Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect


  • This topic is locked This topic is locked
14 replies to this topic

#1 Emmetkelly

Emmetkelly

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 21 March 2012 - 02:13 PM

I am having an issue where my internet searches get redirected to a page of similar terms or relevant ads. This thread here says a bit more about my issue and what I've done so far: http://www.bleepingcomputer.com/forums/topic446759.html

DDS Scan Log
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Emily at 15:08:53 on 2012-03-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8157.5565 [GMT -4:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Users\Emily\AppData\Local\Akamai\netsession_win.exe
C:\Users\Emily\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\AVG\AVG2012\avgcmgr.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://blekko.com?source=c3348dd4&tbp=homepage&toolbarid=blekkotb&u=20120321CB7149B092E48432D697A1B5
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Updater For Spam Free Search Bar: {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll
BHO: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll
TB: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Akamai NetSession Interface] "C:\Users\Emily\AppData\Local\Akamai\netsession_win.exe"
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
StartupFolder: C:\Users\Emily\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\Emily\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{57CCF8AD-D5DC-4394-AD3E-C3280E1E221A} : DhcpNameServer = 35.8.2.5 35.8.2.41
TCP: Interfaces\{A131DF92-E2BF-434A-8E71-09AC2F4007D6} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{A131DF92-E2BF-434A-8E71-09AC2F4007D6}\2656C6B696E6E2930363E2537484A7 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{A131DF92-E2BF-434A-8E71-09AC2F4007D6}\45F6671627 : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{A131DF92-E2BF-434A-8E71-09AC2F4007D6}\473677E236F6 : DhcpNameServer = 10.128.128.128
TCP: Interfaces\{A131DF92-E2BF-434A-8E71-09AC2F4007D6}\65562796A7F6E602D494649443531303C4024313834402355636572756 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A131DF92-E2BF-434A-8E71-09AC2F4007D6}\C696E6B6379737 : DhcpNameServer = 24.247.15.53 24.247.24.53
TCP: Interfaces\{A131DF92-E2BF-434A-8E71-09AC2F4007D6}\D416272796F6474775946494 : DhcpNameServer = 208.67.222.222 208.67.220.220
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Updater For Spam Free Search Bar: {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll
BHO-X64: Updater For Spam Free Search Bar - No File
BHO-X64: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll
BHO-X64: Spam Free Search Bar - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll
BHO-X64: Freecorder Toolbar - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll
TB-X64: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\4y0non14.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://apl.startnow.com/s/?src=addrbar&provider=bing&provider_name=bing&provider_code=Z079&partner_id=314&product_id=677&affiliate_id=&channel=6-08172011&toolbar_id=30&toolbar_version=5.0.0.0&install_country=US&install_date=20110817&user_guid=4DBF0F3A982542949FACDF7B696B7CF6&machine_id=6f2561c2392d03c0e94b2f7764d1c905&browser=FF&os=win&os_version=6.1-x64-SP1&q=
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npRLCT4Player.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Emily\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\Emily\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Emily\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-3 652360]
R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-1-16 909152]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe --> C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-03-21 05:50:08 -------- d-----w- C:\Users\Emily\AppData\Local\blekkotb
2012-03-21 05:50:05 -------- d-----w- C:\ProgramData\Anti-phishing Domain Advisor
2012-03-21 05:50:01 255552 ----a-w- C:\Windows\SysWow64\drivers\mcdbus.sys
2012-03-21 05:50:01 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys
2012-03-21 05:49:58 -------- d-----w- C:\Program Files (x86)\MagicDisc
2012-03-21 05:49:53 -------- d-----w- C:\Program Files (x86)\blekkotb
2012-03-21 05:25:44 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2012-03-21 05:24:48 -------- d-----w- C:\ProgramData\Rosetta Stone
2012-03-21 05:24:48 -------- d-----w- C:\Program Files (x86)\Rosetta Stone
2012-03-20 23:57:35 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-20 23:57:35 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-20 21:35:28 -------- d-----w- C:\Users\Emily\AppData\Roaming\SUPERAntiSpyware.com
2012-03-20 21:35:06 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-03-20 21:35:06 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-03-20 19:59:48 -------- d-----w- C:\Users\Emily\AppData\Roaming\uTorrent
2012-03-20 03:16:29 -------- d-----w- C:\Program Files (x86)\The Rosetta Stone
2012-03-19 21:23:36 -------- d-----w- C:\Windows\SysWow64\syncdb
2012-03-19 01:52:03 98816 ----a-w- C:\Windows\sed.exe
2012-03-19 01:52:03 518144 ----a-w- C:\Windows\SWREG.exe
2012-03-19 01:52:03 256000 ----a-w- C:\Windows\PEV.exe
2012-03-19 01:52:03 208896 ----a-w- C:\Windows\MBR.exe
2012-03-19 01:51:46 -------- d-s---w- C:\ComboFix
2012-03-19 01:43:56 44544 ----a-w- C:\Windows\SysWow64\agremove.exe
2012-03-19 01:26:04 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2012-03-14 07:03:41 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 07:03:40 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 07:03:39 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 01:02:25 -------- d-----w- C:\Program Files\iPod
2012-03-14 01:02:24 -------- d-----w- C:\Program Files\iTunes
2012-03-14 00:28:06 -------- d-----w- C:\ProgramData\Belkin
2012-03-14 00:27:03 -------- d-----w- C:\Program Files (x86)\Belkin
2012-03-13 17:16:43 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-13 17:16:40 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-13 17:16:40 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-13 17:15:06 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-13 17:15:06 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 17:15:06 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-13 17:15:04 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 17:15:04 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-13 17:15:03 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 17:15:03 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-05 23:52:58 -------- d-----w- C:\Users\Emily\AppData\Roaming\HDRsoft
2012-03-05 23:52:58 -------- d-----w- C:\Program Files\PhotomatixPro4
2012-02-22 06:35:44 -------- d-----w- C:\ProgramData\Protexis
.
==================== Find3M ====================
.
2012-02-15 15:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 15:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-07 22:12:35 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 15:09:27.97 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:43 PM

Posted 22 March 2012 - 02:53 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Emmetkelly

Emmetkelly
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 22 March 2012 - 03:32 PM

Hi Gringo! Thank you for your help.

It restarted during the end of the scan (after Stage 50) and then it wouldn't let me open the internet, something about it being flagged for deletion, so I restarted again and it seems to be okay.
As for my original issue, it's still redirecting.

ComboFix 12-03-22.01 - Emily 03/22/2012 15:55:24.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8157.6345 [GMT -4:00]
Running from: c:\users\Emily\Downloads\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\Emily\AppData\Local\Temp\AFF1.tmp\F_IN_BOX.dll
c:\users\Emily\AppData\Roaming\AVG9\AVG9\hmlxkn.dll
c:\users\Emily\AppData\Roaming\Love
c:\users\Emily\AppData\Roaming\Love\mari0\options.txt
c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\4y0non14.default\searchplugins\bing-zugo.xml
c:\users\Emily\Documents\~WRL0003.tmp
c:\windows\system32\drivers\etc\lmhosts
c:\windows\SysWow64\system
.
.
((((((((((((((((((((((((( Files Created from 2012-02-22 to 2012-03-22 )))))))))))))))))))))))))))))))
.
.
2012-03-22 20:12 . 2012-03-22 20:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-22 19:44 . 2012-03-22 19:44 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
2012-03-21 05:50 . 2012-03-21 05:50 -------- d-----w- c:\users\Emily\AppData\Local\blekkotb
2012-03-21 05:50 . 2012-03-22 19:33 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2012-03-21 05:50 . 2009-02-24 22:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys
2012-03-21 05:50 . 2009-02-24 22:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2012-03-21 05:49 . 2012-03-21 05:50 -------- d-----w- c:\program files (x86)\MagicDisc
2012-03-21 05:49 . 2012-03-21 05:50 -------- d-----w- c:\program files (x86)\blekkotb
2012-03-21 05:44 . 2012-03-21 05:44 -------- d-----w- c:\programdata\FLEXnet
2012-03-21 05:25 . 2012-03-21 05:25 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2012-03-21 05:24 . 2012-03-21 19:44 -------- d-----w- c:\programdata\Rosetta Stone
2012-03-21 05:24 . 2012-03-21 05:24 -------- d-----w- c:\program files (x86)\Rosetta Stone
2012-03-20 23:57 . 2012-03-13 04:39 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-20 23:57 . 2012-03-13 04:39 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-20 21:35 . 2012-03-20 21:35 -------- d-----w- c:\users\Emily\AppData\Roaming\SUPERAntiSpyware.com
2012-03-20 21:35 . 2012-03-20 21:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-20 21:35 . 2012-03-20 21:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-20 21:01 . 2012-03-20 21:01 -------- d-----w- c:\program files (x86)\ERUNT
2012-03-20 19:59 . 2012-03-21 06:25 -------- d-----w- c:\users\Emily\AppData\Roaming\uTorrent
2012-03-20 03:16 . 2012-03-20 03:20 -------- d-----w- c:\program files (x86)\The Rosetta Stone
2012-03-19 21:23 . 2012-03-19 21:23 -------- d-----w- c:\windows\SysWow64\syncdb
2012-03-19 01:43 . 2012-03-19 01:44 44544 ----a-w- c:\windows\SysWow64\agremove.exe
2012-03-19 01:26 . 2012-03-19 01:26 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-03-14 07:03 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 07:03 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 07:03 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 01:02 . 2012-03-14 01:02 -------- d-----w- c:\program files\iPod
2012-03-14 01:02 . 2012-03-14 01:02 -------- d-----w- c:\program files\iTunes
2012-03-14 00:28 . 2012-03-19 04:57 -------- d-----w- c:\programdata\Belkin
2012-03-14 00:27 . 2012-03-19 04:56 -------- d-----w- c:\program files (x86)\Belkin
2012-03-13 17:16 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 17:16 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 17:16 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 17:15 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 17:15 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 17:15 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 17:15 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 17:15 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 17:15 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 17:15 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-05 23:52 . 2012-03-05 23:53 -------- d-----w- c:\program files\PhotomatixPro4
2012-03-05 23:52 . 2012-03-05 23:52 -------- d-----w- c:\users\Emily\AppData\Roaming\HDRsoft
2012-02-22 06:35 . 2012-02-22 06:40 -------- d-----w- c:\programdata\Protexis
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-15 15:01 . 2012-02-15 15:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 15:01 . 2012-02-15 15:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-07 22:12 . 2011-06-26 02:28 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-03 22:41 . 2012-02-03 22:41 776320 ----a-w- c:\programdata\Microsoft\Windows\DRM\install_flashplayer.exe
2012-02-03 22:41 . 2012-02-03 22:41 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\D395.tmp
2012-02-02 05:01 . 2012-02-02 05:01 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\6ED4.tmp
2012-02-01 04:17 . 2012-02-01 04:17 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\F2FD.tmp
2012-01-04 10:44 . 2012-02-15 03:12 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 03:12 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-15 03:12 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-15 03:12 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-15 03:12 498688 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6}]
2012-01-17 19:28 262312 ----a-w- c:\program files (x86)\blekkotb\auxi\blekkoAu.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]
2012-01-17 19:28 86696 ----a-w- c:\program files (x86)\blekkotb\blekkoDx.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
2011-06-24 15:04 81920 ----a-w- c:\program files (x86)\freecordertoolbar\vmntemplateX.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}"= "c:\program files (x86)\freecordertoolbar\vmntemplateX.dll" [2011-06-24 81920]
"{26c9e18c-3717-4be1-a225-04e4471f5b6e}"= "c:\program files (x86)\blekkotb\blekkoDx.dll" [2012-01-17 86696]
.
[HKEY_CLASSES_ROOT\clsid\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
.
[HKEY_CLASSES_ROOT\clsid\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Akamai NetSession Interface"="c:\users\Emily\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-25 98304]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-01-16 939872]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-01-17 232616]
.
c:\users\Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-3-21 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-01-16 909152]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1605572699-1259706304-240425394-1001Core.job
- c:\users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-19 19:57]
.
2012-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1605572699-1259706304-240425394-1001UA.job
- c:\users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-19 19:57]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://blekko.com?source=c3348dd4&tbp=homepage&toolbarid=blekkotb&u=20120321CB7149B092E48432D697A1B5
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\4y0non14.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://blekko.com/?source=c3348dd4&tbp=url&toolbarid=blekkotb&u=___userid___&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-03-22 16:21:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-22 20:21
.
Pre-Run: 194,421,968,896 bytes free
Post-Run: 210,452,570,112 bytes free
.
- - End Of File - - DEF0254AE8069F9465BECAF5A31967D1

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:43 PM

Posted 22 March 2012 - 09:53 PM

Greetings

I see some minor things in the comgbofix report but I want to check for any rootkits before we move forward

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Emmetkelly

Emmetkelly
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 24 March 2012 - 01:34 PM

13:44:54.0819 4504 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
13:44:56.0256 4504 ============================================================
13:44:56.0256 4504 Current date / time: 2012/03/24 13:44:56.0256
13:44:56.0256 4504 SystemInfo:
13:44:56.0256 4504
13:44:56.0256 4504 OS Version: 6.1.7601 ServicePack: 1.0
13:44:56.0256 4504 Product type: Workstation
13:44:56.0256 4504 ComputerName: EMILY-LAPTOP
13:44:56.0257 4504 UserName: Emily
13:44:56.0257 4504 Windows directory: C:\Windows
13:44:56.0257 4504 System windows directory: C:\Windows
13:44:56.0257 4504 Running under WOW64
13:44:56.0257 4504 Processor architecture: Intel x64
13:44:56.0257 4504 Number of processors: 2
13:44:56.0257 4504 Page size: 0x1000
13:44:56.0257 4504 Boot type: Normal boot
13:44:56.0257 4504 ============================================================
13:44:57.0632 4504 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:44:57.0634 4504 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:44:57.0646 4504 \Device\Harddisk0\DR0:
13:44:57.0647 4504 MBR used
13:44:57.0647 4504 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:44:57.0647 4504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
13:44:57.0647 4504 \Device\Harddisk1\DR1:
13:44:57.0647 4504 MBR used
13:44:57.0732 4504 Initialize success
13:44:57.0732 4504 ============================================================
13:45:07.0008 3516 ============================================================
13:45:07.0008 3516 Scan started
13:45:07.0008 3516 Mode: Manual;
13:45:07.0008 3516 ============================================================
13:45:08.0211 3516 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
13:45:08.0213 3516 !SASCORE - ok
13:45:08.0437 3516 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:45:08.0441 3516 1394ohci - ok
13:45:08.0577 3516 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:45:08.0587 3516 ACPI - ok
13:45:08.0639 3516 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:45:08.0642 3516 AcpiPmi - ok
13:45:08.0796 3516 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:45:08.0798 3516 AdobeARMservice - ok
13:45:08.0970 3516 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:45:08.0990 3516 adp94xx - ok
13:45:09.0036 3516 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:45:09.0044 3516 adpahci - ok
13:45:09.0077 3516 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:45:09.0082 3516 adpu320 - ok
13:45:09.0114 3516 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:45:09.0116 3516 AeLookupSvc - ok
13:45:09.0185 3516 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:45:09.0215 3516 AFD - ok
13:45:09.0247 3516 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:45:09.0250 3516 agp440 - ok
13:45:09.0668 3516 Akamai (31bd294dc6ddbc0f16356d958d0743a4) c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll
13:45:09.0668 3516 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll. md5: 31bd294dc6ddbc0f16356d958d0743a4
13:45:09.0678 3516 Akamai ( HiddenFile.Multi.Generic ) - warning
13:45:09.0678 3516 Akamai - detected HiddenFile.Multi.Generic (1)
13:45:09.0770 3516 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:45:09.0773 3516 ALG - ok
13:45:09.0826 3516 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:45:09.0829 3516 aliide - ok
13:45:09.0908 3516 AMD External Events Utility (9a5495edebe7d6b3f7e9a86ebe5ea248) C:\Windows\system32\atiesrxx.exe
13:45:09.0912 3516 AMD External Events Utility - ok
13:45:09.0983 3516 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:45:09.0985 3516 amdide - ok
13:45:10.0036 3516 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:45:10.0040 3516 AmdK8 - ok
13:45:10.0054 3516 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:45:10.0058 3516 AmdPPM - ok
13:45:10.0101 3516 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:45:10.0105 3516 amdsata - ok
13:45:10.0133 3516 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:45:10.0139 3516 amdsbs - ok
13:45:10.0162 3516 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:45:10.0163 3516 amdxata - ok
13:45:10.0206 3516 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:45:10.0210 3516 AppID - ok
13:45:10.0235 3516 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:45:10.0238 3516 AppIDSvc - ok
13:45:10.0268 3516 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:45:10.0271 3516 Appinfo - ok
13:45:10.0393 3516 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:45:10.0395 3516 Apple Mobile Device - ok
13:45:10.0538 3516 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:45:10.0541 3516 arc - ok
13:45:10.0585 3516 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:45:10.0589 3516 arcsas - ok
13:45:10.0659 3516 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:45:10.0668 3516 AsyncMac - ok
13:45:10.0718 3516 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:45:10.0719 3516 atapi - ok
13:45:10.0779 3516 AtiHdmiService (38467ff83c2b4265d51f418812a91e3c) C:\Windows\system32\drivers\AtiHdmi.sys
13:45:10.0781 3516 AtiHdmiService - ok
13:45:11.0035 3516 atikmdag (a08339ae90972e268b9622c668f450e8) C:\Windows\system32\DRIVERS\atikmdag.sys
13:45:11.0193 3516 atikmdag - ok
13:45:11.0315 3516 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:45:11.0343 3516 AudioEndpointBuilder - ok
13:45:11.0370 3516 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:45:11.0377 3516 AudioSrv - ok
13:45:11.0450 3516 AVG Security Toolbar Service - ok
13:45:11.0538 3516 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
13:45:11.0539 3516 Avgfwfd - ok
13:45:11.0732 3516 avgfws (5cd22eb540f82c70e33e530003f3903b) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
13:45:11.0755 3516 avgfws - ok
13:45:12.0248 3516 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
13:45:12.0301 3516 AVGIDSAgent - ok
13:45:12.0431 3516 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
13:45:12.0433 3516 AVGIDSDriver - ok
13:45:12.0524 3516 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
13:45:12.0526 3516 AVGIDSEH - ok
13:45:12.0577 3516 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
13:45:12.0579 3516 AVGIDSFilter - ok
13:45:12.0673 3516 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
13:45:12.0677 3516 Avgldx64 - ok
13:45:12.0728 3516 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
13:45:12.0729 3516 Avgmfx64 - ok
13:45:12.0785 3516 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
13:45:12.0786 3516 Avgrkx64 - ok
13:45:12.0876 3516 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
13:45:12.0881 3516 Avgtdia - ok
13:45:12.0957 3516 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
13:45:12.0960 3516 avgwd - ok
13:45:13.0044 3516 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:45:13.0049 3516 AxInstSV - ok
13:45:13.0132 3516 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:45:13.0166 3516 b06bdrv - ok
13:45:13.0292 3516 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:45:13.0301 3516 b57nd60a - ok
13:45:13.0410 3516 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:45:13.0414 3516 BDESVC - ok
13:45:13.0442 3516 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:45:13.0489 3516 Beep - ok
13:45:13.0780 3516 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:45:13.0802 3516 BFE - ok
13:45:13.0885 3516 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
13:45:13.0919 3516 BITS - ok
13:45:13.0977 3516 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:45:13.0980 3516 blbdrive - ok
13:45:14.0028 3516 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:45:14.0031 3516 bowser - ok
13:45:14.0060 3516 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:45:14.0063 3516 BrFiltLo - ok
13:45:14.0082 3516 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:45:14.0085 3516 BrFiltUp - ok
13:45:14.0130 3516 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:45:14.0134 3516 BridgeMP - ok
13:45:14.0167 3516 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:45:14.0172 3516 Browser - ok
13:45:14.0199 3516 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:45:14.0206 3516 Brserid - ok
13:45:14.0230 3516 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:45:14.0234 3516 BrSerWdm - ok
13:45:14.0267 3516 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:45:14.0270 3516 BrUsbMdm - ok
13:45:14.0282 3516 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:45:14.0284 3516 BrUsbSer - ok
13:45:14.0321 3516 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:45:14.0324 3516 BTHMODEM - ok
13:45:14.0363 3516 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:45:14.0367 3516 bthserv - ok
13:45:14.0536 3516 catchme - ok
13:45:14.0660 3516 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:45:14.0664 3516 cdfs - ok
13:45:14.0720 3516 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:45:14.0725 3516 cdrom - ok
13:45:14.0760 3516 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:45:14.0764 3516 CertPropSvc - ok
13:45:14.0815 3516 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:45:14.0818 3516 circlass - ok
13:45:14.0855 3516 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:45:14.0861 3516 CLFS - ok
13:45:14.0938 3516 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:45:14.0944 3516 clr_optimization_v2.0.50727_32 - ok
13:45:14.0992 3516 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:45:14.0997 3516 clr_optimization_v2.0.50727_64 - ok
13:45:15.0104 3516 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:45:15.0135 3516 clr_optimization_v4.0.30319_32 - ok
13:45:15.0228 3516 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:45:15.0232 3516 clr_optimization_v4.0.30319_64 - ok
13:45:15.0324 3516 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:45:15.0327 3516 CmBatt - ok
13:45:15.0360 3516 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:45:15.0362 3516 cmdide - ok
13:45:15.0400 3516 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:45:15.0409 3516 CNG - ok
13:45:15.0448 3516 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:45:15.0450 3516 Compbatt - ok
13:45:15.0498 3516 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:45:15.0501 3516 CompositeBus - ok
13:45:15.0543 3516 COMSysApp - ok
13:45:15.0616 3516 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:45:15.0619 3516 crcdisk - ok
13:45:15.0675 3516 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
13:45:15.0681 3516 CryptSvc - ok
13:45:15.0802 3516 CtClsFlt (fc1f55ba03832fbb0daf965f746c47bb) C:\Windows\system32\DRIVERS\CtClsFlt.sys
13:45:15.0807 3516 CtClsFlt - ok
13:45:15.0882 3516 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:45:15.0903 3516 DcomLaunch - ok
13:45:15.0941 3516 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:45:15.0948 3516 defragsvc - ok
13:45:16.0000 3516 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:45:16.0011 3516 DfsC - ok
13:45:16.0134 3516 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:45:16.0156 3516 Dhcp - ok
13:45:16.0202 3516 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:45:16.0203 3516 discache - ok
13:45:16.0250 3516 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:45:16.0254 3516 Disk - ok
13:45:16.0320 3516 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:45:16.0325 3516 Dnscache - ok
13:45:16.0360 3516 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:45:16.0366 3516 dot3svc - ok
13:45:16.0394 3516 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:45:16.0399 3516 DPS - ok
13:45:16.0452 3516 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:45:16.0455 3516 drmkaud - ok
13:45:16.0559 3516 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:45:16.0570 3516 DXGKrnl - ok
13:45:16.0610 3516 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:45:16.0614 3516 EapHost - ok
13:45:16.0797 3516 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:45:16.0886 3516 ebdrv - ok
13:45:16.0993 3516 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:45:16.0995 3516 EFS - ok
13:45:17.0257 3516 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:45:17.0291 3516 ehRecvr - ok
13:45:17.0320 3516 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:45:17.0324 3516 ehSched - ok
13:45:17.0416 3516 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:45:17.0427 3516 elxstor - ok
13:45:17.0521 3516 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
13:45:17.0532 3516 EpsonBidirectionalService - ok
13:45:17.0631 3516 EPSON_EB_RPCV4_01 (b5581646636759d0dafa8b008881c079) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
13:45:17.0634 3516 EPSON_EB_RPCV4_01 - ok
13:45:17.0658 3516 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
13:45:17.0662 3516 EPSON_PM_RPCV4_01 - ok
13:45:17.0836 3516 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:45:17.0839 3516 ErrDev - ok
13:45:17.0942 3516 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:45:17.0973 3516 EventSystem - ok
13:45:18.0019 3516 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:45:18.0025 3516 exfat - ok
13:45:18.0058 3516 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:45:18.0063 3516 fastfat - ok
13:45:18.0117 3516 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:45:18.0129 3516 Fax - ok
13:45:18.0179 3516 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:45:18.0182 3516 fdc - ok
13:45:18.0229 3516 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:45:18.0232 3516 fdPHost - ok
13:45:18.0263 3516 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:45:18.0267 3516 FDResPub - ok
13:45:18.0281 3516 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:45:18.0284 3516 FileInfo - ok
13:45:18.0303 3516 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:45:18.0306 3516 Filetrace - ok
13:45:18.0409 3516 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:45:18.0417 3516 FLEXnet Licensing Service - ok
13:45:18.0486 3516 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:45:18.0489 3516 flpydisk - ok
13:45:18.0579 3516 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:45:18.0584 3516 FltMgr - ok
13:45:18.0700 3516 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:45:18.0933 3516 FontCache - ok
13:45:19.0074 3516 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:45:19.0083 3516 FontCache3.0.0.0 - ok
13:45:19.0177 3516 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:45:19.0187 3516 FsDepends - ok
13:45:19.0209 3516 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:45:19.0211 3516 Fs_Rec - ok
13:45:19.0276 3516 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:45:19.0288 3516 fvevol - ok
13:45:19.0329 3516 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:45:19.0332 3516 gagp30kx - ok
13:45:19.0364 3516 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:45:19.0377 3516 GEARAspiWDM - ok
13:45:19.0506 3516 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:45:19.0539 3516 gpsvc - ok
13:45:19.0578 3516 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:45:19.0580 3516 hcw85cir - ok
13:45:19.0633 3516 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:45:19.0641 3516 HdAudAddService - ok
13:45:19.0673 3516 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:45:19.0676 3516 HDAudBus - ok
13:45:19.0704 3516 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:45:19.0707 3516 HidBatt - ok
13:45:19.0731 3516 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:45:19.0735 3516 HidBth - ok
13:45:19.0761 3516 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:45:19.0764 3516 HidIr - ok
13:45:19.0789 3516 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:45:19.0792 3516 hidserv - ok
13:45:19.0842 3516 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:45:19.0845 3516 HidUsb - ok
13:45:19.0877 3516 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:45:19.0881 3516 hkmsvc - ok
13:45:19.0923 3516 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:45:19.0929 3516 HomeGroupListener - ok
13:45:19.0968 3516 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:45:19.0975 3516 HomeGroupProvider - ok
13:45:20.0044 3516 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:45:20.0049 3516 HpSAMD - ok
13:45:20.0109 3516 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:45:20.0132 3516 HTTP - ok
13:45:20.0168 3516 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:45:20.0169 3516 hwpolicy - ok
13:45:20.0241 3516 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:45:20.0244 3516 i8042prt - ok
13:45:20.0306 3516 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:45:20.0315 3516 iaStorV - ok
13:45:20.0379 3516 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:45:20.0413 3516 idsvc - ok
13:45:20.0492 3516 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:45:20.0499 3516 iirsp - ok
13:45:20.0557 3516 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:45:20.0592 3516 IKEEXT - ok
13:45:20.0651 3516 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:45:20.0655 3516 intelide - ok
13:45:20.0694 3516 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:45:20.0696 3516 intelppm - ok
13:45:20.0742 3516 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:45:20.0753 3516 IPBusEnum - ok
13:45:20.0800 3516 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:45:20.0804 3516 IpFilterDriver - ok
13:45:20.0897 3516 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:45:20.0906 3516 iphlpsvc - ok
13:45:20.0956 3516 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:45:20.0960 3516 IPMIDRV - ok
13:45:21.0003 3516 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:45:21.0007 3516 IPNAT - ok
13:45:21.0182 3516 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
13:45:21.0192 3516 iPod Service - ok
13:45:21.0383 3516 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:45:21.0386 3516 IRENUM - ok
13:45:21.0424 3516 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:45:21.0427 3516 isapnp - ok
13:45:21.0464 3516 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:45:21.0471 3516 iScsiPrt - ok
13:45:21.0503 3516 itecir (8d990a44b4f2b68e2c56a3724ec3eb84) C:\Windows\system32\DRIVERS\itecir.sys
13:45:21.0543 3516 itecir - ok
13:45:21.0595 3516 k57nd60a (7dbafe10c1b777305c80bea42fbda710) C:\Windows\system32\DRIVERS\k57nd60a.sys
13:45:21.0602 3516 k57nd60a - ok
13:45:21.0651 3516 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
13:45:21.0653 3516 kbdclass - ok
13:45:21.0682 3516 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
13:45:21.0685 3516 kbdhid - ok
13:45:21.0714 3516 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:45:21.0717 3516 KeyIso - ok
13:45:21.0745 3516 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:45:21.0748 3516 KSecDD - ok
13:45:21.0771 3516 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:45:21.0775 3516 KSecPkg - ok
13:45:21.0808 3516 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:45:21.0810 3516 ksthunk - ok
13:45:21.0856 3516 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:45:21.0865 3516 KtmRm - ok
13:45:21.0922 3516 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
13:45:21.0930 3516 LanmanServer - ok
13:45:21.0967 3516 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:45:21.0973 3516 LanmanWorkstation - ok
13:45:22.0035 3516 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:45:22.0038 3516 lltdio - ok
13:45:22.0085 3516 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:45:22.0096 3516 lltdsvc - ok
13:45:22.0117 3516 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:45:22.0120 3516 lmhosts - ok
13:45:22.0168 3516 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:45:22.0173 3516 LSI_FC - ok
13:45:22.0198 3516 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:45:22.0201 3516 LSI_SAS - ok
13:45:22.0216 3516 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:45:22.0219 3516 LSI_SAS2 - ok
13:45:22.0241 3516 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:45:22.0245 3516 LSI_SCSI - ok
13:45:22.0280 3516 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:45:22.0283 3516 luafv - ok
13:45:22.0449 3516 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
13:45:22.0450 3516 MBAMProtector - ok
13:45:22.0607 3516 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:45:22.0614 3516 MBAMService - ok
13:45:22.0723 3516 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
13:45:22.0739 3516 mcdbus - ok
13:45:22.0801 3516 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:45:22.0811 3516 Mcx2Svc - ok
13:45:22.0867 3516 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:45:22.0870 3516 megasas - ok
13:45:22.0891 3516 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:45:22.0898 3516 MegaSR - ok
13:45:22.0952 3516 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:45:22.0956 3516 MMCSS - ok
13:45:22.0968 3516 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:45:22.0971 3516 Modem - ok
13:45:23.0010 3516 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:45:23.0012 3516 monitor - ok
13:45:23.0058 3516 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:45:23.0059 3516 mouclass - ok
13:45:23.0095 3516 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:45:23.0098 3516 mouhid - ok
13:45:23.0135 3516 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:45:23.0137 3516 mountmgr - ok
13:45:23.0177 3516 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:45:23.0182 3516 mpio - ok
13:45:23.0202 3516 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:45:23.0205 3516 mpsdrv - ok
13:45:23.0269 3516 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:45:23.0303 3516 MpsSvc - ok
13:45:23.0366 3516 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:45:23.0371 3516 MRxDAV - ok
13:45:23.0405 3516 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:45:23.0409 3516 mrxsmb - ok
13:45:23.0454 3516 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:45:23.0461 3516 mrxsmb10 - ok
13:45:23.0543 3516 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:45:23.0549 3516 mrxsmb20 - ok
13:45:23.0606 3516 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:45:23.0607 3516 msahci - ok
13:45:23.0667 3516 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:45:23.0670 3516 msdsm - ok
13:45:23.0747 3516 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:45:23.0752 3516 MSDTC - ok
13:45:23.0819 3516 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:45:23.0821 3516 Msfs - ok
13:45:23.0848 3516 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:45:23.0852 3516 mshidkmdf - ok
13:45:23.0880 3516 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:45:23.0881 3516 msisadrv - ok
13:45:23.0937 3516 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:45:23.0944 3516 MSiSCSI - ok
13:45:23.0954 3516 msiserver - ok
13:45:24.0014 3516 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:45:24.0022 3516 MSKSSRV - ok
13:45:24.0048 3516 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:45:24.0051 3516 MSPCLOCK - ok
13:45:24.0063 3516 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:45:24.0065 3516 MSPQM - ok
13:45:24.0154 3516 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:45:24.0166 3516 MsRPC - ok
13:45:24.0205 3516 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:45:24.0207 3516 mssmbios - ok
13:45:24.0271 3516 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:45:24.0273 3516 MSTEE - ok
13:45:24.0315 3516 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:45:24.0318 3516 MTConfig - ok
13:45:24.0374 3516 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:45:24.0376 3516 Mup - ok
13:45:24.0471 3516 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:45:24.0482 3516 napagent - ok
13:45:24.0612 3516 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:45:24.0623 3516 NativeWifiP - ok
13:45:24.0731 3516 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:45:24.0767 3516 NDIS - ok
13:45:24.0860 3516 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:45:24.0863 3516 NdisCap - ok
13:45:24.0891 3516 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:45:24.0893 3516 NdisTapi - ok
13:45:24.0917 3516 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:45:24.0920 3516 Ndisuio - ok
13:45:24.0956 3516 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:45:24.0961 3516 NdisWan - ok
13:45:25.0004 3516 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:45:25.0007 3516 NDProxy - ok
13:45:25.0051 3516 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:45:25.0058 3516 NetBIOS - ok
13:45:25.0099 3516 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:45:25.0105 3516 NetBT - ok
13:45:25.0137 3516 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:45:25.0139 3516 Netlogon - ok
13:45:25.0188 3516 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:45:25.0196 3516 Netman - ok
13:45:25.0225 3516 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:45:25.0237 3516 netprofm - ok
13:45:25.0290 3516 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:45:25.0294 3516 NetTcpPortSharing - ok
13:45:25.0750 3516 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
13:45:25.0890 3516 netw5v64 - ok
13:45:26.0035 3516 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:45:26.0038 3516 nfrd960 - ok
13:45:26.0100 3516 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:45:26.0107 3516 NlaSvc - ok
13:45:26.0150 3516 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:45:26.0153 3516 Npfs - ok
13:45:26.0188 3516 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:45:26.0192 3516 nsi - ok
13:45:26.0211 3516 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:45:26.0212 3516 nsiproxy - ok
13:45:26.0430 3516 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:45:26.0476 3516 Ntfs - ok
13:45:26.0626 3516 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:45:26.0630 3516 Null - ok
13:45:26.0673 3516 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:45:26.0679 3516 nvraid - ok
13:45:26.0723 3516 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:45:26.0729 3516 nvstor - ok
13:45:26.0777 3516 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:45:26.0788 3516 nv_agp - ok
13:45:26.0924 3516 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:45:26.0929 3516 odserv - ok
13:45:27.0050 3516 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:45:27.0054 3516 ohci1394 - ok
13:45:27.0117 3516 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:45:27.0121 3516 ose - ok
13:45:27.0261 3516 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:45:27.0294 3516 p2pimsvc - ok
13:45:27.0382 3516 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:45:27.0412 3516 p2psvc - ok
13:45:27.0458 3516 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:45:27.0463 3516 Parport - ok
13:45:27.0502 3516 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:45:27.0506 3516 partmgr - ok
13:45:27.0548 3516 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:45:27.0554 3516 PcaSvc - ok
13:45:27.0594 3516 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:45:27.0598 3516 pci - ok
13:45:27.0634 3516 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:45:27.0636 3516 pciide - ok
13:45:27.0674 3516 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:45:27.0680 3516 pcmcia - ok
13:45:27.0696 3516 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:45:27.0697 3516 pcw - ok
13:45:27.0756 3516 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:45:27.0779 3516 PEAUTH - ok
13:45:27.0900 3516 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:45:27.0905 3516 PerfHost - ok
13:45:28.0080 3516 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:45:28.0125 3516 pla - ok
13:45:28.0214 3516 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:45:28.0244 3516 PlugPlay - ok
13:45:28.0278 3516 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:45:28.0282 3516 PNRPAutoReg - ok
13:45:28.0306 3516 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:45:28.0311 3516 PNRPsvc - ok
13:45:28.0380 3516 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:45:28.0400 3516 PolicyAgent - ok
13:45:28.0448 3516 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:45:28.0453 3516 Power - ok
13:45:28.0519 3516 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:45:28.0523 3516 PptpMiniport - ok
13:45:28.0556 3516 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:45:28.0560 3516 Processor - ok
13:45:28.0595 3516 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
13:45:28.0602 3516 ProfSvc - ok
13:45:28.0626 3516 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:45:28.0628 3516 ProtectedStorage - ok
13:45:28.0702 3516 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:45:28.0705 3516 Psched - ok
13:45:28.0849 3516 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:45:28.0895 3516 ql2300 - ok
13:45:28.0963 3516 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:45:28.0974 3516 ql40xx - ok
13:45:29.0043 3516 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:45:29.0050 3516 QWAVE - ok
13:45:29.0107 3516 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:45:29.0110 3516 QWAVEdrv - ok
13:45:29.0131 3516 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:45:29.0134 3516 RasAcd - ok
13:45:29.0171 3516 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:45:29.0174 3516 RasAgileVpn - ok
13:45:29.0208 3516 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:45:29.0218 3516 RasAuto - ok
13:45:29.0255 3516 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:45:29.0259 3516 Rasl2tp - ok
13:45:29.0286 3516 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:45:29.0295 3516 RasMan - ok
13:45:29.0327 3516 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:45:29.0337 3516 RasPppoe - ok
13:45:29.0368 3516 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:45:29.0371 3516 RasSstp - ok
13:45:29.0406 3516 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:45:29.0413 3516 rdbss - ok
13:45:29.0438 3516 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:45:29.0442 3516 rdpbus - ok
13:45:29.0466 3516 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:45:29.0467 3516 RDPCDD - ok
13:45:29.0513 3516 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:45:29.0514 3516 RDPENCDD - ok
13:45:29.0557 3516 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:45:29.0558 3516 RDPREFMP - ok
13:45:29.0626 3516 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
13:45:29.0671 3516 RDPWD - ok
13:45:29.0790 3516 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:45:29.0799 3516 rdyboost - ok
13:45:29.0888 3516 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:45:29.0893 3516 RemoteAccess - ok
13:45:29.0940 3516 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:45:29.0945 3516 RemoteRegistry - ok
13:45:30.0015 3516 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
13:45:30.0026 3516 rimmptsk - ok
13:45:30.0070 3516 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
13:45:30.0074 3516 rimsptsk - ok
13:45:30.0108 3516 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
13:45:30.0112 3516 rismxdp - ok
13:45:30.0144 3516 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:45:30.0152 3516 RpcEptMapper - ok
13:45:30.0188 3516 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:45:30.0191 3516 RpcLocator - ok
13:45:30.0230 3516 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:45:30.0237 3516 RpcSs - ok
13:45:30.0312 3516 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:45:30.0315 3516 rspndr - ok
13:45:30.0342 3516 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:45:30.0344 3516 SamSs - ok
13:45:30.0424 3516 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
13:45:30.0436 3516 SASDIFSV - ok
13:45:30.0467 3516 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
13:45:30.0479 3516 SASKUTIL - ok
13:45:30.0564 3516 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:45:30.0573 3516 sbp2port - ok
13:45:30.0616 3516 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:45:30.0623 3516 SCardSvr - ok
13:45:30.0665 3516 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:45:30.0668 3516 scfilter - ok
13:45:30.0724 3516 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:45:30.0770 3516 Schedule - ok
13:45:30.0803 3516 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:45:30.0805 3516 SCPolicySvc - ok
13:45:30.0872 3516 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
13:45:30.0876 3516 sdbus - ok
13:45:30.0917 3516 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:45:30.0924 3516 SDRSVC - ok
13:45:30.0973 3516 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:45:30.0976 3516 secdrv - ok
13:45:31.0012 3516 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:45:31.0024 3516 seclogon - ok
13:45:31.0052 3516 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
13:45:31.0056 3516 SENS - ok
13:45:31.0079 3516 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:45:31.0083 3516 SensrSvc - ok
13:45:31.0119 3516 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:45:31.0122 3516 Serenum - ok
13:45:31.0150 3516 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:45:31.0154 3516 Serial - ok
13:45:31.0194 3516 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:45:31.0203 3516 sermouse - ok
13:45:31.0258 3516 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:45:31.0263 3516 SessionEnv - ok
13:45:31.0285 3516 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:45:31.0288 3516 sffdisk - ok
13:45:31.0325 3516 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:45:31.0332 3516 sffp_mmc - ok
13:45:31.0365 3516 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:45:31.0367 3516 sffp_sd - ok
13:45:31.0399 3516 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:45:31.0407 3516 sfloppy - ok
13:45:31.0463 3516 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:45:31.0471 3516 SharedAccess - ok
13:45:31.0517 3516 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:45:31.0526 3516 ShellHWDetection - ok
13:45:31.0589 3516 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:45:31.0592 3516 SiSRaid2 - ok
13:45:31.0618 3516 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:45:31.0621 3516 SiSRaid4 - ok
13:45:31.0665 3516 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:45:31.0669 3516 Smb - ok
13:45:31.0717 3516 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:45:31.0721 3516 SNMPTRAP - ok
13:45:31.0762 3516 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:45:31.0764 3516 spldr - ok
13:45:31.0856 3516 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:45:31.0879 3516 Spooler - ok
13:45:32.0187 3516 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:45:32.0290 3516 sppsvc - ok
13:45:32.0401 3516 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:45:32.0406 3516 sppuinotify - ok
13:45:32.0465 3516 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:45:32.0475 3516 srv - ok
13:45:32.0516 3516 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:45:32.0526 3516 srv2 - ok
13:45:32.0554 3516 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:45:32.0563 3516 srvnet - ok
13:45:32.0613 3516 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:45:32.0620 3516 SSDPSRV - ok
13:45:32.0638 3516 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:45:32.0642 3516 SstpSvc - ok
13:45:32.0687 3516 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:45:32.0693 3516 stexstor - ok
13:45:32.0754 3516 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:45:32.0776 3516 stisvc - ok
13:45:32.0819 3516 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:45:32.0821 3516 swenum - ok
13:45:32.0868 3516 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:45:32.0879 3516 swprv - ok
13:45:32.0901 3516 sxuptp - ok
13:45:32.0974 3516 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:45:33.0042 3516 SysMain - ok
13:45:33.0075 3516 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:45:33.0080 3516 TabletInputService - ok
13:45:33.0122 3516 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:45:33.0130 3516 TapiSrv - ok
13:45:33.0163 3516 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:45:33.0166 3516 TBS - ok
13:45:33.0276 3516 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
13:45:33.0344 3516 Tcpip - ok
13:45:33.0474 3516 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
13:45:33.0492 3516 TCPIP6 - ok
13:45:33.0528 3516 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:45:33.0535 3516 tcpipreg - ok
13:45:33.0592 3516 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:45:33.0595 3516 TDPIPE - ok
13:45:33.0632 3516 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:45:33.0643 3516 TDTCP - ok
13:45:33.0722 3516 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:45:33.0726 3516 tdx - ok
13:45:33.0764 3516 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:45:33.0766 3516 TermDD - ok
13:45:33.0815 3516 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:45:33.0840 3516 TermService - ok
13:45:33.0878 3516 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:45:33.0884 3516 Themes - ok
13:45:33.0914 3516 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:45:33.0918 3516 THREADORDER - ok
13:45:33.0957 3516 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:45:33.0965 3516 TrkWks - ok
13:45:34.0011 3516 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:45:34.0014 3516 TrustedInstaller - ok
13:45:34.0088 3516 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:45:34.0092 3516 tssecsrv - ok
13:45:34.0152 3516 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:45:34.0155 3516 TsUsbFlt - ok
13:45:34.0204 3516 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:45:34.0214 3516 tunnel - ok
13:45:34.0247 3516 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:45:34.0251 3516 uagp35 - ok
13:45:34.0346 3516 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:45:34.0352 3516 udfs - ok
13:45:34.0412 3516 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:45:34.0416 3516 UI0Detect - ok
13:45:34.0465 3516 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:45:34.0471 3516 uliagpkx - ok
13:45:34.0514 3516 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
13:45:34.0516 3516 umbus - ok
13:45:34.0538 3516 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:45:34.0541 3516 UmPass - ok
13:45:34.0574 3516 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:45:34.0582 3516 upnphost - ok
13:45:34.0621 3516 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
13:45:34.0630 3516 USBAAPL64 - ok
13:45:34.0690 3516 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:45:34.0693 3516 usbccgp - ok
13:45:34.0739 3516 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:45:34.0743 3516 usbcir - ok
13:45:34.0773 3516 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
13:45:34.0779 3516 usbehci - ok
13:45:34.0846 3516 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:45:34.0853 3516 usbhub - ok
13:45:34.0889 3516 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
13:45:34.0892 3516 usbohci - ok
13:45:34.0914 3516 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:45:34.0917 3516 usbprint - ok
13:45:34.0947 3516 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:45:34.0950 3516 usbscan - ok
13:45:34.0984 3516 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:45:34.0988 3516 USBSTOR - ok
13:45:35.0025 3516 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
13:45:35.0029 3516 usbuhci - ok
13:45:35.0092 3516 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
13:45:35.0096 3516 usbvideo - ok
13:45:35.0139 3516 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:45:35.0148 3516 UxSms - ok
13:45:35.0175 3516 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:45:35.0177 3516 VaultSvc - ok
13:45:35.0233 3516 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:45:35.0235 3516 vdrvroot - ok
13:45:35.0351 3516 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:45:35.0382 3516 vds - ok
13:45:35.0446 3516 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:45:35.0452 3516 vga - ok
13:45:35.0479 3516 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:45:35.0482 3516 VgaSave - ok
13:45:35.0512 3516 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:45:35.0518 3516 vhdmp - ok
13:45:35.0547 3516 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:45:35.0557 3516 viaide - ok
13:45:35.0589 3516 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:45:35.0591 3516 volmgr - ok
13:45:35.0658 3516 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:45:35.0678 3516 volmgrx - ok
13:45:35.0718 3516 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:45:35.0724 3516 volsnap - ok
13:45:35.0774 3516 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:45:35.0784 3516 vsmraid - ok
13:45:35.0859 3516 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:45:35.0915 3516 VSS - ok
13:45:36.0063 3516 vToolbarUpdater (980e45498392e6659d2e7c44e7de2336) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
13:45:36.0073 3516 vToolbarUpdater - ok
13:45:36.0205 3516 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:45:36.0211 3516 vwifibus - ok
13:45:36.0283 3516 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:45:36.0293 3516 W32Time - ok
13:45:36.0317 3516 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:45:36.0320 3516 WacomPen - ok
13:45:36.0364 3516 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:45:36.0368 3516 WANARP - ok
13:45:36.0377 3516 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:45:36.0379 3516 Wanarpv6 - ok
13:45:36.0502 3516 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:45:36.0547 3516 WatAdminSvc - ok
13:45:36.0788 3516 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:45:36.0834 3516 wbengine - ok
13:45:36.0932 3516 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:45:36.0939 3516 WbioSrvc - ok
13:45:36.0994 3516 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:45:37.0004 3516 wcncsvc - ok
13:45:37.0025 3516 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:45:37.0030 3516 WcsPlugInService - ok
13:45:37.0077 3516 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:45:37.0081 3516 Wd - ok
13:45:37.0115 3516 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:45:37.0137 3516 Wdf01000 - ok
13:45:37.0169 3516 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:45:37.0176 3516 WdiServiceHost - ok
13:45:37.0183 3516 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:45:37.0187 3516 WdiSystemHost - ok
13:45:37.0225 3516 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:45:37.0233 3516 WebClient - ok
13:45:37.0258 3516 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:45:37.0265 3516 Wecsvc - ok
13:45:37.0293 3516 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:45:37.0298 3516 wercplsupport - ok
13:45:37.0345 3516 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:45:37.0349 3516 WerSvc - ok
13:45:37.0402 3516 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:45:37.0405 3516 WfpLwf - ok
13:45:37.0423 3516 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:45:37.0426 3516 WIMMount - ok
13:45:37.0473 3516 WinDefend - ok
13:45:37.0484 3516 WinHttpAutoProxySvc - ok
13:45:37.0586 3516 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:45:37.0591 3516 Winmgmt - ok
13:45:37.0769 3516 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:45:37.0832 3516 WinRM - ok
13:45:38.0015 3516 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:45:38.0045 3516 Wlansvc - ok
13:45:38.0114 3516 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:45:38.0117 3516 wlcrasvc - ok
13:45:38.0271 3516 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:45:38.0293 3516 wlidsvc - ok
13:45:38.0423 3516 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:45:38.0424 3516 WmiAcpi - ok
13:45:38.0496 3516 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:45:38.0502 3516 wmiApSrv - ok
13:45:38.0554 3516 WMPNetworkSvc - ok
13:45:38.0631 3516 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:45:38.0635 3516 WPCSvc - ok
13:45:38.0672 3516 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:45:38.0678 3516 WPDBusEnum - ok
13:45:38.0739 3516 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:45:38.0740 3516 ws2ifsl - ok
13:45:38.0796 3516 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
13:45:38.0806 3516 wscsvc - ok
13:45:38.0865 3516 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
13:45:38.0868 3516 WSDPrintDevice - ok
13:45:38.0879 3516 WSearch - ok
13:45:39.0146 3516 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
13:45:39.0217 3516 wuauserv - ok
13:45:39.0354 3516 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:45:39.0362 3516 WudfPf - ok
13:45:39.0510 3516 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:45:39.0515 3516 WUDFRd - ok
13:45:39.0557 3516 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:45:39.0563 3516 wudfsvc - ok
13:45:39.0599 3516 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:45:39.0606 3516 WwanSvc - ok
13:45:39.0649 3516 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:45:39.0730 3516 \Device\Harddisk0\DR0 - ok
13:45:39.0735 3516 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
13:45:39.0739 3516 \Device\Harddisk1\DR1 - ok
13:45:39.0744 3516 Boot (0x1200) (672637fd0725f145e2a8ce37e5d5b9fc) \Device\Harddisk0\DR0\Partition0
13:45:39.0746 3516 \Device\Harddisk0\DR0\Partition0 - ok
13:45:39.0771 3516 Boot (0x1200) (43df2f406c9d41904423ac3fe5f0949a) \Device\Harddisk0\DR0\Partition1
13:45:39.0777 3516 \Device\Harddisk0\DR0\Partition1 - ok
13:45:39.0777 3516 ============================================================
13:45:39.0778 3516 Scan finished
13:45:39.0778 3516 ============================================================
13:45:39.0796 1228 Detected object count: 1
13:45:39.0796 1228 Actual detected object count: 1
13:46:01.0301 1228 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
13:46:01.0301 1228 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
13:47:24.0902 5892 Deinitialize success



I couldn't do the aswMBR scan. It would run for a while, then the computer would get a blue screen saying that there was an error and it needed to shut down.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:43 PM

Posted 24 March 2012 - 01:45 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\program files (x86)\blekkotb
c:\program files (x86)\freecordertoolbar

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Emmetkelly

Emmetkelly
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 24 March 2012 - 03:20 PM

ComboFix 12-03-22.01 - Emily 03/24/2012 15:35:53.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8157.6600 [GMT -4:00]
Running from: c:\users\Emily\Downloads\ComboFix.exe
Command switches used :: c:\users\Emily\Desktop\CFScript.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\blekkotb
c:\program files (x86)\blekkotb\auxi\blekkoAu.dll
c:\program files (x86)\blekkotb\auxi\config.xml
c:\program files (x86)\blekkotb\blekkoDx.dll
c:\program files (x86)\blekkotb\blekkotb.dll
c:\program files (x86)\blekkotb\chrome\content\custom.js
c:\program files (x86)\blekkotb\chrome\content\lib\about.xml
c:\program files (x86)\blekkotb\chrome\content\lib\dtxpanel.xul
c:\program files (x86)\blekkotb\chrome\content\lib\dtxpaneltransparent.xul
c:\program files (x86)\blekkotb\chrome\content\lib\dtxpanelwin.xul
c:\program files (x86)\blekkotb\chrome\content\lib\dtxprefwin.xul
c:\program files (x86)\blekkotb\chrome\content\lib\dtxtransparentwin.xul
c:\program files (x86)\blekkotb\chrome\content\lib\dtxwin.xul
c:\program files (x86)\blekkotb\chrome\content\lib\emailnotifierproviders.xml
c:\program files (x86)\blekkotb\chrome\content\lib\external.js
c:\program files (x86)\blekkotb\chrome\content\lib\neterror.xhtml
c:\program files (x86)\blekkotb\chrome\content\lib\rsspreview.html
c:\program files (x86)\blekkotb\chrome\content\lib\rsswin.xml
c:\program files (x86)\blekkotb\chrome\content\lib\rsswin.xsl
c:\program files (x86)\blekkotb\chrome\content\modules\datastore.jsm
c:\program files (x86)\blekkotb\chrome\content\modules\nsDragAndDrop.js
c:\program files (x86)\blekkotb\chrome\content\newtab\images\btn_search.gif
c:\program files (x86)\blekkotb\chrome\content\newtab\images\bullet.gif
c:\program files (x86)\blekkotb\chrome\content\newtab\images\field_bg.gif
c:\program files (x86)\blekkotb\chrome\content\newtab\images\powered_by_yahoo.gif
c:\program files (x86)\blekkotb\chrome\content\newtab\newtab.html
c:\program files (x86)\blekkotb\chrome\content\preferences.xml
c:\program files (x86)\blekkotb\chrome\content\toolbar.htm
c:\program files (x86)\blekkotb\chrome\content\toolbar.xul
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\css\dialog.css
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrow-grey.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrows_grey-left.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrows_grey-right.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\bg.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\btn-search-over.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\btn-search.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\throbber.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\index.html
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\css\dialog.css
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\1x1_transparent.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\bg.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-search.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-wide-close-over.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-wide-close.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn_close_x.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\default.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\transparent.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-left.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-mdl.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-right-resize.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-right.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\main.html
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\scripts\defscript.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\tb_icon.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\widget.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\widget.xml
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\widget_version.txt
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\.project
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\alert_coupon.css
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-next-off.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-next.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-previous-off.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-previous.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\bg-coupon-blue.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\bg-save.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\blank_image.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\border-radius.htc
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-getcoupon.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-next-blue.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-previous-blue.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-wide-close-over.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-wide-close.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\checked.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\coupon-activated.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\couponTooltip.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\css\appversion.css
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\css\dialog.css
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\css\IE7Styles.css
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-coupon-hover.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-coupon.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-dollar.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrow-grey.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-left.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-right.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\bg_top.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-back.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-getcoupon.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-search.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\coupon-activated.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\delete.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\loader.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\save.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb-disable.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb-down.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt-disable.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt-down.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\sprite.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-arrow-hover.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-arrow.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-l.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-l_BAK.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-r.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-r_BAK.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-on-l.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-on-r.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-over-l.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-over-r.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-left.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-mdl.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-right.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\vid-bg.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\index.html
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\jquery.contextMenu.css
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\jquery.contextMenu.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\appversion.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery-1.4.2.min.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.event.wheel.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.pagination.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.scrollTo-min.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\JSON.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\listnav.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\main.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\main.js.bak
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\page_white_copy.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\panel.html
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\partner.xml
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\placeholder-logo.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css\dialog.css
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\bg.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-disablealert-over.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-disablealert.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-enablealert-over.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-enablealert.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-help-over.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-help.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-managealerts-over.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-managealerts.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-showalert-over.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-showalert.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-wide-close-over.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-wide-close.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\default.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\power-couponcamp.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\poweredby-couponwinner.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\transparent.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-left.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-left_old.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-mdl.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-mdl_old.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right-resize.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right_old.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\main.html
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts\defscript.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\tb_icon.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\unchecked.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\widget.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\widget.xml
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\widget_version.txt
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Grooveshark\tb_icon.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Grooveshark\widget.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Grooveshark\widget.xml
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Grooveshark\widget_version.txt
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\css\messageContent.css
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\css\messageList.css
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\images\bg_header.jpg
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\images\btn-close-grey.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\images\mail.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\images\msg-btn.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\messageContent.html
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\messageList.html
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\scripts\messageList.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\tb_icon.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\widget.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\widget.xml
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\.cvsignore
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\css\dialog.css
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrow-grey.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-left.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-right.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\back.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search-over.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\delete.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-disable.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-down.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-disable.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-down.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow-hover.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-l.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-r.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-l.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-r.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-l.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-r.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-left.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-mdl.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-right.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-left.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-mdl.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-right.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\throbber.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\vid-bg.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\youtube.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\index.html
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\function.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\jquery-1.4.2.min.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\JSON.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css\dialog.css
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\bg-facebook.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\blank.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close-over.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\default.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\transparent.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-left.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-mdl.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right-resize.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\main.html
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\defscript.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\jquery-1.4.2.min.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\tb_icon.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.xml
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget_version.txt
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-buffering.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-connecting.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-playing.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-stopped.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta.ico
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\tb_icon.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\widget.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\widget.xml
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\css\twitter.css
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login-over.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\btn-submit.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\loginbg.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\refresh-over.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\refresh.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-disable.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-down.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-over.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-disable.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-down.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-over.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-l.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-r.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-l.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-r.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\throbber.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\twitter-logo48.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\twitter_top.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\index.html
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\js\defscript.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\js\jquery.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\js\scripts.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\login.html
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\css\dialog.css
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\bg.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close-over.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\default.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\transparent.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-left.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-mdl.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right-resize.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\main.html
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts\defscript.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\tb_icon.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\widget.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\widget.xml
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\widget_version.txt
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\css\autocomplete.css
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\css\dialog.css
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrow-grey.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrows_grey-left.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrows_grey-right.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\bg.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\btn-search-over.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\btn-search.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\powered-by-youtube.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-off-l.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-off-r.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-on-l.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-on-r.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-red-left.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-red-mdl.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-red-right.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-white-left.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-white-mdl.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-white-right.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\throbber.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\vid-bg.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\youtube.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\index.html
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\js\autocomplete.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\js\jquery-1.4.3.min.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\js\paginator.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\js\youtube.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\css\dialog.css
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\bg.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\btn-search.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\btn-wide-close-over.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\btn-wide-close.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\default.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-off-l.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-off-r.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-on-l.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-on-r.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\transparent.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-left.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-mdl.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-right-resize.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-right.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\main.html
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\scripts\defscript.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\tb_icon.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\widget.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\widget.xml
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\widget_version.txt
c:\program files (x86)\blekkotb\chrome\data\search\engines.xml
c:\program files (x86)\blekkotb\chrome\data\search\search.xsl
c:\program files (x86)\blekkotb\chrome\skin\bg-btnover-mdl_ff_bluelite.png
c:\program files (x86)\blekkotb\chrome\skin\bg-btnover-mdl_ff_bluesky.png
c:\program files (x86)\blekkotb\chrome\skin\blekko16.png
c:\program files (x86)\blekkotb\chrome\skin\blogger.png
c:\program files (x86)\blekkotb\chrome\skin\bluelite.gif
c:\program files (x86)\blekkotb\chrome\skin\bluesky.gif
c:\program files (x86)\blekkotb\chrome\skin\btn-search-over.png
c:\program files (x86)\blekkotb\chrome\skin\btn-search.png
c:\program files (x86)\blekkotb\chrome\skin\btn-settings-over.png
c:\program files (x86)\blekkotb\chrome\skin\btn-settings.png
c:\program files (x86)\blekkotb\chrome\skin\btn-widgets-over.png
c:\program files (x86)\blekkotb\chrome\skin\btn-widgets.png
c:\program files (x86)\blekkotb\chrome\skin\coupons-hover.png
c:\program files (x86)\blekkotb\chrome\skin\coupons.png
c:\program files (x86)\blekkotb\chrome\skin\custom.css
c:\program files (x86)\blekkotb\chrome\skin\dictionary.png
c:\program files (x86)\blekkotb\chrome\skin\downloadcom.png
c:\program files (x86)\blekkotb\chrome\skin\dtxlogo.png
c:\program files (x86)\blekkotb\chrome\skin\facebook-blekko-hover.png
c:\program files (x86)\blekkotb\chrome\skin\facebook-blekko.png
c:\program files (x86)\blekkotb\chrome\skin\facebook-hover.png
c:\program files (x86)\blekkotb\chrome\skin\facebook.png
c:\program files (x86)\blekkotb\chrome\skin\fb.png
c:\program files (x86)\blekkotb\chrome\skin\games.png
c:\program files (x86)\blekkotb\chrome\skin\google.png
c:\program files (x86)\blekkotb\chrome\skin\graphna.png
c:\program files (x86)\blekkotb\chrome\skin\graphred0.png
c:\program files (x86)\blekkotb\chrome\skin\graphred0_5.png
c:\program files (x86)\blekkotb\chrome\skin\graphred1.png
c:\program files (x86)\blekkotb\chrome\skin\graphred1_5.png
c:\program files (x86)\blekkotb\chrome\skin\graphred2.png
c:\program files (x86)\blekkotb\chrome\skin\graphred2_5.png
c:\program files (x86)\blekkotb\chrome\skin\graphred3.png
c:\program files (x86)\blekkotb\chrome\skin\graphred3_5.png
c:\program files (x86)\blekkotb\chrome\skin\graphred4.png
c:\program files (x86)\blekkotb\chrome\skin\graphred4_5.png
c:\program files (x86)\blekkotb\chrome\skin\graphred5.png
c:\program files (x86)\blekkotb\chrome\skin\graphredna.png
c:\program files (x86)\blekkotb\chrome\skin\grey.gif
c:\program files (x86)\blekkotb\chrome\skin\hulu.png
c:\program files (x86)\blekkotb\chrome\skin\ico-digg.png
c:\program files (x86)\blekkotb\chrome\skin\ico-shield.png
c:\program files (x86)\blekkotb\chrome\skin\icon_blekko.png
c:\program files (x86)\blekkotb\chrome\skin\images.png
c:\program files (x86)\blekkotb\chrome\skin\lib\add.png
c:\program files (x86)\blekkotb\chrome\skin\lib\aol.png
c:\program files (x86)\blekkotb\chrome\skin\lib\arrow-dn.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\arrow-right-disabled.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\arrow-right.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\arrow-up.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\bg-btn-end.png
c:\program files (x86)\blekkotb\chrome\skin\lib\bg-btn-mdl.png
c:\program files (x86)\blekkotb\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files (x86)\blekkotb\chrome\skin\lib\bg-btn-start.png
c:\program files (x86)\blekkotb\chrome\skin\lib\bg-btnover-end.png
c:\program files (x86)\blekkotb\chrome\skin\lib\bg-btnover-mdl.png
c:\program files (x86)\blekkotb\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files (x86)\blekkotb\chrome\skin\lib\bg-btnover-start.png
c:\program files (x86)\blekkotb\chrome\skin\lib\blank.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\btnback-down-vista.png
c:\program files (x86)\blekkotb\chrome\skin\lib\btnback-vista.png
c:\program files (x86)\blekkotb\chrome\skin\lib\btnleft-down-vista.png
c:\program files (x86)\blekkotb\chrome\skin\lib\btnleft-vista.png
c:\program files (x86)\blekkotb\chrome\skin\lib\btnright-down-vista.png
c:\program files (x86)\blekkotb\chrome\skin\lib\btnright-vista.png
c:\program files (x86)\blekkotb\chrome\skin\lib\button-splitter-down-vista.png
c:\program files (x86)\blekkotb\chrome\skin\lib\button-splitter-vista.png
c:\program files (x86)\blekkotb\chrome\skin\lib\checkmark.png
c:\program files (x86)\blekkotb\chrome\skin\lib\chevron.png
c:\program files (x86)\blekkotb\chrome\skin\lib\collapse.png
c:\program files (x86)\blekkotb\chrome\skin\lib\dtx.css
c:\program files (x86)\blekkotb\chrome\skin\lib\edit-back-hot.png
c:\program files (x86)\blekkotb\chrome\skin\lib\edit-back.png
c:\program files (x86)\blekkotb\chrome\skin\lib\expand.png
c:\program files (x86)\blekkotb\chrome\skin\lib\found.png
c:\program files (x86)\blekkotb\chrome\skin\lib\gmail.png
c:\program files (x86)\blekkotb\chrome\skin\lib\highlight.png
c:\program files (x86)\blekkotb\chrome\skin\lib\highlight_blue.png
c:\program files (x86)\blekkotb\chrome\skin\lib\highlight_cyan.png
c:\program files (x86)\blekkotb\chrome\skin\lib\highlight_lime.png
c:\program files (x86)\blekkotb\chrome\skin\lib\highlight_magenta.png
c:\program files (x86)\blekkotb\chrome\skin\lib\highlight_yellow.png
c:\program files (x86)\blekkotb\chrome\skin\lib\hotmail.png
c:\program files (x86)\blekkotb\chrome\skin\lib\imap.png
c:\program files (x86)\blekkotb\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\loadingMid.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\lock.png
c:\program files (x86)\blekkotb\chrome\skin\lib\mailcom.png
c:\program files (x86)\blekkotb\chrome\skin\lib\menu_bg-basic.png
c:\program files (x86)\blekkotb\chrome\skin\lib\menu_separator_bar.png
c:\program files (x86)\blekkotb\chrome\skin\lib\menuitem-splitter.png
c:\program files (x86)\blekkotb\chrome\skin\lib\menuitemback-down-vista.png
c:\program files (x86)\blekkotb\chrome\skin\lib\menuitemback-vista.png
c:\program files (x86)\blekkotb\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files (x86)\blekkotb\chrome\skin\lib\menuitemleft-vista.png
c:\program files (x86)\blekkotb\chrome\skin\lib\menuitemright-down-vista.png
c:\program files (x86)\blekkotb\chrome\skin\lib\menuitemright-vista.png
c:\program files (x86)\blekkotb\chrome\skin\lib\modify.png
c:\program files (x86)\blekkotb\chrome\skin\lib\move.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\movetarget.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\css\popupAbout.css
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\default\css\dialog.css
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\default\images\bg.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\default\images\default.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\default\main.html
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-drag.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-next.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-previous.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\ico-download.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\ico-tags.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\icon-Add.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\icon-Info.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\scrollb.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\scrollt.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\throbber.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\popupWidgets.html
c:\program files (x86)\blekkotb\chrome\skin\lib\pop.png
c:\program files (x86)\blekkotb\chrome\skin\lib\radio.png
c:\program files (x86)\blekkotb\chrome\skin\lib\reload.png
c:\program files (x86)\blekkotb\chrome\skin\lib\remove.png
c:\program files (x86)\blekkotb\chrome\skin\lib\rename.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\resize-box.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\rss.png
c:\program files (x86)\blekkotb\chrome\skin\lib\rsschannelback.png
c:\program files (x86)\blekkotb\chrome\skin\lib\RSSLogo.png
c:\program files (x86)\blekkotb\chrome\skin\lib\rsstabdivider.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\scroll-left.png
c:\program files (x86)\blekkotb\chrome\skin\lib\scroll-right.png
c:\program files (x86)\blekkotb\chrome\skin\lib\search-go.png
c:\program files (x86)\blekkotb\chrome\skin\lib\search.png
c:\program files (x86)\blekkotb\chrome\skin\lib\text-ellipsis.xml
c:\program files (x86)\blekkotb\chrome\skin\lib\throbber.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\toolbarsplitter.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\transparent_1px.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_02.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_03.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_04.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_06.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_07.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_08.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_09.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_10.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_11.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_12.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_13.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_14.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_15.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_16.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_18.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_19.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_20.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_21.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\close-hot.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\close-normal.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\loadingMid.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\paneltemplate.html
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\proxy.html
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\template.html
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\template.xml
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\templateFF.html
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\throbber.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files (x86)\blekkotb\chrome\skin\lib\yahoo.png
c:\program files (x86)\blekkotb\chrome\skin\lichen.gif
c:\program files (x86)\blekkotb\chrome\skin\local-deals-hover.png
c:\program files (x86)\blekkotb\chrome\skin\local-deals.png
c:\program files (x86)\blekkotb\chrome\skin\logo-about.png
c:\program files (x86)\blekkotb\chrome\skin\logo-over.png
c:\program files (x86)\blekkotb\chrome\skin\logo.png
c:\program files (x86)\blekkotb\chrome\skin\mail-blekko-hover.png
c:\program files (x86)\blekkotb\chrome\skin\mail-blekko.png
c:\program files (x86)\blekkotb\chrome\skin\mail-hover.png
c:\program files (x86)\blekkotb\chrome\skin\mail.png
c:\program files (x86)\blekkotb\chrome\skin\modify-save.png
c:\program files (x86)\blekkotb\chrome\skin\modify.png
c:\program files (x86)\blekkotb\chrome\skin\music.png
c:\program files (x86)\blekkotb\chrome\skin\myspace.png
c:\program files (x86)\blekkotb\chrome\skin\news.png
c:\program files (x86)\blekkotb\chrome\skin\options-main.png
c:\program files (x86)\blekkotb\chrome\skin\options-search.png
c:\program files (x86)\blekkotb\chrome\skin\options\options-main.png
c:\program files (x86)\blekkotb\chrome\skin\options\options-search.png
c:\program files (x86)\blekkotb\chrome\skin\options\options-weather.png
c:\program files (x86)\blekkotb\chrome\skin\options\options-widgets.png
c:\program files (x86)\blekkotb\chrome\skin\orange.gif
c:\program files (x86)\blekkotb\chrome\skin\p_yahoo.png
c:\program files (x86)\blekkotb\chrome\skin\rss-collapse.png
c:\program files (x86)\blekkotb\chrome\skin\rss-delete.png
c:\program files (x86)\blekkotb\chrome\skin\rss-expand.png
c:\program files (x86)\blekkotb\chrome\skin\rss-feed.png
c:\program files (x86)\blekkotb\chrome\skin\rss-folder-remove.png
c:\program files (x86)\blekkotb\chrome\skin\rss-folder-rename.png
c:\program files (x86)\blekkotb\chrome\skin\rss-folder.png
c:\program files (x86)\blekkotb\chrome\skin\rss-found.png
c:\program files (x86)\blekkotb\chrome\skin\rss-reload.png
c:\program files (x86)\blekkotb\chrome\skin\rss-subscribe.png
c:\program files (x86)\blekkotb\chrome\skin\rss.png
c:\program files (x86)\blekkotb\chrome\skin\rssback.gif
c:\program files (x86)\blekkotb\chrome\skin\rsstopback.gif
c:\program files (x86)\blekkotb\chrome\skin\search.png
c:\program files (x86)\blekkotb\chrome\skin\settings.png
c:\program files (x86)\blekkotb\chrome\skin\shopping.png
c:\program files (x86)\blekkotb\chrome\skin\skin-bluelite.png
c:\program files (x86)\blekkotb\chrome\skin\skin-bluesky.png
c:\program files (x86)\blekkotb\chrome\skin\skin-grey.png
c:\program files (x86)\blekkotb\chrome\skin\skin-lichen.png
c:\program files (x86)\blekkotb\chrome\skin\skin-orange.png
c:\program files (x86)\blekkotb\chrome\skin\skin-yellow.png
c:\program files (x86)\blekkotb\chrome\skin\social_delicious.png
c:\program files (x86)\blekkotb\chrome\skin\social_stumbleupon.png
c:\program files (x86)\blekkotb\chrome\skin\technorati.png
c:\program files (x86)\blekkotb\chrome\skin\throbber.gif
c:\program files (x86)\blekkotb\chrome\skin\toolbarsplitter.png
c:\program files (x86)\blekkotb\chrome\skin\twitter-blekko-hover.png
c:\program files (x86)\blekkotb\chrome\skin\twitter-blekko.png
c:\program files (x86)\blekkotb\chrome\skin\twitter-hover.png
c:\program files (x86)\blekkotb\chrome\skin\twitter.png
c:\program files (x86)\blekkotb\chrome\skin\weather-blekko.png
c:\program files (x86)\blekkotb\chrome\skin\web.png
c:\program files (x86)\blekkotb\chrome\skin\websearch.png
c:\program files (x86)\blekkotb\chrome\skin\wikipedia.png
c:\program files (x86)\blekkotb\chrome\skin\yahoosearch.png
c:\program files (x86)\blekkotb\chrome\skin\yellow.gif
c:\program files (x86)\blekkotb\chrome\skin\youtube.png
c:\program files (x86)\blekkotb\components\windowmediator.js
c:\program files (x86)\blekkotb\install.ico
c:\program files (x86)\blekkotb\manifest.xml
c:\program files (x86)\blekkotb\search.ico
c:\program files (x86)\blekkotb\uninstall.exe
c:\program files (x86)\freecordertoolbar
c:\program files (x86)\freecordertoolbar\chrome\content\lib\about.xml
c:\program files (x86)\freecordertoolbar\chrome\content\lib\dtxpanel.xul
c:\program files (x86)\freecordertoolbar\chrome\content\lib\dtxpaneltransparent.xul
c:\program files (x86)\freecordertoolbar\chrome\content\lib\dtxpanelwin.xul
c:\program files (x86)\freecordertoolbar\chrome\content\lib\dtxprefwin.xul
c:\program files (x86)\freecordertoolbar\chrome\content\lib\dtxtransparentwin.xul
c:\program files (x86)\freecordertoolbar\chrome\content\lib\dtxwin.xul
c:\program files (x86)\freecordertoolbar\chrome\content\lib\emailnotifierproviders.xml
c:\program files (x86)\freecordertoolbar\chrome\content\lib\external.js
c:\program files (x86)\freecordertoolbar\chrome\content\lib\neterror.xhtml
c:\program files (x86)\freecordertoolbar\chrome\content\lib\rsspreview.html
c:\program files (x86)\freecordertoolbar\chrome\content\lib\rsswin.xml
c:\program files (x86)\freecordertoolbar\chrome\content\lib\rsswin.xsl
c:\program files (x86)\freecordertoolbar\chrome\content\lib\vmncode.js
c:\program files (x86)\freecordertoolbar\chrome\content\lib\wmpstreamer.html
c:\program files (x86)\freecordertoolbar\chrome\content\modules\datastore.jsm
c:\program files (x86)\freecordertoolbar\chrome\content\modules\nsDragAndDrop.js
c:\program files (x86)\freecordertoolbar\chrome\content\neterror.xhtml
c:\program files (x86)\freecordertoolbar\chrome\content\newtab\images\btn_search.gif
c:\program files (x86)\freecordertoolbar\chrome\content\newtab\images\bullet.gif
c:\program files (x86)\freecordertoolbar\chrome\content\newtab\images\field_bg.gif
c:\program files (x86)\freecordertoolbar\chrome\content\newtab\images\powered_by_yahoo.gif
c:\program files (x86)\freecordertoolbar\chrome\content\newtab\newtab.html
c:\program files (x86)\freecordertoolbar\chrome\content\newtab\newtab_mystart.html
c:\program files (x86)\freecordertoolbar\chrome\content\newtab\newtab_yahoo.html
c:\program files (x86)\freecordertoolbar\chrome\content\preferences.xml
c:\program files (x86)\freecordertoolbar\chrome\content\template.xml
c:\program files (x86)\freecordertoolbar\chrome\content\toolbar.htm
c:\program files (x86)\freecordertoolbar\chrome\content\toolbar.xul
c:\program files (x86)\freecordertoolbar\chrome\content\vmncode.js
c:\program files (x86)\freecordertoolbar\chrome\content\vmnrsswin.xml
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\country.json
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\css\dialog.css
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\css\videoplayer.css
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\favorites.json
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\arrow-grey.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\arrows_grey-left.gif
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\arrows_grey-right.gif
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\back.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\btn-search-over.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\btn-search.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\delete.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\scrollb-disable.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\scrollb-down.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\scrollb.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\scrollt-disable.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\scrollt-down.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\scrollt.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\star-grey.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\star.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-arrow-hover.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-arrow.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-off-l.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-off-r.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-on-l.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-on-r.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-over-l.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-over-r.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-red-left.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-red-mdl.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-red-right.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-white-left.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-white-mdl.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-white-right.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\throbber.gif
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\vid-bg.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\index.html
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\function.js
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\jquery-1.4.2.min.js
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\jquery.autocomplete.min.js
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\jquery.event.wheel.js
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\jquery.jlembed.js
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\jquery.scrollTo-min.js
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\jquery.url.js
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\JSON.js
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\main.js
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\videoplayer.js
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\css\dialog.css
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\bg.gif
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-search.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-wide-close-over.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-wide-close.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\default.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\Thumbs.db
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\transparent.gif
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-left.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-mdl.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-right-resize.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-right.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\main.html
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\scripts\defscript.js
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\tb_icon.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\videoplayer.html
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget.js
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget.jsw
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget.xml
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget_version.txt
c:\program files (x86)\freecordertoolbar\chrome\data\dynamicElements\vmntoolbar.xsl
c:\program files (x86)\freecordertoolbar\chrome\data\product.xml
c:\program files (x86)\freecordertoolbar\chrome\data\rss\rss.xml
c:\program files (x86)\freecordertoolbar\chrome\data\search\engines.xml
c:\program files (x86)\freecordertoolbar\chrome\data\search\search.xsl
c:\program files (x86)\freecordertoolbar\chrome\data\weather\icons.xml
c:\program files (x86)\freecordertoolbar\chrome\skin\1x1_png
c:\program files (x86)\freecordertoolbar\chrome\skin\about.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\about_logo.png
c:\program files (x86)\freecordertoolbar\chrome\skin\babylon_logo.png
c:\program files (x86)\freecordertoolbar\chrome\skin\bluelite.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\bluesky.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\btn-search-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\btn-search.png
c:\program files (x86)\freecordertoolbar\chrome\skin\btn-settings-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\btn-settings.png
c:\program files (x86)\freecordertoolbar\chrome\skin\btn-widgets-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\btn-widgets.png
c:\program files (x86)\freecordertoolbar\chrome\skin\btn_settings.png
c:\program files (x86)\freecordertoolbar\chrome\skin\ca.png
c:\program files (x86)\freecordertoolbar\chrome\skin\convert_png
c:\program files (x86)\freecordertoolbar\chrome\skin\dictionary.png
c:\program files (x86)\freecordertoolbar\chrome\skin\divider.png
c:\program files (x86)\freecordertoolbar\chrome\skin\downloadcom.png
c:\program files (x86)\freecordertoolbar\chrome\skin\dtxlogo.png
c:\program files (x86)\freecordertoolbar\chrome\skin\email.png
c:\program files (x86)\freecordertoolbar\chrome\skin\email_on.png
c:\program files (x86)\freecordertoolbar\chrome\skin\facebook.png
c:\program files (x86)\freecordertoolbar\chrome\skin\freecoder_small_Logo_png
c:\program files (x86)\freecordertoolbar\chrome\skin\freecoder_small_Logo2_png
c:\program files (x86)\freecordertoolbar\chrome\skin\freecoder_small_Logo3_png
c:\program files (x86)\freecordertoolbar\chrome\skin\freecorder_logo5_small_png
c:\program files (x86)\freecordertoolbar\chrome\skin\games.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphna.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphred0.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphred0_5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphred1.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphred1_5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphred2.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphred2_5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphred3.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphred3_5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphred4.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphred4_5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphred5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphredna.png
c:\program files (x86)\freecordertoolbar\chrome\skin\grey.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\ico-shield.png
c:\program files (x86)\freecordertoolbar\chrome\skin\images.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\add.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\alexabutton.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\aol.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\arrow-dn.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\arrow-right.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\arrow-up.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btn-divider.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btn-end.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btn-mdl.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btn-start.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btnover-divider.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btnover-end.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btnover-start.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\blank.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\btn-widgets-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\btn-widgets.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\btn_slider.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\btnback-down-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\btnback-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\btnleft-down-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\btnleft-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\btnright-down-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\btnright-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\button-splitter-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\button-splitter.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\checkmark.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\chevron.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\collapse.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\comcast.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\debugbar\debug.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\dtx-test.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\dtx.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\edit-back-hot.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\edit-back.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\embarq.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\expand.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\fast.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\found.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\gmail.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\gripper.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\highlight.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\highlight_blue.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\highlight_cyan.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\highlight_lime.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\highlight_magenta.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\highlight_yellow.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\hotmail.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\ico-check.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\imap.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\launchers.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\loadingMid.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\lock.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\logo-separator.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\mailcom.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menu_bg-basic.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menu_separator_bar.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menu_separator_white.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menuitem-splitter.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menuitemback-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menuitemleft-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menuitemleft.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menuitemright-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\minus.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\modify.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\move.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\movetarget.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\newsitem.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\css\panels.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\css\popupGames.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\default.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\main.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\footer.htm
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\gameData.js
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\gameList.xsl
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\games.xsl
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\gametype.xsl
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-back.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-next.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\ico-download.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\ico-play.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\icon-download.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\icon-play.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scrollb.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scrollt.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\widgets.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\initHTML.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\popupGames.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\popupHTML.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\popupRSS.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\popupWidgets.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\scroll.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\plus.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\pop.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\css\manager.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\css\slider.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\music-note.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-options.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\slider.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\slideron.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\track.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\managerpanel.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\volumeslider.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank0.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank0_5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank1.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank1_5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank2.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank2_5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank3.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank3_5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank4.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank4_5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rankna.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\reload.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\remove.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rename.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\resize-box.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rss.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rsschannelback.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\RSSLogo.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rsstabdivider.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\scroll-left.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\scroll-right.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\search-go.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\search.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\separator.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\text-ellipsis.xml
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\throbber.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\toolbarsplitter.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\transparent_1px.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_02.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_03.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_04.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_06.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_07.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_08.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_09.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_10.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_11.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_12.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_13.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_14.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_15.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_16.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_18.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_19.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_20.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_21.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\close-hot.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\close-normal.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\proxy.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\template.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\template.xml
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\templateFF.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\throbber.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\websiteinspector-highrisk-user.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\websiteinspector-highrisk.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\websiteinspector-lowrisk.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\websiteinspector-norating.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\websiteinspector-verified-user.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\websiteinspector-verified.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\websiteinspector-verifying.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\yahoo.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lichen.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\logo-about.png
c:\program files (x86)\freecordertoolbar\chrome\skin\logo-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\logo-separator.png
c:\program files (x86)\freecordertoolbar\chrome\skin\logo.png
c:\program files (x86)\freecordertoolbar\chrome\skin\mail.png
c:\program files (x86)\freecordertoolbar\chrome\skin\menuseparatorback.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\modify-save.png
c:\program files (x86)\freecordertoolbar\chrome\skin\modify.png
c:\program files (x86)\freecordertoolbar\chrome\skin\modifyhot.png
c:\program files (x86)\freecordertoolbar\chrome\skin\music.png
c:\program files (x86)\freecordertoolbar\chrome\skin\namespacetoolbar.css
c:\program files (x86)\freecordertoolbar\chrome\skin\news.png
c:\program files (x86)\freecordertoolbar\chrome\skin\options-main.png
c:\program files (x86)\freecordertoolbar\chrome\skin\options-search.png
c:\program files (x86)\freecordertoolbar\chrome\skin\options\options-main.png
c:\program files (x86)\freecordertoolbar\chrome\skin\options\options-search.png
c:\program files (x86)\freecordertoolbar\chrome\skin\options\options-weather.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\options\options-weather.png
c:\program files (x86)\freecordertoolbar\chrome\skin\options\options-widgets.png
c:\program files (x86)\freecordertoolbar\chrome\skin\options_png
c:\program files (x86)\freecordertoolbar\chrome\skin\orange.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\p_yahoo.png
c:\program files (x86)\freecordertoolbar\chrome\skin\pixsy.png
c:\program files (x86)\freecordertoolbar\chrome\skin\play_png
c:\program files (x86)\freecordertoolbar\chrome\skin\ppcbully.png
c:\program files (x86)\freecordertoolbar\chrome\skin\protect-id.png
c:\program files (x86)\freecordertoolbar\chrome\skin\record_audio_png
c:\program files (x86)\freecordertoolbar\chrome\skin\relatedlinks.png
c:\program files (x86)\freecordertoolbar\chrome\skin\rss-collapse.png
c:\program files (x86)\freecordertoolbar\chrome\skin\rss-delete.png
c:\program files (x86)\freecordertoolbar\chrome\skin\rss-expand.png
c:\program files (x86)\freecordertoolbar\chrome\skin\rss-feed.png
c:\program files (x86)\freecordertoolbar\chrome\skin\rss-folder-remove.png
c:\program files (x86)\freecordertoolbar\chrome\skin\rss-folder-rename.png
c:\program files (x86)\freecordertoolbar\chrome\skin\rss-folder.png
c:\program files (x86)\freecordertoolbar\chrome\skin\rss-found.png
c:\program files (x86)\freecordertoolbar\chrome\skin\rss-reload.png
c:\program files (x86)\freecordertoolbar\chrome\skin\rss-subscribe.png
c:\program files (x86)\freecordertoolbar\chrome\skin\rss.png
c:\program files (x86)\freecordertoolbar\chrome\skin\rssback.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\rsstopback.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\search-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\search.png
c:\program files (x86)\freecordertoolbar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files (x86)\freecordertoolbar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files (x86)\freecordertoolbar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files (x86)\freecordertoolbar\chrome\skin\settings.png
c:\program files (x86)\freecordertoolbar\chrome\skin\shopping.png
c:\program files (x86)\freecordertoolbar\chrome\skin\siteinfo.png
c:\program files (x86)\freecordertoolbar\chrome\skin\skin-bluelite.png
c:\program files (x86)\freecordertoolbar\chrome\skin\skin-bluesky.png
c:\program files (x86)\freecordertoolbar\chrome\skin\skin-grey.png
c:\program files (x86)\freecordertoolbar\chrome\skin\skin-lichen.png
c:\program files (x86)\freecordertoolbar\chrome\skin\skin-orange.png
c:\program files (x86)\freecordertoolbar\chrome\skin\skin-yellow.png
c:\program files (x86)\freecordertoolbar\chrome\skin\skin.xml
c:\program files (x86)\freecordertoolbar\chrome\skin\technorati.png
c:\program files (x86)\freecordertoolbar\chrome\skin\throbber.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\toolbarsplitter.png
c:\program files (x86)\freecordertoolbar\chrome\skin\translate.png
c:\program files (x86)\freecordertoolbar\chrome\skin\TRUSTe_about.png
c:\program files (x86)\freecordertoolbar\chrome\skin\tv_png
c:\program files (x86)\freecordertoolbar\chrome\skin\video_history_png
c:\program files (x86)\freecordertoolbar\chrome\skin\vmn.css
c:\program files (x86)\freecordertoolbar\chrome\skin\vmn.png
c:\program files (x86)\freecordertoolbar\chrome\skin\web.png
c:\program files (x86)\freecordertoolbar\chrome\skin\websearch.png
c:\program files (x86)\freecordertoolbar\chrome\skin\wikipedia.png
c:\program files (x86)\freecordertoolbar\chrome\skin\yahoosearch.png
c:\program files (x86)\freecordertoolbar\chrome\skin\yellow.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\youtube.png
c:\program files (x86)\freecordertoolbar\chrome\skin\youtube_png
c:\program files (x86)\freecordertoolbar\chrome\skin\zoom.png
c:\program files (x86)\freecordertoolbar\components\windowmediator.js
c:\program files (x86)\freecordertoolbar\install.ico
c:\program files (x86)\freecordertoolbar\manifest.xml
c:\program files (x86)\freecordertoolbar\partner.xml
c:\program files (x86)\freecordertoolbar\uninstall.exe
c:\program files (x86)\freecordertoolbar\vmntemplate.dll
c:\program files (x86)\freecordertoolbar\vmntemplateX.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-02-24 to 2012-03-24 )))))))))))))))))))))))))))))))
.
.
2012-03-24 19:58 . 2012-03-24 19:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-23 13:15 . 2012-03-23 13:15 -------- d-----w- c:\users\Emily\Dreamweaver
2012-03-23 13:13 . 2012-03-23 13:13 -------- d-----w- c:\users\Emily\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-03-22 20:39 . 2012-03-22 20:39 -------- d-----w- c:\users\Emily\AppData\Roaming\abelhadigital.com
2012-03-22 20:39 . 2012-03-22 20:39 -------- d-----w- c:\programdata\abelhadigital.com
2012-03-22 20:39 . 2012-03-22 20:39 -------- d-----w- c:\program files (x86)\HostsMan
2012-03-22 19:44 . 2012-03-22 19:44 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
2012-03-21 05:50 . 2012-03-21 05:50 -------- d-----w- c:\users\Emily\AppData\Local\blekkotb
2012-03-21 05:50 . 2012-03-24 18:29 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2012-03-21 05:50 . 2009-02-24 22:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys
2012-03-21 05:50 . 2009-02-24 22:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2012-03-21 05:49 . 2012-03-21 05:50 -------- d-----w- c:\program files (x86)\MagicDisc
2012-03-21 05:44 . 2012-03-21 05:44 -------- d-----w- c:\programdata\FLEXnet
2012-03-21 05:25 . 2012-03-21 05:25 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2012-03-21 05:24 . 2012-03-21 19:44 -------- d-----w- c:\programdata\Rosetta Stone
2012-03-21 05:24 . 2012-03-21 05:24 -------- d-----w- c:\program files (x86)\Rosetta Stone
2012-03-20 23:57 . 2012-03-13 04:39 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-20 23:57 . 2012-03-13 04:39 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-20 21:35 . 2012-03-20 21:35 -------- d-----w- c:\users\Emily\AppData\Roaming\SUPERAntiSpyware.com
2012-03-20 21:35 . 2012-03-20 21:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-20 21:35 . 2012-03-20 21:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-20 19:59 . 2012-03-21 06:25 -------- d-----w- c:\users\Emily\AppData\Roaming\uTorrent
2012-03-20 03:16 . 2012-03-20 03:20 -------- d-----w- c:\program files (x86)\The Rosetta Stone
2012-03-19 21:23 . 2012-03-19 21:23 -------- d-----w- c:\windows\SysWow64\syncdb
2012-03-19 01:43 . 2012-03-19 01:44 44544 ----a-w- c:\windows\SysWow64\agremove.exe
2012-03-19 01:26 . 2012-03-19 01:26 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-03-14 07:03 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 07:03 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 07:03 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 01:02 . 2012-03-14 01:02 -------- d-----w- c:\program files\iPod
2012-03-14 01:02 . 2012-03-14 01:02 -------- d-----w- c:\program files\iTunes
2012-03-14 00:28 . 2012-03-19 04:57 -------- d-----w- c:\programdata\Belkin
2012-03-14 00:27 . 2012-03-19 04:56 -------- d-----w- c:\program files (x86)\Belkin
2012-03-13 17:16 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 17:16 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 17:16 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 17:15 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 17:15 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 17:15 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 17:15 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 17:15 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 17:15 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 17:15 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-05 23:52 . 2012-03-05 23:53 -------- d-----w- c:\program files\PhotomatixPro4
2012-03-05 23:52 . 2012-03-05 23:52 -------- d-----w- c:\users\Emily\AppData\Roaming\HDRsoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-15 15:01 . 2012-02-15 15:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 15:01 . 2012-02-15 15:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-07 22:12 . 2011-06-26 02:28 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-03 22:41 . 2012-02-03 22:41 776320 ----a-w- c:\programdata\Microsoft\Windows\DRM\install_flashplayer.exe
2012-02-03 22:41 . 2012-02-03 22:41 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\D395.tmp
2012-02-02 05:01 . 2012-02-02 05:01 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\6ED4.tmp
2012-02-01 04:17 . 2012-02-01 04:17 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\F2FD.tmp
2012-01-04 10:44 . 2012-02-15 03:12 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 03:12 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-15 03:12 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-15 03:12 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-15 03:12 498688 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-22_20.16.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-03-23 23:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-22 19:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-22 19:33 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-23 23:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-22 19:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-23 23:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-15 07:24 . 2012-03-24 02:26 50736 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-24 18:30 45864 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-15 10:07 . 2012-03-24 18:14 24990 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1605572699-1259706304-240425394-1001_UserData.bin
+ 2009-07-14 04:46 . 2012-03-24 02:31 91616 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-03-23 13:25 . 2012-03-23 13:25 23040 c:\windows\Installer\3a4a481.msi
+ 2012-03-23 13:24 . 2012-03-23 13:24 29184 c:\windows\Installer\3a4a47c.msi
+ 2012-03-23 13:24 . 2012-03-23 13:24 10134 c:\windows\Installer\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}\ARPPRODUCTICON.exe
- 2010-11-03 02:52 . 2010-11-03 02:52 10134 c:\windows\Installer\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}\ARPPRODUCTICON.exe
+ 2012-03-23 13:24 . 2012-03-23 13:24 10134 c:\windows\Installer\{D1A19B02-817E-4296-A45B-07853FD74D57}\ARPPRODUCTICON.exe
- 2010-11-03 02:52 . 2010-11-03 02:52 10134 c:\windows\Installer\{D1A19B02-817E-4296-A45B-07853FD74D57}\ARPPRODUCTICON.exe
+ 2012-03-23 13:24 . 2012-03-23 13:24 10134 c:\windows\Installer\{B6D38690-755E-4F40-A35A-23F8BC2B86AC}\ARPPRODUCTICON.exe
- 2010-11-03 02:51 . 2010-11-03 02:51 10134 c:\windows\Installer\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}\ARPPRODUCTICON.exe
+ 2012-03-23 13:23 . 2012-03-23 13:23 10134 c:\windows\Installer\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}\ARPPRODUCTICON.exe
+ 2012-03-23 13:23 . 2012-03-23 13:23 10134 c:\windows\Installer\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}\ARPPRODUCTICON.exe
- 2010-11-03 02:52 . 2010-11-03 02:52 10134 c:\windows\Installer\{08D2E121-7F6A-43EB-97FD-629B44903403}\ARPPRODUCTICON.exe
+ 2012-03-23 13:23 . 2012-03-23 13:23 10134 c:\windows\Installer\{08D2E121-7F6A-43EB-97FD-629B44903403}\ARPPRODUCTICON.exe
+ 2012-03-23 13:24 . 2012-03-23 13:24 10134 c:\windows\Installer\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}\ARPPRODUCTICON.exe
+ 2012-03-23 13:18 . 2012-03-23 13:18 9560 c:\windows\system32\NetworkList\Icons\{882910CA-825B-43DD-B6D4-2B51330447BC}_48.bin
+ 2012-03-23 13:18 . 2012-03-23 13:18 4280 c:\windows\system32\NetworkList\Icons\{882910CA-825B-43DD-B6D4-2B51330447BC}_32.bin
+ 2012-03-23 13:18 . 2012-03-23 13:18 2456 c:\windows\system32\NetworkList\Icons\{882910CA-825B-43DD-B6D4-2B51330447BC}_24.bin
+ 2012-03-24 20:00 . 2012-03-24 20:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-22 20:15 . 2012-03-22 20:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-22 20:15 . 2012-03-22 20:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-24 20:00 . 2012-03-24 20:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-28 22:01 . 2011-02-28 22:01 947472 c:\windows\SysWOW64\msjava.dll
+ 2010-07-16 01:27 . 2012-03-23 14:43 331104 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-03-20 20:59 624412 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-24 02:29 624412 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-24 02:29 106756 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-20 20:59 106756 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-03-22 20:14 281244 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-24 19:59 281244 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-03-24 01:36 . 2011-03-24 01:36 915456 c:\windows\Installer\3a4a419.msi
+ 2011-03-24 01:36 . 2011-03-24 01:36 606208 c:\windows\Installer\3a4a414.msi
+ 2011-03-24 01:36 . 2011-03-24 01:36 725504 c:\windows\Installer\3a4a408.msi
- 2009-07-14 04:45 . 2012-03-19 21:29 7150424 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-03-23 16:38 7150424 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2011-03-04 03:05 . 2012-03-22 20:14 3505964 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1605572699-1259706304-240425394-1001-8192.dat
+ 2011-03-04 03:05 . 2012-03-24 19:59 3505964 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1605572699-1259706304-240425394-1001-8192.dat
+ 2011-09-14 04:06 . 2012-03-23 16:12 1141412 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1605572699-1259706304-240425394-1001-4096.dat
+ 2012-03-19 18:28 . 2012-03-19 18:28 8004096 c:\windows\Installer\aebafc.msi
+ 2011-03-24 01:36 . 2011-03-24 01:36 3670016 c:\windows\Installer\3a4a40f.msi
+ 2011-03-24 01:36 . 2011-03-24 01:36 2211328 c:\windows\Installer\3a4a3fc.msi
+ 2011-03-24 01:36 . 2011-03-24 01:36 1997312 c:\windows\Installer\3a4a3f5.msi
+ 2011-03-24 01:36 . 2011-03-24 01:36 12719104 c:\windows\Installer\3a4a401.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Akamai NetSession Interface"="c:\users\Emily\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-25 98304]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-01-16 939872]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-01-17 232616]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
.
c:\users\Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-3-21 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-01-16 909152]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1605572699-1259706304-240425394-1001Core.job
- c:\users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-19 19:57]
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1605572699-1259706304-240425394-1001UA.job
- c:\users\Emily\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-19 19:57]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://blekko.com?source=c3348dd4&tbp=homepage&toolbarid=blekkotb&u=20120321CB7149B092E48432D697A1B5
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\4y0non14.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://blekko.com/?source=c3348dd4&tbp=url&toolbarid=blekkotb&u=___userid___&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - c:\program files (x86)\blekkotb\auxi\blekkoAu.dll
BHO-{26c9e18c-3717-4be1-a225-04e4471f5b6e} - c:\program files (x86)\blekkotb\blekkoDx.dll
BHO-{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - c:\program files (x86)\freecordertoolbar\vmntemplateX.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - c:\program files (x86)\freecordertoolbar\vmntemplateX.dll
Toolbar-{26c9e18c-3717-4be1-a225-04e4471f5b6e} - c:\program files (x86)\blekkotb\blekkoDx.dll
AddRemove-blekkotb - c:\program files (x86)\blekkotb\uninstall.exe
AddRemove-freecordertoolbar - c:\program files (x86)\freecordertoolbar\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-03-24 16:05:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-24 20:05
ComboFix2.txt 2012-03-22 20:21
.
Pre-Run: 208,414,064,640 bytes free
Post-Run: 208,479,326,208 bytes free
.
- - End Of File - - 54957296FBC07573A7A994872E2C11C6




It's still directing.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:43 PM

Posted 24 March 2012 - 10:29 PM

Hello


the redirect is only happening in firefox?

if that is the case I want you to uninstall it and then reinstall it and let me know if it still happens

if it happens in IE also then let me know


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Emmetkelly

Emmetkelly
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 25 March 2012 - 11:40 AM

I can't seem to find Internet Explorer. It doesn't come up in my list of programs and when I try to download it, it says that it can't because there is a higher version already installed on my computer.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:43 PM

Posted 25 March 2012 - 07:41 PM

Hello

click on the start orb and in the search pane type in internet it should be the first one listed


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Emmetkelly

Emmetkelly
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 25 March 2012 - 09:58 PM

It's not there. Doesn't come up at all.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:43 PM

Posted 25 March 2012 - 10:05 PM

download firefox to the desktop first

uninstall firefox and if asked about user data remove that as well

reinstall firefox and see if it is still redirected


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:43 PM

Posted 28 March 2012 - 12:02 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:43 PM

Posted 31 March 2012 - 01:12 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:43 PM

Posted 04 April 2012 - 01:11 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users