0287 2912 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
21:07:48.0290 2912 PptpMiniport - ok
21:07:48.0395 2912 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
21:07:48.0397 2912 Processor - ok
21:07:48.0534 2912 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
21:07:48.0535 2912 Psched - ok
21:07:48.0614 2912 psiystvy - ok
21:07:48.0734 2912 QIOMem (a0db243af3a2e427c172af2bba325473) C:\windows\system32\DRIVERS\QIOMem.sys
21:07:48.0735 2912 QIOMem - ok
21:07:48.0866 2912 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
21:07:48.0885 2912 ql2300 - ok
21:07:49.0003 2912 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
21:07:49.0005 2912 ql40xx - ok
21:07:49.0122 2912 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
21:07:49.0124 2912 QWAVEdrv - ok
21:07:49.0225 2912 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
21:07:49.0226 2912 RasAcd - ok
21:07:49.0349 2912 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
21:07:49.0350 2912 RasAgileVpn - ok
21:07:49.0542 2912 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
21:07:49.0544 2912 Rasl2tp - ok
21:07:49.0674 2912 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
21:07:49.0676 2912 RasPppoe - ok
21:07:49.0788 2912 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
21:07:49.0790 2912 RasSstp - ok
21:07:49.0897 2912 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
21:07:49.0901 2912 rdbss - ok
21:07:50.0006 2912 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
21:07:50.0007 2912 rdpbus - ok
21:07:50.0114 2912 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
21:07:50.0115 2912 RDPCDD - ok
21:07:50.0218 2912 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
21:07:50.0219 2912 RDPENCDD - ok
21:07:50.0319 2912 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
21:07:50.0320 2912 RDPREFMP - ok
21:07:50.0456 2912 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
21:07:50.0459 2912 RDPWD - ok
21:07:50.0567 2912 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
21:07:50.0570 2912 rdyboost - ok
21:07:50.0705 2912 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
21:07:50.0707 2912 RFCOMM - ok
21:07:50.0844 2912 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
21:07:50.0846 2912 rspndr - ok
21:07:50.0956 2912 RSUSBSTOR (31d45eca63884ff5f7aecc50f7d1bae0) C:\windows\system32\Drivers\RtsUStor.sys
21:07:50.0959 2912 RSUSBSTOR - ok
21:07:51.0085 2912 RTL8187Se (8df69ad5f515bc15d5c30666f56288aa) C:\windows\system32\DRIVERS\RTL8187Se.sys
21:07:51.0090 2912 RTL8187Se - ok
21:07:51.0226 2912 rtl8192se (fd0b1d3ce2e7debd0ae8456494d21488) C:\windows\system32\DRIVERS\rtl8192se.sys
21:07:51.0238 2912 rtl8192se - ok
21:07:51.0363 2912 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
21:07:51.0366 2912 sbp2port - ok
21:07:51.0540 2912 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
21:07:51.0541 2912 scfilter - ok
21:07:51.0659 2912 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
21:07:51.0660 2912 secdrv - ok
21:07:51.0769 2912 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
21:07:51.0770 2912 Serenum - ok
21:07:51.0883 2912 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
21:07:51.0885 2912 Serial - ok
21:07:51.0994 2912 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
21:07:51.0995 2912 sermouse - ok
21:07:52.0128 2912 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
21:07:52.0129 2912 sffdisk - ok
21:07:52.0239 2912 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
21:07:52.0240 2912 sffp_mmc - ok
21:07:52.0340 2912 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
21:07:52.0342 2912 sffp_sd - ok
21:07:52.0462 2912 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
21:07:52.0465 2912 sfloppy - ok
21:07:52.0608 2912 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
21:07:52.0610 2912 sisagp - ok
21:07:52.0720 2912 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
21:07:52.0721 2912 SiSRaid2 - ok
21:07:52.0822 2912 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
21:07:52.0824 2912 SiSRaid4 - ok
21:07:52.0934 2912 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
21:07:52.0936 2912 Smb - ok
21:07:53.0075 2912 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
21:07:53.0076 2912 spldr - ok
21:07:53.0195 2912 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys
21:07:53.0200 2912 srv - ok
21:07:53.0317 2912 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys
21:07:53.0322 2912 srv2 - ok
21:07:53.0486 2912 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys
21:07:53.0488 2912 srvnet - ok
21:07:53.0622 2912 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\windows\system32\DRIVERS\sscdbus.sys
21:07:53.0624 2912 sscdbus - ok
21:07:53.0760 2912 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\windows\system32\DRIVERS\sscdmdfl.sys
21:07:53.0761 2912 sscdmdfl - ok
21:07:53.0895 2912 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\windows\system32\DRIVERS\sscdmdm.sys
21:07:53.0897 2912 sscdmdm - ok
21:07:54.0035 2912 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
21:07:54.0037 2912 stexstor - ok
21:07:54.0193 2912 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
21:07:54.0194 2912 swenum - ok
21:07:54.0346 2912 SynTP (3432d6a12fa5f0a7ea344d544ce2a1f9) C:\windows\system32\DRIVERS\SynTP.sys
21:07:54.0349 2912 SynTP - ok
21:07:54.0517 2912 Tcpip (0158d5e9982e9d6a90dfc802f618e130) C:\windows\system32\drivers\tcpip.sys
21:07:54.0534 2912 Tcpip - ok
21:07:54.0669 2912 TCPIP6 (0158d5e9982e9d6a90dfc802f618e130) C:\windows\system32\DRIVERS\tcpip.sys
21:07:54.0681 2912 TCPIP6 - ok
21:07:54.0808 2912 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
21:07:54.0809 2912 tcpipreg - ok
21:07:54.0940 2912 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
21:07:54.0941 2912 tdcmdpst - ok
21:07:55.0042 2912 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
21:07:55.0043 2912 TDPIPE - ok
21:07:55.0143 2912 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
21:07:55.0144 2912 TDTCP - ok
21:07:55.0245 2912 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
21:07:55.0247 2912 tdx - ok
21:07:55.0346 2912 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
21:07:55.0347 2912 TermDD - ok
21:07:55.0485 2912 Thpdrv (9528f2a39cb660a49f0592d57127f370) C:\windows\system32\DRIVERS\thpdrv.sys
21:07:55.0487 2912 Thpdrv - ok
21:07:55.0620 2912 Thpevm (e17dcde74ff00ca802643b4a9a4a4a5c) C:\windows\system32\DRIVERS\Thpevm.SYS
21:07:55.0621 2912 Thpevm - ok
21:07:55.0800 2912 tosrfbd (b168b345fb7073930c31e0d8b85e8353) C:\windows\system32\DRIVERS\tosrfbd.sys
21:07:55.0804 2912 tosrfbd - ok
21:07:55.0904 2912 Tosrfcom - ok
21:07:56.0028 2912 tosrfec (9ee240f7029771b21cc6200be6516d60) C:\windows\system32\DRIVERS\tosrfec.sys
21:07:56.0029 2912 tosrfec - ok
21:07:56.0142 2912 Tosrfhid (a72a3473180f378cc07d342803ffd580) C:\windows\system32\DRIVERS\Tosrfhid.sys
21:07:56.0144 2912 Tosrfhid - ok
21:07:56.0297 2912 Tosrfusb (f400fb9616261a1b66e6d2e04b6c3538) C:\windows\system32\DRIVERS\tosrfusb.sys
21:07:56.0299 2912 Tosrfusb - ok
21:07:56.0450 2912 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
21:07:56.0451 2912 tssecsrv - ok
21:07:56.0562 2912 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
21:07:56.0564 2912 tunnel - ok
21:07:56.0686 2912 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
21:07:56.0687 2912 TVALZ - ok
21:07:56.0797 2912 TVALZFL (866462f5ae3f375ef83ef9dce436031c) C:\windows\system32\DRIVERS\TVALZFL.sys
21:07:56.0798 2912 TVALZFL - ok
21:07:56.0909 2912 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
21:07:56.0911 2912 uagp35 - ok
21:07:57.0024 2912 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
21:07:57.0029 2912 udfs - ok
21:07:57.0140 2912 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
21:07:57.0142 2912 uliagpkx - ok
21:07:57.0261 2912 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
21:07:57.0263 2912 umbus - ok
21:07:57.0374 2912 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
21:07:57.0375 2912 UmPass - ok
21:07:57.0571 2912 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\windows\system32\Drivers\usbaapl.sys
21:07:57.0575 2912 USBAAPL - ok
21:07:57.0686 2912 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\windows\system32\DRIVERS\usbccgp.sys
21:07:57.0688 2912 usbccgp - ok
21:07:57.0802 2912 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
21:07:57.0804 2912 usbcir - ok
21:07:57.0914 2912 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\windows\system32\DRIVERS\usbehci.sys
21:07:57.0915 2912 usbehci - ok
21:07:58.0036 2912 usbhub (bdcd7156ec37448f08633fd899823620) C:\windows\system32\DRIVERS\usbhub.sys
21:07:58.0040 2912 usbhub - ok
21:07:58.0148 2912 usbohci (eb2d819a639015253c871cda09d91d58) C:\windows\system32\drivers\usbohci.sys
21:07:58.0149 2912 usbohci - ok
21:07:58.0263 2912 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
21:07:58.0264 2912 usbprint - ok
21:07:58.0397 2912 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
21:07:58.0399 2912 usbscan - ok
21:07:58.0520 2912 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\windows\system32\DRIVERS\USBSTOR.SYS
21:07:58.0522 2912 USBSTOR - ok
21:07:58.0641 2912 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\windows\system32\DRIVERS\usbuhci.sys
21:07:58.0643 2912 usbuhci - ok
21:07:58.0756 2912 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
21:07:58.0758 2912 usbvideo - ok
21:07:58.0885 2912 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
21:07:58.0886 2912 vdrvroot - ok
21:07:58.0995 2912 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
21:07:58.0996 2912 vga - ok
21:07:59.0103 2912 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
21:07:59.0105 2912 VgaSave - ok
21:07:59.0213 2912 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
21:07:59.0216 2912 vhdmp - ok
21:07:59.0347 2912 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
21:07:59.0348 2912 viaagp - ok
21:07:59.0481 2912 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
21:07:59.0483 2912 ViaC7 - ok
21:07:59.0615 2912 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
21:07:59.0617 2912 viaide - ok
21:07:59.0719 2912 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
21:07:59.0721 2912 volmgr - ok
21:07:59.0833 2912 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
21:07:59.0838 2912 volmgrx - ok
21:07:59.0939 2912 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
21:07:59.0943 2912 volsnap - ok
21:08:00.0062 2912 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
21:08:00.0065 2912 vsmraid - ok
21:08:00.0167 2912 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
21:08:00.0168 2912 vwifibus - ok
21:08:00.0267 2912 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
21:08:00.0269 2912 vwififlt - ok
21:08:00.0407 2912 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
21:08:00.0408 2912 vwifimp - ok
21:08:00.0518 2912 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
21:08:00.0519 2912 WacomPen - ok
21:08:00.0622 2912 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
21:08:00.0626 2912 WANARP - ok
21:08:00.0636 2912 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
21:08:00.0637 2912 Wanarpv6 - ok
21:08:00.0777 2912 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
21:08:00.0778 2912 Wd - ok
21:08:00.0896 2912 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
21:08:00.0907 2912 Wdf01000 - ok
21:08:01.0050 2912 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
21:08:01.0051 2912 WfpLwf - ok
21:08:01.0151 2912 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
21:08:01.0152 2912 WIMMount - ok
21:08:01.0323 2912 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
21:08:01.0324 2912 WinUsb - ok
21:08:01.0461 2912 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
21:08:01.0462 2912 WmiAcpi - ok
21:08:01.0654 2912 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
21:08:01.0655 2912 ws2ifsl - ok
21:08:01.0775 2912 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
21:08:01.0777 2912 WudfPf - ok
21:08:01.0894 2912 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
21:08:01.0897 2912 WUDFRd - ok
21:08:01.0964 2912 MBR (0x1B8) (ef1fb3fbba60e54cf5e5a0c96abf6c5b) \Device\Harddisk0\DR0
21:08:01.0994 2912 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
21:08:01.0995 2912 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
21:08:02.0033 2912 Boot (0x1200) (97916e045ace4f5227df1e4315431c6b) \Device\Harddisk0\DR0\Partition0
21:08:02.0034 2912 \Device\Harddisk0\DR0\Partition0 - ok
21:08:02.0035 2912 ============================================================
21:08:02.0035 2912 Scan finished
21:08:02.0035 2912 ============================================================
21:08:02.0065 3672 Detected object count: 3
21:08:02.0065 3672 Actual detected object count: 3
21:09:20.0665 3672 MpKsl527cc119 ( ForgedFile.Multi.Generic ) - skipped by user
21:09:20.0665 3672 MpKsl527cc119 ( ForgedFile.Multi.Generic ) - User select action: Skip
21:09:20.0666 3672 MpKsl91ab1eb1 ( ForgedFile.Multi.Generic ) - skipped by user
21:09:20.0666 3672 MpKsl91ab1eb1 ( ForgedFile.Multi.Generic ) - User select action: Skip
21:09:20.0834 3672 \Device\Harddisk0\DR0\# - copied to quarantine
21:09:20.0835 3672 \Device\Harddisk0\DR0 - copied to quarantine
21:09:20.0888 3672 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
21:09:20.0891 3672 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
21:09:20.0893 3672 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
21:09:20.0903 3672 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
21:09:20.0905 3672 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
21:09:20.0908 3672 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:09:20.0910 3672 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:09:20.0921 3672 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
21:09:20.0926 3672 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
21:09:20.0933 3672 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
21:09:20.0935 3672 \Device\Harddisk0\DR0\TDLFS\keywords - copied to quarantine
21:09:20.0938 3672 \Device\Harddisk0\DR0\TDLFS\lsflt7.ver - copied to quarantine
21:09:21.0012 3672 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
21:09:21.0013 3672 \Device\Harddisk0\DR0 - ok
21:09:21.0014 3672 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
21:09:27.0770 4068 Deinitialize success

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:34 AM

Posted 04 February 2012 - 11:14 PM

How are things running now?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 purplehero

purplehero
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 04 February 2012 - 11:21 PM

Well there has not been a crash since i ran the tdsskiller. Now I am facing another problem. All the programs have a firefox logo and do not respond properly, instead they all open a tab in the firefox browser.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:34 AM

Posted 04 February 2012 - 11:39 PM

Have you tried restarting?


try this

Scan with exeHelper:

Please download exeHelper to your desktop.

  • Double-click on exeHelper.com to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 purplehero

purplehero
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 04 February 2012 - 11:44 PM

exeHelper by Raktor
Build 20100414
Run at 23:43:22 on 02/04/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Deleting file C:\Users\Administrator\Start Menu\Programs\Startup\scandisk.lnk
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users