Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Searchnu virus?


  • This topic is locked This topic is locked
18 replies to this topic

#1 Shadowz85

Shadowz85

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:05 PM

Posted 19 April 2012 - 12:54 AM

I logged into my mom's computer and discovered that Firefox and Chrome have their default search engine set for searchnu. I changed it back to Google, shut down and it kept my setting. I'm concerned that she's been infected with a virus, even though there is no strange behavior or redirects. I don't want to do any banking stuff until I'm sure it's clean. I ran Malwarebytes and it came up clean, but lately I've worked on computers that have been infected and are being reported clean. This is the first time I've posted here. Thanks for the help.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19222 BrowserJavaVersion: 1.6.0_31
Run by COREY at 20:21:09 on 2012-04-18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2047.904 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Creative\Shared Files\CIDS\CTStray.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\TiVo\Desktop\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Citrix\GoToAssist Express Customer\383\g2ax_service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\system32\vmnat.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\Citrix\GoToAssist Express Customer\383\g2ax_comm_customer.exe
C:\Program Files\Citrix\GoToAssist Express Customer\383\g2ax_system_customer.exe
C:\Program Files\Citrix\GoToAssist Express Customer\383\g2ax_user_customer.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Users\COREY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\COREY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\COREY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\COREY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\COREY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\COREY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchnu.com/413
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\5.4\youtubedownloaderToolbarIE.dll
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: ALOT Toolbar Helper: {14ceeaff-96dd-4101-ae37-d5ecdc23c3f6} - c:\program files\alot\bin\bho\alotBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi9130~1\datamngr\toolbar\searchqudtx.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\wi9130~1\datamngr\BROWSE~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\5.4\youtubedownloaderToolbarIE.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi9130~1\datamngr\toolbar\searchqudtx.dll
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\5.4\youtubedownloaderToolbarIE.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
uRun: [TivoServer] c:\program files\tivo\desktop\TiVoServer.exe /service /registry /auto:TivoServer
uRun: [TivoTransfer] c:\program files\tivo\desktop\TiVoTransfer.exe
uRun: [TivoNotify] c:\program files\tivo\desktop\TiVoNotify.exe /service /registry /auto:TivoNotify
uRun: [TranscodingService] c:\program files\tivo\desktop\plus\\TranscodingService.exe
uRun: [Google Update] "c:\users\corey\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Creative Mouse Software] c:\program files\creative\shared files\cids\CTStray.exe
mRun: [Creative Keyboard Software] c:\program files\creative\shared files\cids\CTStray.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Live Update 5] c:\program files\msi\live update 5\LU5.exe /reminder
mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe
mRun: [DATAMNGR] c:\progra~1\wi9130~1\datamngr\DATAMN~1.EXE
mRun: [<NO NAME>]
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
LSP: %SystemRoot%\system32\vsocklib.dll
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2FE5EDC9-08BC-4664-AA09-2558F440CA37} : DhcpNameServer = 192.168.0.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: GoToAssist Express Customer - c:\program files\citrix\gotoassist express customer\383\g2ax_winlogon.dll
AppInit_DLLs: c:\progra~1\wi9130~1\datamngr\datamngr.dll c:\progra~1\wi9130~1\datamngr\IEBHO.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\corey\appdata\roaming\mozilla\firefox\profiles\plnplmne.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/413
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=413&sr=0&q=
FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - component: c:\program files\windows searchqu toolbar\datamngr\firefoxextension\components\DataMngrHlpFF3.dll
FF - component: c:\users\corey\appdata\roaming\mozilla\firefox\profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency.dll
FF - component: c:\users\corey\appdata\roaming\mozilla\firefox\profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.5.dll
FF - component: c:\users\corey\appdata\roaming\mozilla\firefox\profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.6.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\npjpi160_31.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\corey\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WebMail Notifier: {37fa1426-b82d-11db-8314-0800200c9a66} - %profile%\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
FF - Ext: SearchquToolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - %profile%\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [2011-8-8 98928]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-7-14 176128]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-4-12 784792]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-26 21504]
R2 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\citrix\gotoassist express customer\383\g2ax_service.exe [2012-3-22 609144]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2011-8-29 665200]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-11-9 8913920]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-11-9 263680]
R3 AVMNgBasM780;AVerMedia M780 Base Driver;c:\windows\system32\drivers\AVerBas.sys [2009-2-2 57216]
R3 AVMNgCapM780;AVerMedia M780 Audio/Video Capture Driver;c:\windows\system32\drivers\AVerCap.sys [2009-2-2 366976]
R3 AVMNgTunM780;AVerMedia M780 TVTuner Driver;c:\windows\system32\drivers\AVerTun.sys [2009-2-2 165248]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\common files\roxio shared\10.0\sharedcom\roxliveshare10.exe" --> c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 253088]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-20 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files\msi\live update 5\msibios32_100507.sys [2012-2-24 25912]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\msi\live update 5\NTIOLib.sys [2012-2-24 7680]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 TivoBeacon2;TiVo Beacon Service;c:\program files\tivo\desktop\TiVoBeacon.exe [2010-8-24 1104656]
.
=============== Created Last 30 ================
.
2012-04-18 21:41:43 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{88f2f58d-124c-4c8a-94a7-a7b455b2351b}\mpengine.dll
2012-04-14 06:21:05 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2012-04-14 06:21:05 -------- d-----w- c:\program files\common files\Spigot
2012-04-14 06:21:05 -------- d-----w- c:\program files\Application Updater
2012-04-12 10:17:51 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 10:17:51 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 10:17:51 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 10:17:51 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 10:15:41 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 10:15:41 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-09 04:55:54 -------- d-----w- c:\programdata\boost_interprocess
2012-04-09 04:55:53 -------- d-----w- c:\program files\Windows Searchqu Toolbar
2012-04-09 04:55:49 360448 ----a-w- c:\windows\system32\TubeFinder.exe
2012-04-09 04:55:43 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
2012-04-09 04:55:43 84512 ----a-w- c:\windows\system32\PICCLP32.OCX
2012-04-09 04:55:43 364544 ----a-w- c:\windows\system32\PropertyGrid.ocx
2012-04-09 04:55:43 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2012-04-09 04:55:43 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2012-04-09 04:55:42 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2012-04-09 04:55:41 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2012-04-09 04:55:41 24576 ----a-w- c:\windows\system32\ControlSubX.ocx
2012-04-09 04:55:41 -------- d-----w- c:\users\corey\appdata\roaming\FreeFLVConverter
2012-04-09 04:55:41 -------- d-----w- c:\program files\Free FLV Converter
2012-04-09 04:28:55 -------- d-----w- c:\users\corey\appdata\roaming\Replay Media Catcher 4
2012-04-09 04:28:55 -------- d-----w- c:\programdata\Applian
2012-04-09 00:19:26 -------- d-----w- c:\programdata\xml_param
2012-04-09 00:17:16 -------- d-----w- c:\users\corey\appdata\roaming\Wondershare Video Converter Ultimate
2012-04-09 00:17:04 -------- d-----w- c:\users\corey\appdata\local\Wondershare
2012-04-09 00:17:02 -------- d-----w- c:\program files\common files\Wondershare
2012-04-09 00:16:48 892928 ----a-w- c:\windows\system32\iconv.dll
2012-04-09 00:16:48 675840 ----a-w- c:\windows\system32\ac3filter.ax
2012-04-09 00:16:42 -------- d-----w- c:\program files\Wondershare
2012-04-08 15:04:50 -------- d-----w- c:\users\corey\appdata\local\{228C8312-CE04-416B-9ACE-2013AC228F6F}
2012-04-08 14:01:23 -------- d-----w- c:\users\corey\appdata\local\{EF9E77A2-3A0E-4F4B-ADDB-DF0123EF2C4C}
2012-04-08 14:01:07 -------- d-----w- c:\users\corey\appdata\local\{0544975B-B69F-4655-B708-26247FB34FF7}
2012-04-08 13:20:17 -------- d-----w- c:\users\corey\appdata\local\{4F2F622D-E857-4627-B60A-83071C5B955B}
2012-04-08 11:17:12 -------- d-----w- c:\programdata\YTD YouTube Downloader & Converter
2012-04-08 11:17:01 -------- d-----w- c:\program files\YTD YouTube Downloader & Converter
2012-04-04 05:53:56 182160 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-04-04 05:53:56 182160 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2012-03-31 11:49:12 -------- d-----w- c:\users\corey\appdata\local\SCE
2012-03-31 11:49:02 -------- d-----w- c:\windows\system32\directx
2012-03-30 22:10:32 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-23 05:36:03 196984 ----a-w- c:\windows\system32\g2ax_credential_provider_383.dll
.
==================== Find3M ====================
.
2012-04-14 08:39:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-28 11:30:48 916992 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 11:25:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-28 11:25:17 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 11:25:03 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-02-28 11:25:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-28 10:07:57 385024 ----a-w- c:\windows\system32\html.iec
2012-02-28 08:12:52 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-28 08:08:30 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-18 22:59:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-14 15:45:30 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45:30 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47:57 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44:40 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-02 15:16:25 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 20:22:48.12 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:05 PM

Posted 19 April 2012 - 11:53 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Shadowz85

Shadowz85
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:05 PM

Posted 20 April 2012 - 10:59 AM

Thank you Gringo for your assistance.

Both Security Check and ComboFix ran without errors. I will post both logs.
The computer seems to run normally, although when I opened both Firefox and Explorer, the home pages of the browsers reverted back to searchnu.

Security Check Log

Results of screen317's Security Check version 0.99.32
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 16
Java™ 6 Update 31
Java™ 6 Update 5
Java™ 6 Update 7
Java version out of date!
Adobe Flash Player 11.2.202.233
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (3.6.28) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````


ComboFix Results

ComboFix 12-04-20.03 - COREY 04/20/2012 8:11.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2047.1349 [GMT -7:00]
Running from: c:\users\COREY\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Windows Searchqu Toolbar
c:\program files\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\datamngr.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
c:\program files\Windows Searchqu Toolbar\Datamngr\DnsBHO.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest.alt
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF10.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF11.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF8.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF9.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\DataMngr.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\DnsBHO.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\Error404BHO.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\NewTabBHO.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\RelatedSearch.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\SearchBHO.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\SessionRestore.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\SettingManager.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\Settings.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\Settings.xml.alt
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\install.rdf
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\install.rdf.alt
c:\program files\Windows Searchqu Toolbar\Datamngr\IEBHO.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\as_guid.dat
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\template.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ca.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\divider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\games.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_amazon.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_games.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\images.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search-go.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\mail.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\music.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\news.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\settings.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\translate.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\weather.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\web.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\components\windowmediator.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\manifest.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstall.exe
c:\program files\Windows Searchqu Toolbar\sysid.ini
c:\program files\Windows Searchqu Toolbar\uninstall.exe
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\searchplugins\bing-zugo.xml
c:\users\COREY\g2ax_customer_downloadhelper_win32_x86.exe
c:\users\COREY\g2ax_expert_downloadhelper_win32_x86.exe
c:\windows\system32\gotomon.log
c:\windows\system32\spool\prtprocs\w32x86\GoToPrintProcessor.dll
c:\windows\system32\TBD76B4.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-03-20 to 2012-04-20 )))))))))))))))))))))))))))))))
.
.
2012-04-20 15:23 . 2012-04-20 15:23 -------- d-----w- c:\users\COREY\AppData\Local\temp
2012-04-20 15:23 . 2012-04-20 15:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-20 02:23 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6AFE0E4B-125A-4C9F-AEFE-2E82CF05DEE8}\mpengine.dll
2012-04-14 06:21 . 2012-04-14 06:21 -------- d-----w- c:\program files\Application Updater
2012-04-14 06:21 . 2012-04-14 06:21 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2012-04-14 06:21 . 2012-04-14 06:21 -------- d-----w- c:\program files\Common Files\Spigot
2012-04-12 10:17 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 10:17 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 10:17 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 10:17 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 10:15 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 10:15 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-09 04:55 . 2012-04-09 04:55 -------- d-----w- c:\programdata\boost_interprocess
2012-04-09 04:55 . 2012-02-15 21:51 360448 ----a-w- c:\windows\system32\TubeFinder.exe
2012-04-09 04:55 . 2011-09-28 16:18 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
2012-04-09 04:55 . 2011-09-28 16:18 84512 ----a-w- c:\windows\system32\PICCLP32.OCX
2012-04-09 04:55 . 2011-09-28 16:18 364544 ----a-w- c:\windows\system32\PropertyGrid.ocx
2012-04-09 04:55 . 2011-09-28 16:18 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2012-04-09 04:55 . 2011-09-28 16:18 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2012-04-09 04:55 . 2011-09-28 16:18 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2012-04-09 04:55 . 2012-04-09 05:12 -------- d-----w- c:\program files\Free FLV Converter
2012-04-09 04:55 . 2012-04-09 05:03 -------- d-----w- c:\users\COREY\AppData\Roaming\FreeFLVConverter
2012-04-09 04:55 . 2011-09-28 16:18 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2012-04-09 04:55 . 2011-09-28 16:18 24576 ----a-w- c:\windows\system32\ControlSubX.ocx
2012-04-09 04:28 . 2012-04-09 04:28 -------- d-----w- c:\users\COREY\AppData\Roaming\Replay Media Catcher 4
2012-04-09 04:28 . 2012-04-09 04:28 -------- d-----w- c:\programdata\Applian
2012-04-09 00:19 . 2012-04-09 00:25 -------- d-----w- c:\programdata\xml_param
2012-04-09 00:17 . 2012-04-09 00:17 -------- d-----w- c:\users\COREY\AppData\Roaming\Wondershare Video Converter Ultimate
2012-04-09 00:17 . 2012-04-09 00:17 -------- d-----w- c:\users\COREY\AppData\Local\Wondershare
2012-04-09 00:17 . 2012-04-09 00:17 -------- d-----w- c:\program files\Common Files\Wondershare
2012-04-09 00:16 . 2011-08-31 21:39 892928 ----a-w- c:\windows\system32\iconv.dll
2012-04-09 00:16 . 2011-08-31 21:39 675840 ----a-w- c:\windows\system32\ac3filter.ax
2012-04-09 00:16 . 2012-04-09 02:22 -------- d-----w- c:\program files\Wondershare
2012-04-08 11:17 . 2012-04-08 11:17 -------- d-----w- c:\programdata\YTD YouTube Downloader & Converter
2012-04-08 11:17 . 2012-04-08 11:17 -------- d-----w- c:\program files\YTD YouTube Downloader & Converter
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2012-03-31 11:49 . 2012-03-31 11:49 -------- d-----w- c:\users\COREY\AppData\Local\SCE
2012-03-31 11:48 . 2012-03-31 11:48 -------- d-----w- c:\users\Public\Sony Online Entertainment
2012-03-30 22:10 . 2012-04-14 08:39 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-23 05:36 . 2012-03-23 05:35 196984 ----a-w- c:\windows\system32\g2ax_credential_provider_383.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 08:39 . 2011-05-13 20:50 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 22:56 . 2010-12-12 02:14 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-14 02:15 . 2011-08-22 03:16 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-18 22:59 . 2010-04-22 05:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-14 15:45 . 2012-03-14 06:15 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 06:15 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-14 06:15 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-14 06:15 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-14 06:15 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 06:51 . 2012-02-10 06:54 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C33F741B-6AA4-48C8-B28E-6C21363B5B52}\gapaengine.dll
2012-02-02 15:16 . 2012-03-14 06:15 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2009-10-03 02:40 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-24 04:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-17 171448]
"TivoServer"="c:\program files\TiVo\Desktop\TiVoServer.exe" [2010-08-25 2264336]
"TivoTransfer"="c:\program files\TiVo\Desktop\TiVoTransfer.exe" [2010-08-25 608528]
"TivoNotify"="c:\program files\TiVo\Desktop\TiVoNotify.exe" [2010-08-25 437520]
"TranscodingService"="c:\program files\TiVo\Desktop\Plus\\TranscodingService.exe" [2010-08-25 856336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Steam"="c:\program files\Steam\Steam.exe" [2012-02-26 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952]
"Creative Mouse Software"="c:\program files\Creative\Shared Files\CIDS\CTStray.exe" [2005-10-24 65536]
"Creative Keyboard Software"="c:\program files\Creative\Shared Files\CIDS\CTStray.exe" [2005-10-24 65536]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-17 1197648]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"CLMLServer"="c:\program files\Cyberlink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-24 887976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Live Update 5"="c:\program files\MSI\Live Update 5\LU5.exe" [2011-12-15 1935888]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-04-12 980832]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]
2012-03-23 05:35 608632 ----a-w- c:\program files\Citrix\GoToAssist Express Customer\383\g2ax_winlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-04-04 22:56 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 08:39]
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-352308663-582380511-1965928383-1002Core.job
- c:\users\COREY\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 22:37]
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-352308663-582380511-1965928383-1002UA.job
- c:\users\COREY\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 22:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.searchnu.com/413
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/413
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=413&sr=0&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WebMail Notifier: {37fa1426-b82d-11db-8314-0800200c9a66} - %profile%\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
FF - Ext: SearchquToolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - %profile%\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-Wondershare Helper Compact.exe - c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-Run-DATAMNGR - c:\progra~1\WI9130~1\Datamngr\DATAMN~1.EXE
AddRemove-Windows Searchqu Toolbar - c:\program files\Windows Searchqu Toolbar\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-20 08:23
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-04-20 08:27:21
ComboFix-quarantined-files.txt 2012-04-20 15:27
.
Pre-Run: 194,634,391,552 bytes free
Post-Run: 197,516,926,976 bytes free
.
- - End Of File - - 4E99FD202C5BA52535B6AE175A572F01

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:05 PM

Posted 20 April 2012 - 11:41 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Shadowz85

Shadowz85
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:05 PM

Posted 20 April 2012 - 12:39 PM

Here are the two logs.. It does look as if one of the first programs I ran removed GotoAssist, a remote control software I use to help my mom. I can reinstall that later once everything else is resolved.

TDSSKiller log

09:45:06.0898 0944 TDSS rootkit removing tool 2.7.30.0 Apr 19 2012 15:10:31
09:45:07.0445 0944 ============================================================
09:45:07.0445 0944 Current date / time: 2012/04/20 09:45:07.0445
09:45:07.0445 0944 SystemInfo:
09:45:07.0445 0944
09:45:07.0445 0944 OS Version: 6.0.6002 ServicePack: 2.0
09:45:07.0445 0944 Product type: Workstation
09:45:07.0446 0944 ComputerName: COREY-PC
09:45:07.0446 0944 UserName: COREY
09:45:07.0446 0944 Windows directory: C:\Windows
09:45:07.0446 0944 System windows directory: C:\Windows
09:45:07.0446 0944 Processor architecture: Intel x86
09:45:07.0446 0944 Number of processors: 2
09:45:07.0446 0944 Page size: 0x1000
09:45:07.0446 0944 Boot type: Normal boot
09:45:07.0446 0944 ============================================================
09:45:09.0742 0944 Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:45:09.0744 0944 \Device\Harddisk0\DR0:
09:45:09.0744 0944 MBR partitions:
09:45:09.0744 0944 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2E938000
09:45:09.0781 0944 C: <-> \Device\Harddisk0\DR0\Partition0
09:45:09.0781 0944 Initialize success
09:45:09.0781 0944 ============================================================
09:45:14.0344 1528 ============================================================
09:45:14.0344 1528 Scan started
09:45:14.0344 1528 Mode: Manual;
09:45:14.0344 1528 ============================================================
09:45:16.0088 1528 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
09:45:16.0093 1528 ACPI - ok
09:45:16.0569 1528 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:45:16.0602 1528 AdobeARMservice - ok
09:45:16.0765 1528 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:45:16.0802 1528 AdobeFlashPlayerUpdateSvc - ok
09:45:16.0997 1528 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
09:45:17.0004 1528 adp94xx - ok
09:45:17.0115 1528 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
09:45:17.0138 1528 adpahci - ok
09:45:17.0177 1528 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
09:45:17.0179 1528 adpu160m - ok
09:45:17.0214 1528 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
09:45:17.0217 1528 adpu320 - ok
09:45:17.0274 1528 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
09:45:17.0307 1528 AeLookupSvc - ok
09:45:17.0352 1528 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
09:45:17.0388 1528 Afc - ok
09:45:17.0621 1528 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
09:45:17.0684 1528 AFD - ok
09:45:17.0711 1528 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
09:45:17.0713 1528 agp440 - ok
09:45:17.0763 1528 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
09:45:17.0765 1528 aic78xx - ok
09:45:17.0812 1528 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
09:45:17.0814 1528 ALG - ok
09:45:17.0840 1528 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
09:45:17.0842 1528 aliide - ok
09:45:17.0880 1528 AMD External Events Utility (f970ea885aefeb1b9eb97ca7f1eb226d) C:\Windows\system32\atiesrxx.exe
09:45:17.0883 1528 AMD External Events Utility - ok
09:45:17.0904 1528 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
09:45:17.0905 1528 amdagp - ok
09:45:17.0925 1528 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
09:45:17.0926 1528 amdide - ok
09:45:17.0979 1528 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
09:45:18.0004 1528 AmdK7 - ok
09:45:18.0037 1528 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
09:45:18.0038 1528 AmdK8 - ok
09:45:20.0660 1528 amdkmdag (ab70f110143892eb41aa46500aa5cf00) C:\Windows\system32\DRIVERS\atikmdag.sys
09:45:20.0898 1528 amdkmdag - ok
09:45:21.0063 1528 amdkmdap (32d68d05b871eed5572d0c2c764ea4ec) C:\Windows\system32\DRIVERS\atikmpag.sys
09:45:21.0068 1528 amdkmdap - ok
09:45:21.0104 1528 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
09:45:21.0105 1528 Appinfo - ok
09:45:21.0510 1528 Apple Mobile Device (acb095e7e1663f1b83a41c22c5d75f90) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:45:21.0516 1528 Apple Mobile Device - ok
09:45:21.0589 1528 Application Updater (4b3e40c1ae77880678b984a2c748cb85) C:\Program Files\Application Updater\ApplicationUpdater.exe
09:45:21.0676 1528 Application Updater - ok
09:45:21.0739 1528 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
09:45:21.0741 1528 arc - ok
09:45:21.0806 1528 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
09:45:21.0831 1528 arcsas - ok
09:45:22.0052 1528 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:45:22.0090 1528 aspnet_state - ok
09:45:22.0160 1528 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
09:45:22.0162 1528 AsyncMac - ok
09:45:22.0235 1528 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
09:45:22.0236 1528 atapi - ok
09:45:22.0273 1528 AtiHdmiService - ok
09:45:23.0296 1528 atikmdag (ab70f110143892eb41aa46500aa5cf00) C:\Windows\system32\DRIVERS\atikmdag.sys
09:45:23.0367 1528 atikmdag - ok
09:45:23.0691 1528 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
09:45:23.0731 1528 AudioEndpointBuilder - ok
09:45:23.0737 1528 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
09:45:23.0740 1528 Audiosrv - ok
09:45:23.0855 1528 AVMNgBasM780 (761d5c71047f828fedca056684fc67d9) C:\Windows\system32\DRIVERS\AVerBas.sys
09:45:23.0891 1528 AVMNgBasM780 - ok
09:45:23.0942 1528 AVMNgCapM780 (4a91f82e8404dfd9a711e666acc77f8f) C:\Windows\system32\DRIVERS\AVerCap.sys
09:45:23.0949 1528 AVMNgCapM780 - ok
09:45:23.0966 1528 AVMNgTunM780 (1308e8f88deaf7372b35b3b4b446947b) C:\Windows\system32\DRIVERS\AVerTun.sys
09:45:23.0970 1528 AVMNgTunM780 - ok
09:45:24.0265 1528 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
09:45:24.0269 1528 BBSvc - ok
09:45:24.0330 1528 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
09:45:24.0367 1528 Beep - ok
09:45:24.0494 1528 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
09:45:24.0501 1528 BFE - ok
09:45:25.0004 1528 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
09:45:25.0012 1528 BITS - ok
09:45:25.0138 1528 blbdrive - ok
09:45:25.0381 1528 Bonjour Service (a065f048e9e23e6c026a7bb548d126a7) C:\Program Files\Bonjour\mDNSResponder.exe
09:45:25.0416 1528 Bonjour Service - ok
09:45:25.0481 1528 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
09:45:25.0522 1528 bowser - ok
09:45:25.0578 1528 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
09:45:25.0580 1528 BrFiltLo - ok
09:45:25.0598 1528 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
09:45:25.0599 1528 BrFiltUp - ok
09:45:25.0639 1528 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
09:45:25.0641 1528 Browser - ok
09:45:25.0667 1528 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
09:45:25.0669 1528 Brserid - ok
09:45:25.0692 1528 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
09:45:25.0694 1528 BrSerWdm - ok
09:45:25.0721 1528 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
09:45:25.0723 1528 BrUsbMdm - ok
09:45:25.0743 1528 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
09:45:25.0744 1528 BrUsbSer - ok
09:45:25.0781 1528 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
09:45:25.0808 1528 BTHMODEM - ok
09:45:25.0991 1528 catchme - ok
09:45:26.0253 1528 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
09:45:26.0315 1528 cdfs - ok
09:45:26.0456 1528 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
09:45:26.0497 1528 cdrom - ok
09:45:26.0641 1528 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
09:45:26.0685 1528 CertPropSvc - ok
09:45:26.0721 1528 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
09:45:26.0723 1528 circlass - ok
09:45:26.0787 1528 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
09:45:26.0832 1528 CLFS - ok
09:45:26.0991 1528 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:45:27.0017 1528 clr_optimization_v2.0.50727_32 - ok
09:45:27.0180 1528 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:45:27.0221 1528 clr_optimization_v4.0.30319_32 - ok
09:45:27.0263 1528 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
09:45:27.0265 1528 cmdide - ok
09:45:27.0292 1528 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
09:45:27.0293 1528 Compbatt - ok
09:45:27.0303 1528 COMSysApp - ok
09:45:27.0334 1528 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
09:45:27.0336 1528 crcdisk - ok
09:45:27.0375 1528 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
09:45:27.0376 1528 Crusoe - ok
09:45:27.0441 1528 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
09:45:27.0442 1528 CryptSvc - ok
09:45:27.0764 1528 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
09:45:27.0770 1528 DcomLaunch - ok
09:45:27.0906 1528 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
09:45:27.0948 1528 DfsC - ok
09:45:28.0251 1528 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
09:45:28.0351 1528 DFSR - ok
09:45:28.0522 1528 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
09:45:28.0565 1528 Dhcp - ok
09:45:28.0717 1528 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
09:45:28.0761 1528 disk - ok
09:45:28.0902 1528 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
09:45:28.0949 1528 Dnscache - ok
09:45:29.0013 1528 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
09:45:29.0051 1528 dot3svc - ok
09:45:29.0113 1528 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
09:45:29.0117 1528 DPS - ok
09:45:29.0230 1528 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
09:45:29.0231 1528 drmkaud - ok
09:45:29.0286 1528 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
09:45:29.0298 1528 DXGKrnl - ok
09:45:29.0330 1528 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
09:45:29.0334 1528 e1express - ok
09:45:29.0388 1528 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
09:45:29.0422 1528 E1G60 - ok
09:45:29.0483 1528 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
09:45:29.0486 1528 EapHost - ok
09:45:29.0602 1528 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
09:45:29.0606 1528 Ecache - ok
09:45:29.0905 1528 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
09:45:29.0944 1528 ehRecvr - ok
09:45:29.0986 1528 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
09:45:29.0989 1528 ehSched - ok
09:45:29.0993 1528 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
09:45:29.0994 1528 ehstart - ok
09:45:30.0038 1528 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
09:45:30.0043 1528 elxstor - ok
09:45:30.0136 1528 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
09:45:30.0149 1528 EMDMgmt - ok
09:45:30.0412 1528 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
09:45:30.0415 1528 EventSystem - ok
09:45:30.0538 1528 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
09:45:30.0547 1528 exfat - ok
09:45:30.0600 1528 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
09:45:30.0631 1528 fastfat - ok
09:45:30.0702 1528 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
09:45:30.0703 1528 fdc - ok
09:45:30.0735 1528 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
09:45:30.0771 1528 fdPHost - ok
09:45:30.0832 1528 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
09:45:30.0872 1528 FDResPub - ok
09:45:30.0942 1528 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
09:45:30.0944 1528 FileInfo - ok
09:45:30.0980 1528 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
09:45:31.0022 1528 Filetrace - ok
09:45:31.0085 1528 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
09:45:31.0086 1528 flpydisk - ok
09:45:31.0245 1528 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
09:45:31.0249 1528 FltMgr - ok
09:45:31.0336 1528 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
09:45:31.0498 1528 FontCache - ok
09:45:31.0916 1528 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:45:31.0939 1528 FontCache3.0.0.0 - ok
09:45:32.0058 1528 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
09:45:32.0082 1528 fssfltr - ok
09:45:32.0802 1528 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
09:45:32.0836 1528 fsssvc - ok
09:45:32.0970 1528 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
09:45:33.0008 1528 Fs_Rec - ok
09:45:33.0061 1528 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
09:45:33.0097 1528 gagp30kx - ok
09:45:33.0754 1528 GoToAssist Express Customer (c8a92bfaec271a725171e8e92c007c29) C:\Program Files\Citrix\GoToAssist Express Customer\383\g2ax_service.exe
09:45:33.0795 1528 GoToAssist Express Customer - ok
09:45:34.0068 1528 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
09:45:34.0105 1528 gpsvc - ok
09:45:34.0190 1528 gusvc (751c1d2ca2abf4a9f5a6b8d7d45b907c) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:45:34.0193 1528 gusvc - ok
09:45:34.0265 1528 hcmon (88a6f2571405b3a4abc4ed2f52136317) C:\Windows\system32\drivers\hcmon.sys
09:45:34.0266 1528 hcmon - ok
09:45:34.0334 1528 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
09:45:34.0339 1528 HdAudAddService - ok
09:45:34.0635 1528 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:45:34.0676 1528 HDAudBus - ok
09:45:34.0720 1528 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
09:45:34.0759 1528 HidBth - ok
09:45:34.0807 1528 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
09:45:34.0808 1528 HidIr - ok
09:45:34.0914 1528 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
09:45:34.0950 1528 hidserv - ok
09:45:35.0005 1528 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
09:45:35.0044 1528 HidUsb - ok
09:45:35.0100 1528 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
09:45:35.0136 1528 hkmsvc - ok
09:45:35.0172 1528 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
09:45:35.0173 1528 HpCISSs - ok
09:45:35.0241 1528 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
09:45:35.0248 1528 HTTP - ok
09:45:35.0288 1528 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
09:45:35.0321 1528 i2omp - ok
09:45:35.0385 1528 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
09:45:35.0387 1528 i8042prt - ok
09:45:36.0131 1528 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
09:45:36.0176 1528 ialm - ok
09:45:36.0218 1528 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
09:45:36.0222 1528 iaStorV - ok
09:45:36.0613 1528 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:45:36.0718 1528 idsvc - ok
09:45:36.0766 1528 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
09:45:36.0785 1528 iirsp - ok
09:45:37.0067 1528 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
09:45:37.0108 1528 IKEEXT - ok
09:45:37.0277 1528 IntcAzAudAddService (721b1a0434647418f98d034bebd4b4db) C:\Windows\system32\drivers\RTKVHDA.sys
09:45:37.0319 1528 IntcAzAudAddService - ok
09:45:37.0371 1528 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
09:45:37.0406 1528 intelide - ok
09:45:37.0458 1528 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
09:45:37.0459 1528 intelppm - ok
09:45:37.0488 1528 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
09:45:37.0527 1528 IPBusEnum - ok
09:45:37.0595 1528 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:45:37.0596 1528 IpFilterDriver - ok
09:45:37.0781 1528 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
09:45:37.0824 1528 iphlpsvc - ok
09:45:37.0834 1528 IpInIp - ok
09:45:37.0882 1528 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
09:45:37.0918 1528 IPMIDRV - ok
09:45:37.0977 1528 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
09:45:38.0009 1528 IPNAT - ok
09:45:38.0065 1528 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
09:45:38.0097 1528 IRENUM - ok
09:45:38.0145 1528 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
09:45:38.0147 1528 isapnp - ok
09:45:38.0239 1528 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
09:45:38.0243 1528 iScsiPrt - ok
09:45:38.0274 1528 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
09:45:38.0301 1528 iteatapi - ok
09:45:38.0340 1528 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
09:45:38.0341 1528 iteraid - ok
09:45:38.0470 1528 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:45:38.0506 1528 kbdclass - ok
09:45:38.0558 1528 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
09:45:38.0598 1528 kbdhid - ok
09:45:38.0663 1528 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
09:45:38.0697 1528 KeyIso - ok
09:45:38.0889 1528 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
09:45:38.0924 1528 KSecDD - ok
09:45:39.0199 1528 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
09:45:39.0239 1528 KtmRm - ok
09:45:39.0298 1528 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
09:45:39.0333 1528 LanmanServer - ok
09:45:39.0552 1528 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
09:45:39.0586 1528 LanmanWorkstation - ok
09:45:39.0888 1528 LightScribeService (559c9b7800fac92fc515cd0003d7c631) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
09:45:39.0926 1528 LightScribeService - ok
09:45:39.0980 1528 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
09:45:40.0016 1528 lltdio - ok
09:45:40.0147 1528 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
09:45:40.0169 1528 lltdsvc - ok
09:45:40.0218 1528 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
09:45:40.0220 1528 lmhosts - ok
09:45:40.0284 1528 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
09:45:40.0307 1528 LSI_FC - ok
09:45:40.0333 1528 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
09:45:40.0335 1528 LSI_SAS - ok
09:45:40.0363 1528 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
09:45:40.0365 1528 LSI_SCSI - ok
09:45:40.0425 1528 ltmodem5 (838df9675a08116f057b6bc530fbbe15) C:\Windows\system32\DRIVERS\ltmdmnt.sys
09:45:40.0434 1528 ltmodem5 - ok
09:45:40.0462 1528 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
09:45:40.0498 1528 luafv - ok
09:45:40.0557 1528 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
09:45:40.0589 1528 Mcx2Svc - ok
09:45:40.0635 1528 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
09:45:40.0636 1528 megasas - ok
09:45:40.0669 1528 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
09:45:40.0705 1528 MMCSS - ok
09:45:40.0764 1528 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
09:45:40.0765 1528 Modem - ok
09:45:40.0877 1528 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
09:45:40.0878 1528 monitor - ok
09:45:40.0905 1528 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
09:45:40.0906 1528 mouclass - ok
09:45:40.0932 1528 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
09:45:40.0933 1528 mouhid - ok
09:45:40.0966 1528 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
09:45:40.0968 1528 MountMgr - ok
09:45:41.0115 1528 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
09:45:41.0152 1528 MpFilter - ok
09:45:41.0199 1528 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
09:45:41.0201 1528 mpio - ok
09:45:41.0224 1528 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
09:45:41.0225 1528 MpNWMon - ok
09:45:41.0245 1528 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
09:45:41.0247 1528 mpsdrv - ok
09:45:41.0540 1528 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
09:45:41.0613 1528 MpsSvc - ok
09:45:41.0682 1528 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
09:45:41.0684 1528 Mraid35x - ok
09:45:41.0765 1528 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
09:45:41.0853 1528 MRxDAV - ok
09:45:42.0095 1528 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:45:42.0104 1528 mrxsmb - ok
09:45:42.0184 1528 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:45:42.0188 1528 mrxsmb10 - ok
09:45:42.0329 1528 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:45:42.0370 1528 mrxsmb20 - ok
09:45:42.0417 1528 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
09:45:42.0419 1528 msahci - ok
09:45:42.0472 1528 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
09:45:42.0475 1528 msdsm - ok
09:45:42.0523 1528 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
09:45:42.0528 1528 MSDTC - ok
09:45:42.0644 1528 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
09:45:42.0679 1528 Msfs - ok
09:45:42.0713 1528 MSICDSetup - ok
09:45:42.0887 1528 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
09:45:42.0888 1528 msisadrv - ok
09:45:42.0964 1528 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
09:45:43.0013 1528 MSiSCSI - ok
09:45:43.0060 1528 msiserver - ok
09:45:43.0294 1528 MSI_MSIBIOS_010507 (3846c05a66a3f5cd1d33e1a323c1762c) C:\Program Files\MSI\Live Update 5\msibios32_100507.sys
09:45:43.0318 1528 MSI_MSIBIOS_010507 - ok
09:45:43.0394 1528 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
09:45:43.0426 1528 MSKSSRV - ok
09:45:43.0632 1528 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
09:45:43.0633 1528 MsMpSvc - ok
09:45:43.0721 1528 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
09:45:43.0722 1528 MSPCLOCK - ok
09:45:43.0862 1528 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
09:45:43.0864 1528 MSPQM - ok
09:45:44.0047 1528 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
09:45:44.0129 1528 MsRPC - ok
09:45:44.0240 1528 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
09:45:44.0241 1528 mssmbios - ok
09:45:44.0342 1528 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
09:45:44.0367 1528 MSTEE - ok
09:45:44.0486 1528 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
09:45:44.0491 1528 Mup - ok
09:45:44.0558 1528 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
09:45:44.0565 1528 napagent - ok
09:45:44.0654 1528 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
09:45:44.0674 1528 NativeWifiP - ok
09:45:44.0787 1528 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
09:45:44.0820 1528 NDIS - ok
09:45:44.0898 1528 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
09:45:44.0900 1528 NdisTapi - ok
09:45:44.0938 1528 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
09:45:44.0939 1528 Ndisuio - ok
09:45:44.0999 1528 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
09:45:45.0002 1528 NdisWan - ok
09:45:45.0028 1528 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
09:45:45.0029 1528 NDProxy - ok
09:45:45.0061 1528 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
09:45:45.0063 1528 NetBIOS - ok
09:45:45.0212 1528 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
09:45:45.0249 1528 netbt - ok
09:45:45.0308 1528 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
09:45:45.0310 1528 Netlogon - ok
09:45:45.0677 1528 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
09:45:45.0687 1528 Netman - ok
09:45:45.0960 1528 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:45:46.0006 1528 NetMsmqActivator - ok
09:45:46.0011 1528 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:45:46.0012 1528 NetPipeActivator - ok
09:45:46.0075 1528 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
09:45:46.0082 1528 netprofm - ok
09:45:46.0088 1528 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:45:46.0090 1528 NetTcpActivator - ok
09:45:46.0094 1528 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:45:46.0095 1528 NetTcpPortSharing - ok
09:45:46.0279 1528 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
09:45:46.0281 1528 nfrd960 - ok
09:45:46.0371 1528 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:45:46.0409 1528 NisDrv - ok
09:45:46.0850 1528 NisSrv (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
09:45:46.0898 1528 NisSrv - ok
09:45:46.0947 1528 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
09:45:46.0952 1528 NlaSvc - ok
09:45:47.0020 1528 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
09:45:47.0057 1528 Npfs - ok
09:45:47.0278 1528 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
09:45:47.0282 1528 nsi - ok
09:45:47.0382 1528 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
09:45:47.0415 1528 nsiproxy - ok
09:45:47.0873 1528 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
09:45:47.0898 1528 Ntfs - ok
09:45:48.0086 1528 NTIOLib_1_0_4 (cd2166c9511d336a058cde91778aaa69) C:\Program Files\MSI\Live Update 5\NTIOLib.sys
09:45:48.0133 1528 NTIOLib_1_0_4 - ok
09:45:48.0247 1528 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
09:45:48.0247 1528 ntrigdigi - ok
09:45:48.0282 1528 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
09:45:48.0283 1528 Null - ok
09:45:48.0316 1528 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
09:45:48.0358 1528 nvraid - ok
09:45:48.0389 1528 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
09:45:48.0391 1528 nvstor - ok
09:45:48.0415 1528 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
09:45:48.0418 1528 nv_agp - ok
09:45:48.0428 1528 NwlnkFlt - ok
09:45:48.0439 1528 NwlnkFwd - ok
09:45:48.0540 1528 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
09:45:48.0541 1528 ohci1394 - ok
09:45:48.0924 1528 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
09:45:48.0969 1528 p2pimsvc - ok
09:45:48.0982 1528 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
09:45:48.0990 1528 p2psvc - ok
09:45:49.0128 1528 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
09:45:49.0174 1528 Parport - ok
09:45:49.0235 1528 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
09:45:49.0237 1528 partmgr - ok
09:45:49.0255 1528 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
09:45:49.0256 1528 Parvdm - ok
09:45:49.0275 1528 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
09:45:49.0279 1528 PcaSvc - ok
09:45:49.0432 1528 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
09:45:49.0451 1528 pci - ok
09:45:49.0498 1528 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
09:45:49.0535 1528 pciide - ok
09:45:49.0572 1528 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
09:45:49.0575 1528 pcmcia - ok
09:45:49.0642 1528 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
09:45:49.0718 1528 PEAUTH - ok
09:45:50.0289 1528 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
09:45:50.0344 1528 pla - ok
09:45:50.0557 1528 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
09:45:50.0600 1528 PlugPlay - ok
09:45:50.0653 1528 PnkBstrA (a1dd33d16f277ce34124ee52ab2c0f14) C:\Windows\system32\PnkBstrA.exe
09:45:50.0689 1528 PnkBstrA - ok
09:45:50.0816 1528 PnkBstrB (f482f214bffdf46dc35f47ba5b453e84) C:\Windows\system32\PnkBstrB.exe
09:45:50.0855 1528 PnkBstrB - ok
09:45:51.0081 1528 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
09:45:51.0089 1528 PNRPAutoReg - ok
09:45:51.0118 1528 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
09:45:51.0126 1528 PNRPsvc - ok
09:45:51.0383 1528 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
09:45:51.0511 1528 PolicyAgent - ok
09:45:51.0992 1528 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
09:45:52.0025 1528 PptpMiniport - ok
09:45:52.0090 1528 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
09:45:52.0112 1528 Processor - ok
09:45:52.0210 1528 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
09:45:52.0216 1528 ProfSvc - ok
09:45:52.0279 1528 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
09:45:52.0281 1528 ProtectedStorage - ok
09:45:52.0379 1528 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
09:45:52.0476 1528 PSched - ok
09:45:52.0687 1528 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\Windows\system32\Drivers\PxHelp20.sys
09:45:52.0722 1528 PxHelp20 - ok
09:45:52.0827 1528 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
09:45:52.0856 1528 ql2300 - ok
09:45:52.0891 1528 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
09:45:52.0893 1528 ql40xx - ok
09:45:53.0019 1528 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
09:45:53.0053 1528 QWAVE - ok
09:45:53.0191 1528 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
09:45:53.0225 1528 QWAVEdrv - ok
09:45:53.0280 1528 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
09:45:53.0318 1528 RasAcd - ok
09:45:53.0457 1528 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
09:45:53.0493 1528 RasAuto - ok
09:45:53.0543 1528 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:45:53.0586 1528 Rasl2tp - ok
09:45:53.0720 1528 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
09:45:53.0761 1528 RasMan - ok
09:45:53.0821 1528 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
09:45:53.0874 1528 RasPppoe - ok
09:45:53.0927 1528 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
09:45:53.0964 1528 RasSstp - ok
09:45:54.0029 1528 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
09:45:54.0068 1528 rdbss - ok
09:45:54.0114 1528 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:45:54.0116 1528 RDPCDD - ok
09:45:54.0153 1528 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
09:45:54.0158 1528 rdpdr - ok
09:45:54.0173 1528 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
09:45:54.0176 1528 RDPENCDD - ok
09:45:54.0301 1528 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
09:45:54.0323 1528 RDPWD - ok
09:45:54.0390 1528 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
09:45:54.0394 1528 RemoteAccess - ok
09:45:54.0500 1528 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
09:45:54.0504 1528 RemoteRegistry - ok
09:45:55.0103 1528 RoxLiveShare10 - ok
09:45:55.0290 1528 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
09:45:55.0292 1528 RpcLocator - ok
09:45:55.0380 1528 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
09:45:55.0387 1528 RpcSs - ok
09:45:55.0601 1528 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
09:45:55.0636 1528 rspndr - ok
09:45:55.0693 1528 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
09:45:55.0695 1528 SamSs - ok
09:45:55.0897 1528 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
09:45:55.0927 1528 sbp2port - ok
09:45:55.0998 1528 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
09:45:56.0036 1528 SCardSvr - ok
09:45:56.0252 1528 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
09:45:56.0260 1528 Schedule - ok
09:45:56.0381 1528 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
09:45:56.0382 1528 SCPolicySvc - ok
09:45:56.0581 1528 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
09:45:56.0614 1528 SDRSVC - ok
09:45:57.0046 1528 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
09:45:57.0080 1528 SeaPort - ok
09:45:57.0140 1528 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:45:57.0174 1528 secdrv - ok
09:45:57.0232 1528 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
09:45:57.0235 1528 seclogon - ok
09:45:57.0251 1528 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
09:45:57.0254 1528 SENS - ok
09:45:57.0285 1528 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
09:45:57.0286 1528 Serenum - ok
09:45:57.0323 1528 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
09:45:57.0326 1528 Serial - ok
09:45:57.0355 1528 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
09:45:57.0356 1528 sermouse - ok
09:45:57.0407 1528 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
09:45:57.0412 1528 SessionEnv - ok
09:45:57.0444 1528 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
09:45:57.0585 1528 sffdisk - ok
09:45:57.0705 1528 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
09:45:57.0707 1528 sffp_mmc - ok
09:45:57.0727 1528 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
09:45:57.0729 1528 sffp_sd - ok
09:45:57.0753 1528 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
09:45:57.0754 1528 sfloppy - ok
09:45:57.0784 1528 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
09:45:57.0790 1528 SharedAccess - ok
09:45:57.0825 1528 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
09:45:57.0830 1528 ShellHWDetection - ok
09:45:57.0912 1528 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
09:45:57.0914 1528 sisagp - ok
09:45:57.0951 1528 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
09:45:57.0974 1528 SiSRaid2 - ok
09:45:58.0007 1528 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
09:45:58.0009 1528 SiSRaid4 - ok
09:45:58.0646 1528 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
09:45:58.0801 1528 slsvc - ok
09:45:58.0886 1528 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
09:45:58.0890 1528 SLUINotify - ok
09:45:58.0959 1528 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
09:45:58.0995 1528 Smb - ok
09:45:59.0126 1528 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
09:45:59.0162 1528 SNMPTRAP - ok
09:45:59.0218 1528 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
09:45:59.0219 1528 spldr - ok
09:45:59.0360 1528 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
09:45:59.0364 1528 Spooler - ok
09:45:59.0625 1528 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
09:45:59.0719 1528 srv - ok
09:45:59.0890 1528 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
09:45:59.0939 1528 srv2 - ok
09:46:00.0181 1528 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
09:46:00.0215 1528 srvnet - ok
09:46:00.0286 1528 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
09:46:00.0290 1528 SSDPSRV - ok
09:46:00.0393 1528 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
09:46:00.0397 1528 SstpSvc - ok
09:46:00.0587 1528 Steam Client Service - ok
09:46:00.0857 1528 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
09:46:00.0900 1528 stisvc - ok
09:46:00.0954 1528 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
09:46:00.0984 1528 swenum - ok
09:46:01.0055 1528 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
09:46:01.0092 1528 swprv - ok
09:46:01.0195 1528 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
09:46:01.0218 1528 Symc8xx - ok
09:46:01.0265 1528 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
09:46:01.0267 1528 Sym_hi - ok
09:46:01.0304 1528 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
09:46:01.0324 1528 Sym_u3 - ok
09:46:01.0599 1528 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
09:46:01.0639 1528 SysMain - ok
09:46:01.0769 1528 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
09:46:01.0805 1528 TabletInputService - ok
09:46:01.0943 1528 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
09:46:01.0977 1528 TapiSrv - ok
09:46:02.0122 1528 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
09:46:02.0126 1528 TBS - ok
09:46:02.0503 1528 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
09:46:02.0551 1528 Tcpip - ok
09:46:02.0575 1528 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
09:46:02.0582 1528 Tcpip6 - ok
09:46:02.0818 1528 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
09:46:02.0819 1528 tcpipreg - ok
09:46:02.0957 1528 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
09:46:02.0986 1528 TDPIPE - ok
09:46:03.0032 1528 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
09:46:03.0034 1528 TDTCP - ok
09:46:03.0097 1528 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
09:46:03.0098 1528 tdx - ok
09:46:03.0210 1528 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
09:46:03.0249 1528 TermDD - ok
09:46:03.0530 1528 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
09:46:03.0571 1528 TermService - ok
09:46:03.0629 1528 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
09:46:03.0634 1528 Themes - ok
09:46:03.0663 1528 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
09:46:03.0665 1528 THREADORDER - ok
09:46:04.0251 1528 TivoBeacon2 (75ea1a81c9bd03f2a768901ec9db2816) C:\Program Files\TiVo\Desktop\TiVoBeacon.exe
09:46:04.0668 1528 TivoBeacon2 - ok
09:46:04.0716 1528 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
09:46:04.0752 1528 TrkWks - ok
09:46:04.0924 1528 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
09:46:04.0961 1528 TrustedInstaller - ok
09:46:05.0017 1528 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:46:05.0059 1528 tssecsrv - ok
09:46:05.0116 1528 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
09:46:05.0163 1528 tunmp - ok
09:46:05.0224 1528 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
09:46:05.0255 1528 tunnel - ok
09:46:05.0318 1528 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
09:46:05.0352 1528 uagp35 - ok
09:46:05.0414 1528 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
09:46:05.0450 1528 udfs - ok
09:46:05.0584 1528 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
09:46:05.0616 1528 UI0Detect - ok
09:46:05.0662 1528 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
09:46:05.0664 1528 uliagpkx - ok
09:46:05.0758 1528 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
09:46:05.0786 1528 uliahci - ok
09:46:05.0834 1528 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
09:46:05.0879 1528 UlSata - ok
09:46:05.0914 1528 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
09:46:05.0917 1528 ulsata2 - ok
09:46:05.0961 1528 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
09:46:05.0995 1528 umbus - ok
09:46:06.0126 1528 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
09:46:06.0132 1528 upnphost - ok
09:46:06.0236 1528 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
09:46:06.0255 1528 usbaudio - ok
09:46:06.0317 1528 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
09:46:06.0319 1528 usbccgp - ok
09:46:06.0360 1528 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
09:46:06.0381 1528 usbcir - ok
09:46:06.0440 1528 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
09:46:06.0441 1528 usbehci - ok
09:46:06.0583 1528 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
09:46:06.0623 1528 usbhub - ok
09:46:06.0661 1528 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
09:46:06.0662 1528 usbohci - ok
09:46:06.0785 1528 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
09:46:06.0816 1528 usbprint - ok
09:46:06.0866 1528 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
09:46:06.0867 1528 usbscan - ok
09:46:06.0890 1528 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:46:06.0892 1528 USBSTOR - ok
09:46:06.0984 1528 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
09:46:07.0019 1528 usbuhci - ok
09:46:07.0081 1528 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
09:46:07.0120 1528 UxSms - ok
09:46:07.0257 1528 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
09:46:07.0267 1528 vds - ok
09:46:07.0390 1528 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
09:46:07.0428 1528 vga - ok
09:46:07.0486 1528 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
09:46:07.0526 1528 VgaSave - ok
09:46:07.0576 1528 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
09:46:07.0578 1528 viaagp - ok
09:46:07.0617 1528 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
09:46:07.0618 1528 ViaC7 - ok
09:46:07.0642 1528 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
09:46:07.0644 1528 viaide - ok
09:46:07.0955 1528 VMAuthdService (16073f2bc424558ebd277a15188d329e) C:\Program Files\VMware\VMware Player\vmware-authd.exe
09:46:07.0981 1528 VMAuthdService - ok
09:46:08.0278 1528 vmci (15759158f7531853616b2b43af962fcb) C:\Windows\system32\DRIVERS\vmci.sys
09:46:08.0342 1528 vmci - ok
09:46:08.0443 1528 vmkbd (050b387296f34735d21dfa87cec37352) C:\Windows\system32\drivers\VMkbd.sys
09:46:08.0486 1528 vmkbd - ok
09:46:08.0567 1528 VMnetAdapter (1afa4af55cbea579a4bbe4f90967f720) C:\Windows\system32\DRIVERS\vmnetadapter.sys
09:46:08.0606 1528 VMnetAdapter - ok
09:46:08.0652 1528 VMnetBridge (392964a7bf46986fbd44b24a3bec2088) C:\Windows\system32\DRIVERS\vmnetbridge.sys
09:46:08.0653 1528 VMnetBridge - ok
09:46:08.0691 1528 VMnetDHCP (767b32d0466ef960e2657f028ed936fc) C:\Windows\system32\vmnetdhcp.exe
09:46:08.0700 1528 VMnetDHCP - ok
09:46:08.0723 1528 VMnetuserif (effcb341824be12e3134d4fb970a11e4) C:\Windows\system32\drivers\vmnetuserif.sys
09:46:08.0724 1528 VMnetuserif - ok
09:46:08.0765 1528 VMparport (ed1ce6bd51e2a1204c74720060744e90) C:\Windows\system32\Drivers\VMparport.sys
09:46:08.0767 1528 VMparport - ok
09:46:09.0281 1528 VMUSBArbService (af76c6d3f5053459e18e4c519fb496c8) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
09:46:09.0293 1528 VMUSBArbService - ok
09:46:09.0593 1528 VMware NAT Service (0b55659b537065303fde1b4aaf646f16) C:\Windows\system32\vmnat.exe
09:46:09.0635 1528 VMware NAT Service - ok
09:46:09.0784 1528 vmx86 (20b24d3b2dac84664eefeebf55b53008) C:\Windows\system32\Drivers\vmx86.sys
09:46:09.0828 1528 vmx86 - ok
09:46:10.0048 1528 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
09:46:10.0087 1528 volmgr - ok
09:46:10.0511 1528 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
09:46:10.0653 1528 volmgrx - ok
09:46:10.0814 1528 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
09:46:10.0851 1528 volsnap - ok
09:46:10.0907 1528 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
09:46:10.0910 1528 vsmraid - ok
09:46:11.0849 1528 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
09:46:11.0874 1528 VSS - ok
09:46:11.0948 1528 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
09:46:11.0954 1528 W32Time - ok
09:46:12.0139 1528 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
09:46:12.0182 1528 WacomPen - ok
09:46:12.0240 1528 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:46:12.0243 1528 Wanarp - ok
09:46:12.0247 1528 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:46:12.0248 1528 Wanarpv6 - ok
09:46:12.0514 1528 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
09:46:12.0524 1528 wcncsvc - ok
09:46:12.0580 1528 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
09:46:12.0616 1528 WcsPlugInService - ok
09:46:12.0654 1528 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
09:46:12.0656 1528 Wd - ok
09:46:12.0904 1528 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
09:46:12.0939 1528 Wdf01000 - ok
09:46:12.0995 1528 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
09:46:13.0001 1528 WdiServiceHost - ok
09:46:13.0005 1528 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
09:46:13.0009 1528 WdiSystemHost - ok
09:46:13.0200 1528 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
09:46:13.0207 1528 WebClient - ok
09:46:13.0360 1528 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
09:46:13.0422 1528 Wecsvc - ok
09:46:13.0536 1528 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
09:46:13.0574 1528 wercplsupport - ok
09:46:13.0636 1528 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
09:46:13.0669 1528 WerSvc - ok
09:46:14.0134 1528 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
09:46:14.0142 1528 WinDefend - ok
09:46:14.0150 1528 WinHttpAutoProxySvc - ok
09:46:14.0318 1528 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
09:46:14.0358 1528 Winmgmt - ok
09:46:14.0800 1528 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
09:46:14.0889 1528 WinRM - ok
09:46:15.0207 1528 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
09:46:15.0250 1528 Wlansvc - ok
09:46:16.0288 1528 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:46:16.0379 1528 wlidsvc - ok
09:46:16.0645 1528 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
09:46:16.0682 1528 WmiAcpi - ok
09:46:16.0863 1528 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
09:46:16.0868 1528 wmiApSrv - ok
09:46:17.0249 1528 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
09:46:17.0275 1528 WMPNetworkSvc - ok
09:46:17.0468 1528 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
09:46:17.0502 1528 WPCSvc - ok
09:46:17.0632 1528 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
09:46:17.0637 1528 WPDBusEnum - ok
09:46:17.0706 1528 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
09:46:17.0729 1528 WpdUsb - ok
09:46:18.0256 1528 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:46:18.0282 1528 WPFFontCache_v0400 - ok
09:46:18.0393 1528 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
09:46:18.0396 1528 ws2ifsl - ok
09:46:18.0550 1528 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
09:46:18.0618 1528 wscsvc - ok
09:46:18.0670 1528 WSearch - ok
09:46:19.0209 1528 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
09:46:19.0298 1528 wuauserv - ok
09:46:19.0370 1528 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:46:19.0401 1528 WUDFRd - ok
09:46:19.0459 1528 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
09:46:19.0494 1528 wudfsvc - ok
09:46:19.0540 1528 MBR (0x1B8) (beedf9b7f43a72a91456f7131afc11b2) \Device\Harddisk0\DR0
09:46:21.0391 1528 \Device\Harddisk0\DR0 - ok
09:46:21.0431 1528 Boot (0x1200) (428d36af032643fda962457ef87aeaf0) \Device\Harddisk0\DR0\Partition0
09:46:21.0486 1528 \Device\Harddisk0\DR0\Partition0 - ok
09:46:21.0487 1528 ============================================================
09:46:21.0487 1528 Scan finished
09:46:21.0487 1528 ============================================================
09:46:21.0498 1176 Detected object count: 0
09:46:21.0498 1176 Actual detected object count: 0




aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-20 09:54:34
-----------------------------
09:54:34.681 OS Version: Windows 6.0.6002 Service Pack 2
09:54:34.681 Number of processors: 2 586 0xF06
09:54:34.682 ComputerName: COREY-PC UserName: COREY
09:54:36.527 Initialize success
09:54:40.514 AVAST engine defs: 12042000
09:54:48.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:54:48.596 Disk 0 Vendor: WDC_WD4000KS-19MNB0 07.02E07 Size: 381554MB BusType: 3
09:54:48.610 Disk 0 MBR read successfully
09:54:48.613 Disk 0 MBR scan
09:54:48.618 Disk 0 unknown MBR code
09:54:48.627 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 381552 MB offset 2048
09:54:48.634 Disk 0 scanning sectors +781420544
09:54:48.951 Disk 0 scanning C:\Windows\system32\drivers
09:55:28.039 Service scanning
09:55:44.369 Service MpKsla9dc2042 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5D2E8641-3023-4558-8AE9-F08A45C8CF76}\MpKsla9dc2042.sys **LOCKED** 32
09:55:44.399 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
09:56:00.165 Modules scanning
09:56:39.053 Disk 0 trace - called modules:
09:56:39.069
09:56:40.824 AVAST engine scan C:\Windows
09:57:28.002 AVAST engine scan C:\Windows\system32
10:03:51.415 AVAST engine scan C:\Windows\system32\drivers
10:04:10.455 AVAST engine scan C:\Users\COREY
10:20:47.771 AVAST engine scan C:\ProgramData
10:32:38.213 Scan finished successfully
10:36:25.855 Disk 0 MBR has been saved successfully to "C:\Users\COREY\Desktop\Sherri\MBR.dat"
10:36:25.863 The log file has been saved successfully to "C:\Users\COREY\Desktop\Sherri\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:05 PM

Posted 20 April 2012 - 01:35 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\program files\Application Updater
c:\program files\YouTube Downloader Toolbar
c:\program files\Common Files\Spigot
c:\program files\Ask.com
c:\program files\Windows Searchqu Toolbar

DDS::
uStart Page = hxxp://www.searchnu.com/413

Firefox::
FF - ProfilePath - c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/413
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=413&sr=0&q=
FF - Ext: SearchquToolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - %profile%\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Shadowz85

Shadowz85
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:05 PM

Posted 22 April 2012 - 10:15 PM

Okay. It was a little scary. Even though I know running these utilities can cause unexpected results, but I really felt we were at a pretty stable spot. So I ran ComboFix as suggested shortly before my nephew was scheduled to meet with a group online. When I glanced at the log file it looked like it had done something with the browser, so after closing the log, I launched the browser. I got a message like "explore.exe (firefox.exe...) is scheduled to be remove and ... and then it would run.
I ended up rebooting the computer and the browsers all came back.
So far things look okay. Can I reinstall the GoToManage software now?
Should I worry about the restore points?


ComboFix 12-04-20.03 - COREY 04/20/2012 21:43:35.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2047.1062 [GMT -7:00]
Running from: c:\users\COREY\Downloads\ComboFix.exe
Command switches used :: c:\users\COREY\Desktop\Sherri\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Application Updater
c:\program files\Application Updater\ApplicationUpdater.exe
c:\program files\Application Updater\config.ini
c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\precache.exe
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\Updater\config.xml
c:\program files\Ask.com\Updater\Updater.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\Common Files\Spigot
c:\program files\Common Files\Spigot\GC\coupons_1.0.crx
c:\program files\Common Files\Spigot\Search Settings\baidu_ff.xml
c:\program files\Common Files\Spigot\Search Settings\baidu_ie.xml
c:\program files\Common Files\Spigot\Search Settings\config.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1031.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1033.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1034.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1036.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1040.ini
c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files\Common Files\Spigot\Search Settings\wth.dll
c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files\Common Files\Spigot\Search Settings\yandex_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yandex_ie.xml
c:\program files\Common Files\Spigot\wtxpcom\chrome.manifest
c:\program files\Common Files\Spigot\wtxpcom\components\chrome.manifest
c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt
c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt
c:\program files\Common Files\Spigot\wtxpcom\components\install.rdf
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9
c:\program files\Common Files\Spigot\wtxpcom\install.rdf
c:\program files\YouTube Downloader Toolbar
c:\program files\YouTube Downloader Toolbar\FF\chrome.manifest
c:\program files\YouTube Downloader Toolbar\FF\chrome\chrome.jar
c:\program files\YouTube Downloader Toolbar\FF\install.rdf
c:\program files\YouTube Downloader Toolbar\IE\5.4\config.ini
c:\program files\YouTube Downloader Toolbar\IE\5.4\youtubedownloaderToolbarIE.dll
c:\program files\YouTube Downloader Toolbar\Res\amazon.gif
c:\program files\YouTube Downloader Toolbar\Res\dailymotion.gif
c:\program files\YouTube Downloader Toolbar\Res\dropinsavings.gif
c:\program files\YouTube Downloader Toolbar\Res\dropinsavingsabt.gif
c:\program files\YouTube Downloader Toolbar\Res\ebay.gif
c:\program files\YouTube Downloader Toolbar\Res\facebook.gif
c:\program files\YouTube Downloader Toolbar\Res\googleplus.gif
c:\program files\YouTube Downloader Toolbar\Res\hulu.gif
c:\program files\YouTube Downloader Toolbar\Res\icon_settings.gif
c:\program files\YouTube Downloader Toolbar\Res\Lang\res1031.ini
c:\program files\YouTube Downloader Toolbar\Res\Lang\res1033.ini
c:\program files\YouTube Downloader Toolbar\Res\Lang\res1034.ini
c:\program files\YouTube Downloader Toolbar\Res\Lang\res1036.ini
c:\program files\YouTube Downloader Toolbar\Res\Lang\res1040.ini
c:\program files\YouTube Downloader Toolbar\Res\metacafe.gif
c:\program files\YouTube Downloader Toolbar\Res\radio-close.gif
c:\program files\YouTube Downloader Toolbar\Res\radio-minimize.gif
c:\program files\YouTube Downloader Toolbar\Res\radiobeta.gif
c:\program files\YouTube Downloader Toolbar\Res\search-button-hover.gif
c:\program files\YouTube Downloader Toolbar\Res\search-button.gif
c:\program files\YouTube Downloader Toolbar\Res\search-chevron-hover.gif
c:\program files\YouTube Downloader Toolbar\Res\search-chevron.gif
c:\program files\YouTube Downloader Toolbar\Res\search_amazon.gif
c:\program files\YouTube Downloader Toolbar\Res\search_baidu.gif
c:\program files\YouTube Downloader Toolbar\Res\search_ebay.gif
c:\program files\YouTube Downloader Toolbar\Res\search_yahoo.gif
c:\program files\YouTube Downloader Toolbar\Res\search_yandex.gif
c:\program files\YouTube Downloader Toolbar\Res\search_youtube.gif
c:\program files\YouTube Downloader Toolbar\Res\twitter.gif
c:\program files\YouTube Downloader Toolbar\Res\veoh.gif
c:\program files\YouTube Downloader Toolbar\Res\widgets.xml
c:\program files\YouTube Downloader Toolbar\Res\youtube.gif
c:\program files\YouTube Downloader Toolbar\Res\ytd.gif
c:\program files\YouTube Downloader Toolbar\Res\ytd_logo.gif
c:\program files\YouTube Downloader Toolbar\Res\ytd_logo_hover.gif
c:\program files\YouTube Downloader Toolbar\WidgiHelper.exe
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome.manifest
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\bandoocode.js
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data\search\engines.xml
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data\search\search.xsl
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\about.xml
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\bandoocode.js
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\dtxpanel.xul
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\dtxpaneltransparent.xul
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\dtxpanelwin.xul
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\dtxprefwin.xul
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\dtxtransparentwin.xul
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\dtxwin.xul
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\emailnotifierproviders.xml
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\external.js
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\neterror.xhtml
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\vmncode.js
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib\wmpstreamer.html
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\modules\datastore.jsm
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\modules\nsDragAndDrop.js
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\neterror.xhtml
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\partner.coupons.xml
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\preferences.xml
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\radiobeta.js
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\template.xml
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\toolbar.htm
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\toolbar.xul
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\vmncode.js
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\vmnrsswin.xml
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\babylon_logo.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\bandoo.css
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\bluelite.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\bluesky.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\btn-search-over.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\btn-search.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\btn-settings-over.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\btn-settings.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\btn-widgets-over.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\btn-widgets.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\btn_settings.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\ca.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\dictionary.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\divider.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\downloadcom.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\dtxlogo.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\ebay.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\email.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\email_on.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\facebook.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\games.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\graphred0.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\graphred0_5.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\graphred1.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\graphred1_5.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\graphred2.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\graphred2_5.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\graphred3.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\graphred3_5.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\graphred4.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\graphred4_5.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\graphred5.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\graphredna.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\grey.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\ico-shield.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\icon_amazon.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\icon_games.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\icon_radio_png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\icon_seperator_png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\icon_twitter.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\icon_youtube.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\images.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\imesh.css
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\add.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\aol.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\arrow-dn.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\arrow-right-disabled.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\arrow-right.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\arrow-up.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\bg-btn-divider.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\bg-btn-end.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\bg-btn-mdl.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\bg-btn-mdl_ff.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\bg-btn-start.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\bg-btnover-divider.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\bg-btnover-end.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\bg-btnover-mdl.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\bg-btnover-start.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\blank.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\btn-widgets-over.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\btn-widgets.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\btn_slider.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\btnback-down-vista.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\btnback-vista.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\btnleft-down-vista.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\btnleft-vista.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\btnright-down-vista.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\btnright-vista.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\button-splitter-down-vista.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\button-splitter-vista.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\checkmark.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\chevron.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\collapse.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\comcast.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\dtx.css
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\edit-back-hot.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\edit-back.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\expand.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\found.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\gmail.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\highlight.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\highlight_blue.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\highlight_cyan.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\highlight_lime.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\highlight_magenta.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\highlight_yellow.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\hotmail.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\ico-check.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\imap.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\lastsearch-thumb-back.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\loadingMid.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\lock.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\logo-separator.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\mailcom.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\menu_bg-basic.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\menu_separator_bar.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\menu_separator_white.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\menuitem-splitter.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\menuitemback-down-vista.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\menuitemback-vista.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\menuitemleft-down-vista.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\menuitemleft-vista.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\menuitemright-down-vista.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\menuitemright-vista.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\modify.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\move.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\movetarget.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css\panels.css
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css\popupAbout.css
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css\popupGames.css
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css\popupRSS.css
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css\popupWidgets.css
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\css\dialog.css
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\bg.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\btn-search.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\default.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\transparent.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\win-left.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images\win-right.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\main.html
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\scripts\defscript.js
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\footer.htm
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\gamecategory.xsl
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\gameData.js
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\gameList.xsl
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\games.xsl
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\gametype.xsl
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\arrow-dn.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\arrow-sml.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\arrow-up.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\bg-btnover.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-back.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-close-grey.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-drag.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-mdl.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-moredetails.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-next-over.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-next.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-play-left.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-previous-over.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-previous.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-right-over.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\btn-try-left.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\bullet-orange.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\gamethumb-on.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\ico-calendar.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\ico-dollar.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\ico-download.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\ico-joystick24.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\ico-news24.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\ico-play.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\ico-tags.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\icon-Add.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\icon-download.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\icon-Info.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\icon-play.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\icon-shop.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\menul-bgon.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\menul-bgover.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\scroll-bg.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\scroll-topwin.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\scrollb-disable.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\scrollb-down.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\scrollb-over.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\scrollb.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\scrollt-disable.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\scrollt-down.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\scrollt-over.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\scrollt.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\star_x_grey.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\star_x_orange.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\view-detailed-on.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\view-detailed-over.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\view-thumb-on.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\view-thumb-over.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images\widgets.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\initHTML.html
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\popupGames.html
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\popupHTML.html
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\popupRSS.html
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\popupWidgets.html
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\scroll.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\pop.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\css\manager.css
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\css\slider.css
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\bg-pnl.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\btn-close-grey.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\collapsed_button.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\expanded_button.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\ico-playstation.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\ico-radio.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\music-note.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-btn-play.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-eq-off.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-options-design.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-options-on.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-options.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-volume-0.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-volume-1.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-volume-2.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-volume-3.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\scrollbar-track.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\slider.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\slideron.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images\track.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\managerpanel.html
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\volumeslider.html
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radiobeta-buffering.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radiobeta-connecting.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radiobeta-playing.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radiobeta-stopped.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radiobeta.ico
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\reload.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\remove.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\rename.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\resize-box.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\rss.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\rsschannelback.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\RSSLogo.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\rsstabdivider.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\scroll-left.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\scroll-right.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\search-go.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\search.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\text-ellipsis.xml
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\throbber.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\toolbarsplitter.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\transparent_1px.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_02.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_03.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_04.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_06.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_07.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_08.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_09.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_10.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_11.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_12.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_13.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_14.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_15.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_16.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_18.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_19.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_20.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\border_21.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\btn-close-grey.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\btn-close-greyover.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\close-hot.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\close-normal.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\loadingMid.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\proxy.html
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\template.html
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\template.xml
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\templateFF.html
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa\throbber.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons\na.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\yahoo.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lichen.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\logo-about.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\logo-over.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\logo-separator.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\logo.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\mail.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\maps.bmp
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\menuseparatorback.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\modify-save.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\modify.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\modifyhot.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\music.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\news.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options\options-main.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options\options-search.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options\options-weather.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options\options-weather.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options\options-widgets.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\orange.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\pixsy.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\protect-id.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\radiobeta-buffering.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\radiobeta-connecting.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\radiobeta-playing.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\radiobeta-stopped.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\radiobeta.ico
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\relatedlinks.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rss-collapse.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rss-delete.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rss-expand.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rss-feed.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rss-folder-remove.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rss-folder-rename.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rss-folder.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rss-found.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rss-reload.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rss-subscribe.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rss.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rssback.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\rsstopback.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\search-over.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\search.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\search_button_over_png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\search_button_png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar\searchbar-background-left.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar\searchbar-background-middle.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar\searchbar-background-right.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\settings.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\shopping.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\siteinfo.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\skin-bluelite.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\skin-bluesky.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\skin-grey.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\skin-lichen.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\skin-orange.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\skin-yellow.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\skin.xml
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\technorati.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\throbber.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\toolbarsplitter.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\translate.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\video.bmp
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\vmn.css
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\vmn.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\weather.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\web.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\widgets-square-16px.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\wikipedia.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\yahoosearch.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\yellow.gif
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\youtube.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\zoom.png
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency.dll
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.5.dll
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.6.dll
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\IdtTransparency.xpt
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\IdtTransparency3.5.xpt
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\IdtTransparency3.6.xpt
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\windowmediator.js
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\install.rdf
c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\manifest.xml
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Application Updater
-------\Service_Application Updater
.
.
((((((((((((((((((((((((( Files Created from 2012-03-21 to 2012-04-21 )))))))))))))))))))))))))))))))
.
.
2012-04-12 10:17 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 10:17 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 10:15 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 10:15 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-09 04:55 . 2012-04-09 04:55 -------- d-----w- c:\programdata\boost_interprocess
2012-04-09 04:55 . 2012-02-15 21:51 360448 ----a-w- c:\windows\system32\TubeFinder.exe
2012-04-09 04:55 . 2011-09-28 16:18 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
2012-04-09 04:55 . 2011-09-28 16:18 84512 ----a-w- c:\windows\system32\PICCLP32.OCX
2012-04-09 04:55 . 2011-09-28 16:18 364544 ----a-w- c:\windows\system32\PropertyGrid.ocx
2012-04-09 04:55 . 2011-09-28 16:18 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2012-04-09 04:55 . 2011-09-28 16:18 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2012-04-09 04:55 . 2011-09-28 16:18 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2012-04-09 04:55 . 2012-04-09 05:12 -------- d-----w- c:\program files\Free FLV Converter
2012-04-09 04:55 . 2012-04-09 05:03 -------- d-----w- c:\users\COREY\AppData\Roaming\FreeFLVConverter
2012-04-09 04:55 . 2011-09-28 16:18 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2012-04-09 04:55 . 2011-09-28 16:18 24576 ----a-w- c:\windows\system32\ControlSubX.ocx
2012-04-09 04:28 . 2012-04-09 04:28 -------- d-----w- c:\users\COREY\AppData\Roaming\Replay Media Catcher 4
2012-04-09 04:28 . 2012-04-09 04:28 -------- d-----w- c:\programdata\Applian
2012-04-09 00:19 . 2012-04-09 00:25 -------- d-----w- c:\programdata\xml_param
2012-04-09 00:17 . 2012-04-09 00:17 -------- d-----w- c:\users\COREY\AppData\Roaming\Wondershare Video Converter Ultimate
2012-04-09 00:17 . 2012-04-09 00:17 -------- d-----w- c:\users\COREY\AppData\Local\Wondershare
2012-04-09 00:17 . 2012-04-09 00:17 -------- d-----w- c:\program files\Common Files\Wondershare
2012-04-09 00:16 . 2011-08-31 21:39 892928 ----a-w- c:\windows\system32\iconv.dll
2012-04-09 00:16 . 2011-08-31 21:39 675840 ----a-w- c:\windows\system32\ac3filter.ax
2012-04-09 00:16 . 2012-04-09 02:22 -------- d-----w- c:\program files\Wondershare
2012-04-08 11:17 . 2012-04-08 11:17 -------- d-----w- c:\programdata\YTD YouTube Downloader & Converter
2012-04-08 11:17 . 2012-04-08 11:17 -------- d-----w- c:\program files\YTD YouTube Downloader & Converter
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2012-03-31 11:49 . 2012-03-31 11:49 -------- d-----w- c:\users\COREY\AppData\Local\SCE
2012-03-31 11:48 . 2012-03-31 11:48 -------- d-----w- c:\users\Public\Sony Online Entertainment
2012-03-30 22:10 . 2012-04-14 08:39 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-23 05:36 . 2012-03-23 05:35 196984 ----a-w- c:\windows\system32\g2ax_credential_provider_383.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-21 03:58 . 2012-04-21 03:58 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{67A01F2D-EFAB-4541-A12F-9E24B090AFED}\MpKsl16ee7de9.sys
2012-04-14 08:39 . 2011-05-13 20:50 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-13 07:36 . 2012-04-21 03:51 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{67A01F2D-EFAB-4541-A12F-9E24B090AFED}\mpengine.dll
2012-04-13 07:36 . 2011-08-22 03:16 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-04 22:56 . 2010-12-12 02:14 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-29 15:11 . 2012-04-12 10:17 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11 . 2012-04-12 10:17 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-28 11:30 . 2012-04-12 05:48 916992 ----a-w- c:\windows\system32\wininet.dll
2012-02-18 22:59 . 2010-04-22 05:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-14 15:45 . 2012-03-14 06:15 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 06:15 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-14 06:15 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-14 06:15 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-14 06:15 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 06:51 . 2012-02-10 06:54 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C33F741B-6AA4-48C8-B28E-6C21363B5B52}\gapaengine.dll
2012-02-02 15:16 . 2012-03-14 06:15 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2009-10-03 02:40 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-17 171448]
"TivoServer"="c:\program files\TiVo\Desktop\TiVoServer.exe" [2010-08-25 2264336]
"TivoTransfer"="c:\program files\TiVo\Desktop\TiVoTransfer.exe" [2010-08-25 608528]
"TivoNotify"="c:\program files\TiVo\Desktop\TiVoNotify.exe" [2010-08-25 437520]
"TranscodingService"="c:\program files\TiVo\Desktop\Plus\\TranscodingService.exe" [2010-08-25 856336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Steam"="c:\program files\Steam\Steam.exe" [2012-02-26 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952]
"Creative Mouse Software"="c:\program files\Creative\Shared Files\CIDS\CTStray.exe" [2005-10-24 65536]
"Creative Keyboard Software"="c:\program files\Creative\Shared Files\CIDS\CTStray.exe" [2005-10-24 65536]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-17 1197648]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"CLMLServer"="c:\program files\Cyberlink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Live Update 5"="c:\program files\MSI\Live Update 5\LU5.exe" [2011-12-15 1935888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]
2012-03-23 05:35 608632 ----a-w- c:\program files\Citrix\GoToAssist Express Customer\383\g2ax_winlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-04-04 22:56 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 08:39]
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-352308663-582380511-1965928383-1002Core.job
- c:\users\COREY\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 22:37]
.
2012-04-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-352308663-582380511-1965928383-1002UA.job
- c:\users\COREY\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 22:37]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\COREY\AppData\Roaming\Mozilla\Firefox\Profiles\plnplmne.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WebMail Notifier: {37fa1426-b82d-11db-8314-0800200c9a66} - %profile%\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
HKLM-Run-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
HKLM-Run-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-20 21:59
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\atiesrxx.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Citrix\GoToAssist Express Customer\383\g2ax_service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe
c:\windows\system32\vmnat.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\VMware\VMware Player\vmware-authd.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\Citrix\GoToAssist Express Customer\383\g2ax_comm_customer.exe
c:\program files\Citrix\GoToAssist Express Customer\383\g2ax_system_customer.exe
c:\program files\Citrix\GoToAssist Express Customer\383\g2ax_user_customer.exe
c:\windows\RtHDVCpl.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\mcupdate.EXE
.
**************************************************************************
.
Completion time: 2012-04-20 22:04:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-21 05:04
ComboFix2.txt 2012-04-20 15:27
.
Pre-Run: 196,640,198,656 bytes free
Post-Run: 196,764,360,704 bytes free
.
- - End Of File - - 253B8D9518C22A333725125AD55C415D

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:05 PM

Posted 22 April 2012 - 10:45 PM

Greetings

Can I reinstall the GoToManage software now?
Should I worry about the restore points?

yes you can reinstall it now and I will remove the restore points later

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

ALOT Toolbar
Ask Toolbar
Bing Bar
Java™ 6 Update 16
Java™ 6 Update 5
Java™ 6 Update 7
Windows Searchqu Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Shadowz85

Shadowz85
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:05 PM

Posted 23 April 2012 - 12:00 AM

I got as far as the CCleaner. I've used that before and I love it. On this computer I need to keep a couple of cookies for a game that my nephew plays. I didn't see a place to do that. Is there a place to add exceptions to CCleaner?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:05 PM

Posted 23 April 2012 - 12:09 AM

Hello


here you go - http://www.piriform.com/docs/ccleaner/ccleaner-settings/choosing-which-cookies-to-keep
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Shadowz85

Shadowz85
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:05 PM

Posted 24 April 2012 - 11:31 PM

Thanks Gringo,
Sorry took so long to reply.
My nephew asked me to remove VMWare and a program called Steam, so if you notice anything, it was on purpose.
Here are the log files you asked for...
Things are behaving normally.

MBAM Log

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5298

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

12/11/2010 6:58:58 PM
mbam-log-2010-12-11 (18-58-58).txt

Scan type: Quick scan
Objects scanned: 139367
Time elapsed: 4 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{BEAC7DC8-E106-4C6A-931E-5A42E7362883} (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\GamevanceText.Linker.1 (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\GamevanceText.Linker (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BEAC7DC8-E106-4C6A-931E-5A42E7362883} (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEAC7DC8-E106-4C6A-931E-5A42E7362883} (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\GamevanceText.DLL (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AppDataLow\gvtl (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.
c:\Users\COREY\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com (Adware.GamesVance) -> Delete on reboot.
c:\Users\COREY\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome (Adware.GamesVance) -> Quarantined and deleted successfully.
c:\Users\COREY\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components (Adware.GamesVance) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\gamevance\gvtl.dll (Adware.GameVance) -> Quarantined and deleted successfully.
c:\program files\gamevance\ars.cfg (Adware.Gamevance) -> Quarantined and deleted successfully.
c:\program files\gamevance\gamevancelib32.dll (Adware.Gamevance) -> Quarantined and deleted successfully.
c:\program files\gamevance\gvun.exe (Adware.Gamevance) -> Quarantined and deleted successfully.
c:\program files\gamevance\icon.ico (Adware.Gamevance) -> Quarantined and deleted successfully.
c:\Users\COREY\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome.manifest (Adware.GamesVance) -> Quarantined and deleted successfully.
c:\Users\COREY\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\install.rdf (Adware.GamesVance) -> Quarantined and deleted successfully.
c:\Users\COREY\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome\gvtextlinks.jar (Adware.GamesVance) -> Quarantined and deleted successfully.
c:\Users\COREY\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.xpt (Adware.GamesVance) -> Quarantined and deleted successfully.


HiJackThis Log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:25:26 PM, on 4/24/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19222)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Creative\Shared Files\CIDS\CTStray.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\TiVo\Desktop\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Citrix\GoToAssist Express Customer\403\g2ax_user_customer.exe
C:\Windows\system32\wuauclt.exe
C:\Users\COREY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\COREY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\COREY\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\SnippingTool.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Creative Mouse Software] C:\Program Files\Creative\Shared Files\CIDS\CTStray.exe
O4 - HKLM\..\Run: [Creative Keyboard Software] C:\Program Files\Creative\Shared Files\CIDS\CTStray.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Live Update 5] C:\Program Files\MSI\Live Update 5\LU5.exe /reminder
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TivoServer] C:\Program Files\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [TivoTransfer] C:\Program Files\TiVo\Desktop\TiVoTransfer.exe
O4 - HKCU\..\Run: [TivoNotify] C:\Program Files\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TranscodingService] C:\Program Files\TiVo\Desktop\Plus\\TranscodingService.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: GoToAssist Express Customer - C:\Program Files\Citrix\GoToAssist Express Customer\403\g2ax_winlogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoToAssist Express Customer - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist Express Customer\403\g2ax_service.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)

--
End of file - 7751 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:05 PM

Posted 24 April 2012 - 11:35 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
      O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
      O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
      O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe"
      O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [TivoServer] C:\Program Files\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer
      O4 - HKCU\..\Run: [TivoTransfer] C:\Program Files\TiVo\Desktop\TiVoTransfer.exe
      O4 - HKCU\..\Run: [TivoNotify] C:\Program Files\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify
      O4 - HKCU\..\Run: [TranscodingService] C:\Program Files\TiVo\Desktop\Plus\\TranscodingService.exe
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Shadowz85

Shadowz85
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:05 PM

Posted 27 April 2012 - 09:46 AM

Gringo,
Thanks for all your help. I had to return back home before I could do the last part of running the ESet Scan. I can access the computer remotely, but will have to wait until my nephew is off of it. It now seems to be performing perfectly. Interestingly, I did not reinstall the GotoAssist, but it showed back up again.
I will consider this case successfully closed. If I do get a chance to run that ESet scan in a timely manner and it catches something, I'll repost.

Thanks again!
Sherri

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:05 PM

Posted 27 April 2012 - 12:23 PM

Hello Sherri

There are other things that need to be done if eset comes back clean - like remove our tools as they can be dangerous if someone finds them and decides to use them



Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Shadowz85

Shadowz85
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:05 PM

Posted 29 April 2012 - 11:27 AM

I ran the Eset online scanner, but I ran it without telling it to remove found viruses. Since I am no longer onsite, I can't take a chance that it will remove my remote control software. It did find something called "searchsuite" toolbar, which appears to be something under a searchqu folder.

Here is the log file. It looks like ESet is finding the files in quarantine... not actually an active infection. Can I continue with removing your software?

Eset log file

C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll.vir Win32/Toolbar.SearchSuite application
C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\datamngr.dll.vir Win32/Toolbar.SearchSuite application
C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe.vir a variant of Win32/Toolbar.SearchSuite application
C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\DnsBHO.dll.vir Win32/Toolbar.SearchSuite application
C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\IEBHO.dll.vir Win32/Toolbar.SearchSuite application




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users