Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

searchnu.com


  • This topic is locked This topic is locked
14 replies to this topic

#1 petow

petow

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 05 May 2012 - 09:52 AM

Hello,
I have recently been having a problem with http://www.searchnu.com/406?tag=newtab opening whenever I open a new tab. I have run malwarebytes and avast free antivirus and no infection have shown up. I don't know if its related but I have two 500gb hard drives that have both stopped working in the last two weeks. I have no idea what to do and any help would be greatly appreciated
Thanks,
Peter


MOD Edit: merging posts///
Hello Peter

Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in this topic,thanks.

I created the logs and attached them. Thanks for helping

Attached Files


Edited by boopme, 05 May 2012 - 02:30 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:19 AM

Posted 05 May 2012 - 02:35 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 petow

petow
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 06 May 2012 - 09:18 AM

Security Check

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

#4 petow

petow
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 06 May 2012 - 09:47 AM

I ran combofix and it told me avast was still running but i had stopped the process for it and disabled the avast services. When i open a new tab it still opens with searchnu. Here is the combofix log.

ComboFix 12-05-06.01 - petow 05/06/2012 10:32:42.1.2 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4095.3254 [GMT -4:00]
Running from: c:\users\petow\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\petow\AppData\Roaming\vso_ts_preview.xml
c:\users\petow\Documents\~WRL0001.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-04-06 to 2012-05-06 )))))))))))))))))))))))))))))))
.
.
2012-05-03 06:58 . 2012-05-06 09:37 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0AAD36E9-6D69-41E5-BD24-FD921DE86E0B}\offreg.dll
2012-05-01 08:37 . 2012-04-18 07:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0AAD36E9-6D69-41E5-BD24-FD921DE86E0B}\mpengine.dll
2012-04-28 03:36 . 2012-04-28 03:36 -------- d-----w- c:\programdata\boost_interprocess
2012-04-21 19:43 . 2012-04-21 19:43 -------- d-----w- c:\users\petow\AppData\Local\Ilivid Player
2012-04-21 19:43 . 2012-04-21 19:43 -------- d-----w- c:\program files (x86)\Searchqu Toolbar
2012-04-12 07:04 . 2012-02-28 01:11 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-04-12 07:04 . 2012-02-28 06:49 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-04-12 07:04 . 2012-02-28 01:13 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-04-12 07:04 . 2012-02-28 06:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-04-12 07:00 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 07:00 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 07:00 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 07:00 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 07:00 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 07:00 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 07:00 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 19:56 . 2011-08-24 16:00 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-23 14:18 . 2010-03-04 01:22 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-23 08:03 . 2012-02-23 08:03 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-23 08:03 . 2012-02-23 08:03 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-23 08:03 . 2012-02-23 08:03 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-23 08:03 . 2012-02-23 08:03 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-23 08:03 . 2012-02-23 08:03 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-23 08:03 . 2012-02-23 08:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-23 08:03 . 2012-02-23 08:03 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-23 08:03 . 2012-02-23 08:03 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-23 08:03 . 2012-02-23 08:03 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-23 08:03 . 2012-02-23 08:03 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-23 08:03 . 2012-02-23 08:03 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-23 08:03 . 2012-02-23 08:03 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-23 08:03 . 2012-02-23 08:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-23 08:03 . 2012-02-23 08:03 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-23 08:03 . 2012-02-23 08:03 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-23 08:03 . 2012-02-23 08:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-23 08:03 . 2012-02-23 08:03 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-23 08:03 . 2012-02-23 08:03 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-23 08:03 . 2012-02-23 08:03 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-23 08:03 . 2012-02-23 08:03 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-23 08:03 . 2012-02-23 08:03 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-23 08:03 . 2012-02-23 08:03 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-23 08:03 . 2012-02-23 08:03 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-23 08:03 . 2012-02-23 08:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-23 08:03 . 2012-02-23 08:03 448512 ----a-w- c:\windows\system32\html.iec
2012-02-23 08:03 . 2012-02-23 08:03 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-23 08:03 . 2012-02-23 08:03 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-23 08:03 . 2012-02-23 08:03 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-23 08:03 . 2012-02-23 08:03 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-23 08:03 . 2012-02-23 08:03 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-23 08:03 . 2012-02-23 08:03 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-23 08:03 . 2012-02-23 08:03 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-23 08:03 . 2012-02-23 08:03 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-23 08:03 . 2012-02-23 08:03 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-23 08:01 . 2012-02-23 08:01 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-02-23 08:01 . 2012-02-23 08:01 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2012-02-23 08:01 . 2012-02-23 08:01 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-02-23 08:01 . 2012-02-23 08:01 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-02-23 08:01 . 2012-02-23 08:01 4068864 ----a-w- c:\windows\system32\mf.dll
2012-02-23 08:01 . 2012-02-23 08:01 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2012-02-23 08:01 . 2012-02-23 08:01 283648 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-02-23 08:01 . 2012-02-23 08:01 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-02-23 08:01 . 2012-02-23 08:01 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-02-23 08:01 . 2012-02-23 08:01 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-02-23 08:01 . 2012-02-23 08:01 206848 ----a-w- c:\windows\system32\mfps.dll
2012-02-23 08:01 . 2012-02-23 08:01 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2012-02-23 08:01 . 2012-02-23 08:01 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2012-02-23 08:01 . 2012-02-23 08:01 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2012-02-23 08:01 . 2012-02-23 08:01 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2012-02-23 08:01 . 2012-02-23 08:01 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2012-02-23 08:01 . 2012-02-23 08:01 144384 ----a-w- c:\windows\system32\cdd.dll
2012-02-23 08:01 . 2012-02-23 08:01 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2012-02-23 08:01 . 2012-02-23 08:01 1133568 ----a-w- c:\windows\system32\FntCache.dll
2012-02-15 06:27 . 2012-03-14 11:34 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 05:44 . 2012-03-14 11:34 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-15 04:47 . 2012-03-14 11:34 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:46 . 2012-03-14 11:34 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-02-15 03:21 . 2012-02-15 03:21 25839104 ----a-w- c:\windows\system32\atio6axx.dll
2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-02-15 03:18 . 2012-02-15 03:18 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-02-15 03:17 . 2011-05-25 03:06 957952 ----a-w- c:\windows\system32\aticfx64.dll
2012-02-15 03:13 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-02-15 03:07 . 2011-12-06 03:06 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-02-15 02:52 . 2011-05-25 02:49 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-02-15 02:40 . 2012-02-15 02:40 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-02-15 02:34 . 2012-02-15 02:34 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll
2012-02-15 02:29 . 2012-02-15 02:29 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-02-15 02:25 . 2012-02-15 02:25 7551488 ----a-w- c:\windows\system32\atiumd64.dll
2012-02-15 02:16 . 2010-02-03 03:23 58880 ----a-w- c:\windows\system32\coinst.dll
2012-02-15 02:14 . 2012-02-15 02:14 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-02-15 02:13 . 2012-02-15 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-02-15 02:12 . 2010-02-03 03:23 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-02-15 02:12 . 2011-12-06 02:11 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-02-15 02:12 . 2012-02-15 02:12 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-02-15 02:12 . 2012-02-15 02:12 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="d:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2011-03-26 64112]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\SEARCH~1\Datamngr\datamngr.dll c:\progra~2\SEARCH~1\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 aswSP;aswSP; [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
R2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2009-06-23 127352]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-10 136176]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-26 539248]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-10 136176]
R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-10 19:54]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-10 19:54]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\SEARCH~1\Datamngr\x64\datamngr.dll c:\progra~2\SEARCH~1\Datamngr\x64\IEBHO.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.searchnu.com/406
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\petow\AppData\Roaming\Mozilla\Firefox\Profiles\d9h94kc4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&sr=0&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-Weather - c:\program files (x86)\AWS\WeatherBug\Weather.exe
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-TurboTax 2010 - e:\turbotax\Home & Business 2010\Installer\TurboTax 2010 Installer.exe
AddRemove-VLC media player - e:\program files (x86)\VideoLAN\VLC\uninstall.exe
AddRemove-VLC Setup Helper_is1 - e:\program files (x86)\Hobbyist Software\VLC Setup Helper\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-06 10:41:50
ComboFix-quarantined-files.txt 2012-05-06 14:41
.
Pre-Run: 11,398,774,784 bytes free
Post-Run: 11,998,597,120 bytes free
.
- - End Of File - - 242962D5998F72F9121DC9AAAC7890DD

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:19 AM

Posted 06 May 2012 - 12:34 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 petow

petow
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 06 May 2012 - 05:02 PM

tdsskiller

16:50:54.0605 0796 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
16:50:55.0073 0796 ============================================================
16:50:55.0073 0796 Current date / time: 2012/05/06 16:50:55.0073
16:50:55.0073 0796 SystemInfo:
16:50:55.0073 0796
16:50:55.0073 0796 OS Version: 6.1.7600 ServicePack: 0.0
16:50:55.0073 0796 Product type: Workstation
16:50:55.0073 0796 ComputerName: PETOW-PC
16:50:55.0073 0796 UserName: petow
16:50:55.0073 0796 Windows directory: C:\Windows
16:50:55.0073 0796 System windows directory: C:\Windows
16:50:55.0073 0796 Running under WOW64
16:50:55.0073 0796 Processor architecture: Intel x64
16:50:55.0073 0796 Number of processors: 2
16:50:55.0073 0796 Page size: 0x1000
16:50:55.0073 0796 Boot type: Safe boot with network
16:50:55.0073 0796 ============================================================
16:50:55.0916 0796 Drive \Device\Harddisk0\DR0 - Size: 0xE51424000 (57.27 Gb), SectorSize: 0x200, Cylinders: 0x1D34, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:51:02.0265 0796 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:51:02.0280 0796 ============================================================
16:51:02.0280 0796 \Device\Harddisk0\DR0:
16:51:02.0280 0796 MBR partitions:
16:51:02.0280 0796 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7285D34
16:51:02.0280 0796 \Device\Harddisk1\DR1:
16:51:02.0280 0796 MBR partitions:
16:51:02.0280 0796 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
16:51:02.0280 0796 ============================================================
16:51:02.0312 0796 C: <-> \Device\Harddisk0\DR0\Partition0
16:51:02.0327 0796 D: <-> \Device\Harddisk1\DR1\Partition0
16:51:02.0327 0796 ============================================================
16:51:02.0327 0796 Initialize success
16:51:02.0327 0796 ============================================================
16:52:02.0418 1652 ============================================================
16:52:02.0418 1652 Scan started
16:52:02.0418 1652 Mode: Manual;
16:52:02.0418 1652 ============================================================
16:52:02.0855 1652 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
16:52:02.0855 1652 1394ohci - ok
16:52:02.0886 1652 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
16:52:02.0886 1652 ACPI - ok
16:52:02.0902 1652 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
16:52:02.0902 1652 AcpiPmi - ok
16:52:02.0933 1652 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:52:02.0933 1652 adp94xx - ok
16:52:02.0980 1652 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:52:02.0980 1652 adpahci - ok
16:52:03.0011 1652 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:52:03.0011 1652 adpu320 - ok
16:52:03.0042 1652 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:52:03.0042 1652 AeLookupSvc - ok
16:52:03.0089 1652 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
16:52:03.0089 1652 AFD - ok
16:52:03.0120 1652 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
16:52:03.0120 1652 agp440 - ok
16:52:03.0152 1652 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:52:03.0152 1652 ALG - ok
16:52:03.0167 1652 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
16:52:03.0167 1652 aliide - ok
16:52:03.0214 1652 AMD External Events Utility (962227630779043b5c1d4cd157abb912) C:\Windows\system32\atiesrxx.exe
16:52:03.0214 1652 AMD External Events Utility - ok
16:52:03.0230 1652 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
16:52:03.0230 1652 amdide - ok
16:52:03.0276 1652 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:52:03.0276 1652 AmdK8 - ok
16:52:03.0604 1652 amdkmdag (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\DRIVERS\atikmdag.sys
16:52:03.0635 1652 amdkmdag - ok
16:52:03.0776 1652 amdkmdap (2d9005ea0bfd25c740e53c8dd3c069e0) C:\Windows\system32\DRIVERS\atikmpag.sys
16:52:03.0776 1652 amdkmdap - ok
16:52:03.0791 1652 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:52:03.0791 1652 AmdPPM - ok
16:52:03.0822 1652 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
16:52:03.0822 1652 amdsata - ok
16:52:03.0869 1652 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:52:03.0869 1652 amdsbs - ok
16:52:03.0885 1652 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
16:52:03.0885 1652 amdxata - ok
16:52:03.0932 1652 androidusb (d69f1e9a944a5f46a494af901ed41118) C:\Windows\system32\Drivers\motoandroid.sys
16:52:03.0932 1652 androidusb - ok
16:52:03.0978 1652 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
16:52:03.0978 1652 AppID - ok
16:52:03.0994 1652 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:52:03.0994 1652 AppIDSvc - ok
16:52:04.0025 1652 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
16:52:04.0025 1652 Appinfo - ok
16:52:04.0119 1652 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:52:04.0119 1652 Apple Mobile Device - ok
16:52:04.0150 1652 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
16:52:04.0150 1652 AppMgmt - ok
16:52:04.0181 1652 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:52:04.0181 1652 arc - ok
16:52:04.0212 1652 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:52:04.0212 1652 arcsas - ok
16:52:04.0244 1652 aswFsBlk (b76182f203e0bd5eb6a5f6538f0faee4) C:\Windows\system32\drivers\aswFsBlk.sys
16:52:04.0244 1652 aswFsBlk - ok
16:52:04.0275 1652 aswMonFlt (a88e9544edda1ce83825dd22d6a8b5f9) C:\Windows\system32\drivers\aswMonFlt.sys
16:52:04.0275 1652 aswMonFlt - ok
16:52:04.0306 1652 aswRdr (cfad2fb33b22e7039c9dc233baacbf8b) C:\Windows\system32\drivers\aswRdr.sys
16:52:04.0306 1652 aswRdr - ok
16:52:04.0322 1652 aswSP (594365e887f4a5ad3970870b352eb887) C:\Windows\system32\drivers\aswSP.sys
16:52:04.0322 1652 aswSP - ok
16:52:04.0337 1652 aswTdi (4ba0a0e1d36f88f536180ffe5efd8b7c) C:\Windows\system32\drivers\aswTdi.sys
16:52:04.0337 1652 aswTdi - ok
16:52:04.0368 1652 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:52:04.0368 1652 AsyncMac - ok
16:52:04.0384 1652 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
16:52:04.0384 1652 atapi - ok
16:52:04.0462 1652 AtiHDAudioService (2b3b05c0a7768bf033217eb8f33f9c35) C:\Windows\system32\drivers\AtihdW76.sys
16:52:04.0462 1652 AtiHDAudioService - ok
16:52:04.0493 1652 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
16:52:04.0493 1652 AtiHdmiService - ok
16:52:04.0805 1652 atikmdag (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\DRIVERS\atikmdag.sys
16:52:04.0852 1652 atikmdag - ok
16:52:04.0946 1652 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
16:52:04.0946 1652 AudioEndpointBuilder - ok
16:52:04.0946 1652 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
16:52:04.0946 1652 AudioSrv - ok
16:52:05.0070 1652 avast! Antivirus (acb544d7254f366dfb48f380bc36cd25) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
16:52:05.0070 1652 avast! Antivirus - ok
16:52:05.0086 1652 avast! Mail Scanner (acb544d7254f366dfb48f380bc36cd25) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
16:52:05.0086 1652 avast! Mail Scanner - ok
16:52:05.0102 1652 avast! Web Scanner (acb544d7254f366dfb48f380bc36cd25) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
16:52:05.0102 1652 avast! Web Scanner - ok
16:52:05.0133 1652 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
16:52:05.0133 1652 AxInstSV - ok
16:52:05.0195 1652 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:52:05.0195 1652 b06bdrv - ok
16:52:05.0226 1652 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:52:05.0242 1652 b57nd60a - ok
16:52:05.0273 1652 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:52:05.0273 1652 BDESVC - ok
16:52:05.0320 1652 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:52:05.0320 1652 Beep - ok
16:52:05.0367 1652 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
16:52:05.0367 1652 BFE - ok
16:52:05.0414 1652 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
16:52:05.0429 1652 BITS - ok
16:52:05.0476 1652 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:52:05.0476 1652 blbdrive - ok
16:52:05.0585 1652 Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
16:52:05.0601 1652 Bonjour Service - ok
16:52:05.0648 1652 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
16:52:05.0648 1652 bowser - ok
16:52:05.0663 1652 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:52:05.0663 1652 BrFiltLo - ok
16:52:05.0679 1652 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:52:05.0679 1652 BrFiltUp - ok
16:52:05.0694 1652 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:52:05.0694 1652 BridgeMP - ok
16:52:05.0726 1652 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
16:52:05.0726 1652 Browser - ok
16:52:05.0757 1652 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:52:05.0757 1652 Brserid - ok
16:52:05.0772 1652 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:52:05.0772 1652 BrSerWdm - ok
16:52:05.0804 1652 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:52:05.0804 1652 BrUsbMdm - ok
16:52:05.0804 1652 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:52:05.0804 1652 BrUsbSer - ok
16:52:05.0850 1652 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
16:52:05.0850 1652 BTCFilterService - ok
16:52:05.0882 1652 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:52:05.0882 1652 BTHMODEM - ok
16:52:05.0897 1652 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:52:05.0897 1652 bthserv - ok
16:52:05.0913 1652 catchme - ok
16:52:05.0944 1652 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:52:05.0944 1652 cdfs - ok
16:52:05.0975 1652 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
16:52:05.0975 1652 cdrom - ok
16:52:06.0006 1652 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
16:52:06.0006 1652 CertPropSvc - ok
16:52:06.0100 1652 CinemaNow Service (127d4d0e9f78834ffd1eeea3fcfb47c1) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
16:52:06.0100 1652 CinemaNow Service - ok
16:52:06.0131 1652 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:52:06.0131 1652 circlass - ok
16:52:06.0162 1652 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:52:06.0162 1652 CLFS - ok
16:52:06.0225 1652 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:52:06.0225 1652 clr_optimization_v2.0.50727_32 - ok
16:52:06.0272 1652 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:52:06.0287 1652 clr_optimization_v2.0.50727_64 - ok
16:52:06.0318 1652 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:52:06.0318 1652 CmBatt - ok
16:52:06.0318 1652 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
16:52:06.0318 1652 cmdide - ok
16:52:06.0365 1652 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
16:52:06.0365 1652 CNG - ok
16:52:06.0381 1652 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:52:06.0381 1652 Compbatt - ok
16:52:06.0412 1652 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:52:06.0412 1652 CompositeBus - ok
16:52:06.0428 1652 COMSysApp - ok
16:52:06.0443 1652 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:52:06.0443 1652 crcdisk - ok
16:52:06.0474 1652 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
16:52:06.0474 1652 CryptSvc - ok
16:52:06.0521 1652 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
16:52:06.0521 1652 CSC - ok
16:52:06.0537 1652 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
16:52:06.0552 1652 CscService - ok
16:52:06.0599 1652 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
16:52:06.0599 1652 DcomLaunch - ok
16:52:06.0646 1652 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:52:06.0646 1652 defragsvc - ok
16:52:06.0708 1652 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
16:52:06.0708 1652 DfsC - ok
16:52:06.0771 1652 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
16:52:06.0771 1652 Dhcp - ok
16:52:06.0786 1652 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:52:06.0786 1652 discache - ok
16:52:06.0818 1652 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:52:06.0818 1652 Disk - ok
16:52:06.0849 1652 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
16:52:06.0849 1652 Dnscache - ok
16:52:06.0896 1652 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
16:52:06.0896 1652 dot3svc - ok
16:52:06.0958 1652 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
16:52:06.0958 1652 Dot4 - ok
16:52:06.0989 1652 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:52:06.0989 1652 Dot4Print - ok
16:52:07.0005 1652 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
16:52:07.0005 1652 dot4usb - ok
16:52:07.0020 1652 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
16:52:07.0020 1652 DPS - ok
16:52:07.0067 1652 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:52:07.0067 1652 drmkaud - ok
16:52:07.0130 1652 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
16:52:07.0145 1652 DXGKrnl - ok
16:52:07.0161 1652 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:52:07.0161 1652 EapHost - ok
16:52:07.0270 1652 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:52:07.0270 1652 ebdrv - ok
16:52:07.0379 1652 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
16:52:07.0379 1652 EFS - ok
16:52:07.0426 1652 ehRecvr (b91d81b3b54a54ccafc03733dbc2e29e) C:\Windows\ehome\ehRecvr.exe
16:52:07.0426 1652 ehRecvr - ok
16:52:07.0442 1652 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:52:07.0442 1652 ehSched - ok
16:52:07.0504 1652 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:52:07.0504 1652 elxstor - ok
16:52:07.0520 1652 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
16:52:07.0520 1652 ErrDev - ok
16:52:07.0566 1652 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:52:07.0566 1652 EventSystem - ok
16:52:07.0582 1652 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:52:07.0598 1652 exfat - ok
16:52:07.0613 1652 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:52:07.0613 1652 fastfat - ok
16:52:07.0660 1652 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
16:52:07.0660 1652 Fax - ok
16:52:07.0691 1652 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:52:07.0691 1652 fdc - ok
16:52:07.0722 1652 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:52:07.0722 1652 fdPHost - ok
16:52:07.0738 1652 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:52:07.0738 1652 FDResPub - ok
16:52:07.0738 1652 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:52:07.0738 1652 FileInfo - ok
16:52:07.0754 1652 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:52:07.0754 1652 Filetrace - ok
16:52:07.0769 1652 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:52:07.0769 1652 flpydisk - ok
16:52:07.0800 1652 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
16:52:07.0800 1652 FltMgr - ok
16:52:07.0863 1652 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
16:52:07.0878 1652 FontCache - ok
16:52:07.0972 1652 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:52:07.0972 1652 FontCache3.0.0.0 - ok
16:52:08.0019 1652 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:52:08.0019 1652 FsDepends - ok
16:52:08.0050 1652 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
16:52:08.0050 1652 Fs_Rec - ok
16:52:08.0112 1652 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
16:52:08.0112 1652 fvevol - ok
16:52:08.0128 1652 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:52:08.0128 1652 gagp30kx - ok
16:52:08.0159 1652 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:52:08.0159 1652 GEARAspiWDM - ok
16:52:08.0190 1652 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
16:52:08.0190 1652 gpsvc - ok
16:52:08.0300 1652 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:52:08.0300 1652 gupdate - ok
16:52:08.0315 1652 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:52:08.0331 1652 gupdatem - ok
16:52:08.0378 1652 hcmon (d5fa01185a7d5a65724fd87b34e53f5b) C:\Windows\system32\drivers\hcmon.sys
16:52:08.0378 1652 hcmon - ok
16:52:08.0471 1652 hcw18bda (eee3ce595373ba78e19a3039e5346ce4) C:\Windows\system32\drivers\hcw18bda.sys
16:52:08.0487 1652 hcw18bda - ok
16:52:08.0487 1652 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:52:08.0487 1652 hcw85cir - ok
16:52:08.0534 1652 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
16:52:08.0534 1652 HdAudAddService - ok
16:52:08.0580 1652 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:52:08.0580 1652 HDAudBus - ok
16:52:08.0612 1652 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:52:08.0612 1652 HidBatt - ok
16:52:08.0643 1652 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:52:08.0643 1652 HidBth - ok
16:52:08.0674 1652 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:52:08.0674 1652 HidIr - ok
16:52:08.0721 1652 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
16:52:08.0721 1652 hidserv - ok
16:52:08.0752 1652 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
16:52:08.0752 1652 HidUsb - ok
16:52:08.0768 1652 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
16:52:08.0768 1652 hkmsvc - ok
16:52:08.0799 1652 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
16:52:08.0799 1652 HomeGroupListener - ok
16:52:08.0814 1652 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
16:52:08.0814 1652 HomeGroupProvider - ok
16:52:08.0830 1652 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
16:52:08.0830 1652 HpSAMD - ok
16:52:08.0877 1652 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
16:52:08.0892 1652 HTTP - ok
16:52:08.0908 1652 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
16:52:08.0908 1652 hwpolicy - ok
16:52:08.0924 1652 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
16:52:08.0939 1652 i8042prt - ok
16:52:08.0986 1652 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
16:52:08.0986 1652 iaStorV - ok
16:52:09.0080 1652 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:52:09.0080 1652 idsvc - ok
16:52:09.0095 1652 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:52:09.0095 1652 iirsp - ok
16:52:09.0142 1652 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
16:52:09.0142 1652 IKEEXT - ok
16:52:09.0158 1652 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
16:52:09.0158 1652 intelide - ok
16:52:09.0189 1652 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:52:09.0189 1652 intelppm - ok
16:52:09.0298 1652 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
16:52:09.0298 1652 IntuitUpdateService - ok
16:52:09.0329 1652 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:52:09.0329 1652 IPBusEnum - ok
16:52:09.0360 1652 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:52:09.0360 1652 IpFilterDriver - ok
16:52:09.0376 1652 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
16:52:09.0392 1652 iphlpsvc - ok
16:52:09.0407 1652 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:52:09.0407 1652 IPMIDRV - ok
16:52:09.0423 1652 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:52:09.0423 1652 IPNAT - ok
16:52:09.0516 1652 iPod Service (e94503089df8976f5c4c9d5168e9765f) C:\Program Files\iPod\bin\iPodService.exe
16:52:09.0516 1652 iPod Service - ok
16:52:09.0548 1652 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:52:09.0548 1652 IRENUM - ok
16:52:09.0563 1652 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
16:52:09.0563 1652 isapnp - ok
16:52:09.0594 1652 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
16:52:09.0594 1652 iScsiPrt - ok
16:52:09.0610 1652 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:52:09.0610 1652 kbdclass - ok
16:52:09.0641 1652 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
16:52:09.0641 1652 kbdhid - ok
16:52:09.0672 1652 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
16:52:09.0672 1652 KeyIso - ok
16:52:09.0719 1652 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
16:52:09.0719 1652 KSecDD - ok
16:52:09.0750 1652 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
16:52:09.0750 1652 KSecPkg - ok
16:52:09.0782 1652 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:52:09.0782 1652 ksthunk - ok
16:52:09.0828 1652 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:52:09.0828 1652 KtmRm - ok
16:52:09.0860 1652 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
16:52:09.0860 1652 L1E - ok
16:52:09.0906 1652 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
16:52:09.0906 1652 LanmanServer - ok
16:52:09.0938 1652 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
16:52:09.0938 1652 LanmanWorkstation - ok
16:52:10.0062 1652 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:52:10.0062 1652 lltdio - ok
16:52:10.0172 1652 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:52:10.0172 1652 lltdsvc - ok
16:52:10.0187 1652 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:52:10.0187 1652 lmhosts - ok
16:52:10.0218 1652 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:52:10.0218 1652 LSI_FC - ok
16:52:10.0234 1652 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:52:10.0234 1652 LSI_SAS - ok
16:52:10.0250 1652 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:52:10.0250 1652 LSI_SAS2 - ok
16:52:10.0265 1652 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:52:10.0265 1652 LSI_SCSI - ok
16:52:10.0296 1652 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:52:10.0296 1652 luafv - ok
16:52:10.0312 1652 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
16:52:10.0312 1652 Mcx2Svc - ok
16:52:10.0328 1652 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:52:10.0328 1652 megasas - ok
16:52:10.0359 1652 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:52:10.0359 1652 MegaSR - ok
16:52:10.0484 1652 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
16:52:10.0484 1652 Microsoft Office Groove Audit Service - ok
16:52:10.0530 1652 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:52:10.0530 1652 MMCSS - ok
16:52:10.0546 1652 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:52:10.0546 1652 Modem - ok
16:52:10.0577 1652 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:52:10.0577 1652 monitor - ok
16:52:10.0624 1652 motccgp (338ba6b7170111edc2e43b5b4eaf17df) C:\Windows\system32\DRIVERS\motccgp.sys
16:52:10.0624 1652 motccgp - ok
16:52:10.0655 1652 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
16:52:10.0655 1652 motccgpfl - ok
16:52:10.0671 1652 MotDev (3cc500c9b0e4d476802d277353cb2c89) C:\Windows\system32\DRIVERS\motodrv.sys
16:52:10.0671 1652 MotDev - ok
16:52:10.0733 1652 motmodem (e90aba3c6f01be2c456c4aa857b28646) C:\Windows\system32\DRIVERS\motmodem.sys
16:52:10.0733 1652 motmodem - ok
16:52:10.0764 1652 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
16:52:10.0764 1652 MotoSwitchService - ok
16:52:10.0796 1652 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys
16:52:10.0811 1652 Motousbnet - ok
16:52:10.0842 1652 motusbdevice (307727f9829fb46ff4be0e4d1dac5002) C:\Windows\system32\DRIVERS\motusbdevice.sys
16:52:10.0842 1652 motusbdevice - ok
16:52:10.0889 1652 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:52:10.0889 1652 mouclass - ok
16:52:10.0952 1652 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:52:10.0952 1652 mouhid - ok
16:52:10.0983 1652 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
16:52:10.0983 1652 mountmgr - ok
16:52:10.0998 1652 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
16:52:10.0998 1652 mpio - ok
16:52:11.0014 1652 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:52:11.0014 1652 mpsdrv - ok
16:52:11.0061 1652 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
16:52:11.0061 1652 MpsSvc - ok
16:52:11.0076 1652 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
16:52:11.0076 1652 MRxDAV - ok
16:52:11.0123 1652 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:52:11.0123 1652 mrxsmb - ok
16:52:11.0154 1652 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:52:11.0154 1652 mrxsmb10 - ok
16:52:11.0170 1652 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:52:11.0170 1652 mrxsmb20 - ok
16:52:11.0201 1652 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
16:52:11.0201 1652 msahci - ok
16:52:11.0217 1652 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
16:52:11.0217 1652 msdsm - ok
16:52:11.0248 1652 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:52:11.0248 1652 MSDTC - ok
16:52:11.0264 1652 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:52:11.0264 1652 Msfs - ok
16:52:11.0264 1652 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:52:11.0264 1652 mshidkmdf - ok
16:52:11.0295 1652 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
16:52:11.0295 1652 msisadrv - ok
16:52:11.0326 1652 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:52:11.0326 1652 MSiSCSI - ok
16:52:11.0326 1652 msiserver - ok
16:52:11.0357 1652 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:52:11.0357 1652 MSKSSRV - ok
16:52:11.0388 1652 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:52:11.0388 1652 MSPCLOCK - ok
16:52:11.0404 1652 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:52:11.0404 1652 MSPQM - ok
16:52:11.0435 1652 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
16:52:11.0435 1652 MsRPC - ok
16:52:11.0435 1652 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
16:52:11.0435 1652 mssmbios - ok
16:52:11.0466 1652 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:52:11.0466 1652 MSTEE - ok
16:52:11.0482 1652 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:52:11.0482 1652 MTConfig - ok
16:52:11.0529 1652 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
16:52:11.0529 1652 MTsensor - ok
16:52:11.0560 1652 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:52:11.0560 1652 Mup - ok
16:52:11.0607 1652 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
16:52:11.0607 1652 napagent - ok
16:52:11.0654 1652 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:52:11.0654 1652 NativeWifiP - ok
16:52:11.0810 1652 NBService (b498a14133bd09ad0817590ace4470ad) C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
16:52:11.0810 1652 NBService - ok
16:52:11.0872 1652 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
16:52:11.0888 1652 NDIS - ok
16:52:11.0903 1652 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:52:11.0903 1652 NdisCap - ok
16:52:11.0934 1652 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:52:11.0934 1652 NdisTapi - ok
16:52:11.0950 1652 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
16:52:11.0950 1652 Ndisuio - ok
16:52:11.0966 1652 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:52:11.0966 1652 NdisWan - ok
16:52:11.0981 1652 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
16:52:11.0981 1652 NDProxy - ok
16:52:12.0028 1652 Net Driver HPZ12 (d4f51e88c71bf8f06ea1be320b0bb75b) C:\Windows\system32\HPZinw12.dll
16:52:12.0028 1652 Net Driver HPZ12 - ok
16:52:12.0059 1652 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:52:12.0059 1652 NetBIOS - ok
16:52:12.0090 1652 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
16:52:12.0090 1652 NetBT - ok
16:52:12.0122 1652 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
16:52:12.0122 1652 Netlogon - ok
16:52:12.0168 1652 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:52:12.0168 1652 Netman - ok
16:52:12.0184 1652 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:52:12.0184 1652 netprofm - ok
16:52:12.0278 1652 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:52:12.0278 1652 NetTcpPortSharing - ok
16:52:12.0309 1652 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:52:12.0309 1652 nfrd960 - ok
16:52:12.0340 1652 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
16:52:12.0340 1652 NlaSvc - ok
16:52:12.0465 1652 NMIndexingService (a328a46d87bb92ce4d8a4528e9d84787) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
16:52:12.0465 1652 NMIndexingService - ok
16:52:12.0480 1652 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:52:12.0480 1652 Npfs - ok
16:52:12.0496 1652 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:52:12.0496 1652 nsi - ok
16:52:12.0512 1652 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:52:12.0512 1652 nsiproxy - ok
16:52:12.0590 1652 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
16:52:12.0590 1652 Ntfs - ok
16:52:12.0683 1652 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:52:12.0683 1652 Null - ok
16:52:12.0730 1652 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
16:52:12.0730 1652 nvraid - ok
16:52:12.0730 1652 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
16:52:12.0730 1652 nvstor - ok
16:52:12.0730 1652 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
16:52:12.0730 1652 nv_agp - ok
16:52:12.0855 1652 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:52:12.0855 1652 odserv - ok
16:52:12.0886 1652 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
16:52:12.0886 1652 ohci1394 - ok
16:52:12.0948 1652 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:52:12.0948 1652 ose - ok
16:52:12.0995 1652 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:52:12.0995 1652 p2pimsvc - ok
16:52:13.0026 1652 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:52:13.0026 1652 p2psvc - ok
16:52:13.0058 1652 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:52:13.0058 1652 Parport - ok
16:52:13.0073 1652 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
16:52:13.0073 1652 partmgr - ok
16:52:13.0104 1652 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:52:13.0104 1652 PcaSvc - ok
16:52:13.0136 1652 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
16:52:13.0136 1652 pci - ok
16:52:13.0151 1652 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
16:52:13.0151 1652 pciide - ok
16:52:13.0167 1652 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:52:13.0167 1652 pcmcia - ok
16:52:13.0198 1652 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:52:13.0198 1652 pcw - ok
16:52:13.0214 1652 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:52:13.0214 1652 PEAUTH - ok
16:52:13.0276 1652 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
16:52:13.0292 1652 PeerDistSvc - ok
16:52:13.0338 1652 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:52:13.0338 1652 PerfHost - ok
16:52:13.0448 1652 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
16:52:13.0463 1652 pla - ok
16:52:13.0510 1652 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
16:52:13.0526 1652 PlugPlay - ok
16:52:13.0572 1652 Pml Driver HPZ12 (9a80707d8b6c1806531bfd7399b3cc76) C:\Windows\system32\HPZipm12.dll
16:52:13.0572 1652 Pml Driver HPZ12 - ok
16:52:13.0588 1652 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:52:13.0588 1652 PNRPAutoReg - ok
16:52:13.0619 1652 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:52:13.0619 1652 PNRPsvc - ok
16:52:13.0650 1652 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
16:52:13.0666 1652 PolicyAgent - ok
16:52:13.0697 1652 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:52:13.0697 1652 Power - ok
16:52:13.0744 1652 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
16:52:13.0744 1652 PptpMiniport - ok
16:52:13.0775 1652 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:52:13.0775 1652 Processor - ok
16:52:13.0806 1652 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
16:52:13.0806 1652 ProfSvc - ok
16:52:13.0853 1652 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
16:52:13.0853 1652 ProtectedStorage - ok
16:52:13.0884 1652 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
16:52:13.0884 1652 Psched - ok
16:52:13.0947 1652 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:52:13.0947 1652 ql2300 - ok
16:52:14.0056 1652 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:52:14.0056 1652 ql40xx - ok
16:52:14.0087 1652 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:52:14.0087 1652 QWAVE - ok
16:52:14.0087 1652 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:52:14.0087 1652 QWAVEdrv - ok
16:52:14.0103 1652 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:52:14.0103 1652 RasAcd - ok
16:52:14.0134 1652 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:52:14.0134 1652 RasAgileVpn - ok
16:52:14.0150 1652 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:52:14.0150 1652 RasAuto - ok
16:52:14.0181 1652 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:52:14.0181 1652 Rasl2tp - ok
16:52:14.0212 1652 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
16:52:14.0212 1652 RasMan - ok
16:52:14.0259 1652 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:52:14.0259 1652 RasPppoe - ok
16:52:14.0274 1652 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:52:14.0274 1652 RasSstp - ok
16:52:14.0290 1652 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
16:52:14.0290 1652 rdbss - ok
16:52:14.0290 1652 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:52:14.0306 1652 rdpbus - ok
16:52:14.0306 1652 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:52:14.0306 1652 RDPCDD - ok
16:52:14.0337 1652 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
16:52:14.0337 1652 RDPDR - ok
16:52:14.0352 1652 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:52:14.0352 1652 RDPENCDD - ok
16:52:14.0368 1652 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:52:14.0368 1652 RDPREFMP - ok
16:52:14.0430 1652 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
16:52:14.0430 1652 RDPWD - ok
16:52:14.0446 1652 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
16:52:14.0446 1652 rdyboost - ok
16:52:14.0462 1652 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:52:14.0462 1652 RemoteAccess - ok
16:52:14.0493 1652 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:52:14.0493 1652 RemoteRegistry - ok
16:52:14.0524 1652 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:52:14.0524 1652 RpcEptMapper - ok
16:52:14.0540 1652 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:52:14.0540 1652 RpcLocator - ok
16:52:14.0571 1652 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
16:52:14.0571 1652 RpcSs - ok
16:52:14.0586 1652 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:52:14.0602 1652 rspndr - ok
16:52:14.0602 1652 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
16:52:14.0602 1652 s3cap - ok
16:52:14.0664 1652 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
16:52:14.0664 1652 SamSs - ok
16:52:14.0680 1652 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
16:52:14.0680 1652 sbp2port - ok
16:52:14.0711 1652 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:52:14.0711 1652 SCardSvr - ok
16:52:14.0742 1652 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
16:52:14.0742 1652 scfilter - ok
16:52:14.0805 1652 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
16:52:14.0805 1652 Schedule - ok
16:52:14.0836 1652 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
16:52:14.0836 1652 SCPolicySvc - ok
16:52:14.0867 1652 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
16:52:14.0867 1652 SDRSVC - ok
16:52:14.0930 1652 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:52:14.0930 1652 secdrv - ok
16:52:14.0961 1652 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
16:52:14.0961 1652 seclogon - ok
16:52:14.0961 1652 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
16:52:14.0961 1652 SENS - ok
16:52:14.0976 1652 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:52:14.0976 1652 SensrSvc - ok
16:52:14.0992 1652 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:52:14.0992 1652 Serenum - ok
16:52:15.0023 1652 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:52:15.0023 1652 Serial - ok
16:52:15.0054 1652 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:52:15.0054 1652 sermouse - ok
16:52:15.0086 1652 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
16:52:15.0086 1652 SessionEnv - ok
16:52:15.0101 1652 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
16:52:15.0101 1652 sffdisk - ok
16:52:15.0117 1652 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:52:15.0117 1652 sffp_mmc - ok
16:52:15.0117 1652 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:52:15.0117 1652 sffp_sd - ok
16:52:15.0132 1652 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:52:15.0132 1652 sfloppy - ok
16:52:15.0179 1652 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:52:15.0179 1652 SharedAccess - ok
16:52:15.0210 1652 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
16:52:15.0226 1652 ShellHWDetection - ok
16:52:15.0242 1652 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:52:15.0242 1652 SiSRaid2 - ok
16:52:15.0257 1652 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:52:15.0257 1652 SiSRaid4 - ok
16:52:15.0288 1652 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:52:15.0288 1652 Smb - ok
16:52:15.0320 1652 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:52:15.0320 1652 SNMPTRAP - ok
16:52:15.0351 1652 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:52:15.0351 1652 spldr - ok
16:52:15.0398 1652 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
16:52:15.0398 1652 Spooler - ok
16:52:15.0522 1652 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
16:52:15.0538 1652 sppsvc - ok
16:52:15.0647 1652 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:52:15.0647 1652 sppuinotify - ok
16:52:15.0710 1652 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
16:52:15.0725 1652 sptd - ok
16:52:15.0756 1652 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
16:52:15.0772 1652 srv - ok
16:52:15.0788 1652 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
16:52:15.0788 1652 srv2 - ok
16:52:15.0803 1652 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
16:52:15.0803 1652 srvnet - ok
16:52:15.0850 1652 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:52:15.0850 1652 SSDPSRV - ok
16:52:15.0850 1652 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:52:15.0866 1652 SstpSvc - ok
16:52:15.0881 1652 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:52:15.0881 1652 stexstor - ok
16:52:15.0928 1652 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
16:52:15.0928 1652 StillCam - ok
16:52:15.0959 1652 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
16:52:15.0975 1652 stisvc - ok
16:52:16.0006 1652 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
16:52:16.0006 1652 storflt - ok
16:52:16.0022 1652 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
16:52:16.0037 1652 StorSvc - ok
16:52:16.0053 1652 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
16:52:16.0053 1652 storvsc - ok
16:52:16.0068 1652 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
16:52:16.0068 1652 swenum - ok
16:52:16.0084 1652 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:52:16.0084 1652 swprv - ok
16:52:16.0162 1652 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
16:52:16.0178 1652 SysMain - ok
16:52:16.0256 1652 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
16:52:16.0256 1652 TabletInputService - ok
16:52:16.0287 1652 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
16:52:16.0287 1652 TapiSrv - ok
16:52:16.0302 1652 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:52:16.0302 1652 TBS - ok
16:52:16.0427 1652 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
16:52:16.0427 1652 Tcpip - ok
16:52:16.0599 1652 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
16:52:16.0599 1652 TCPIP6 - ok
16:52:16.0708 1652 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
16:52:16.0708 1652 tcpipreg - ok
16:52:16.0724 1652 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:52:16.0724 1652 TDPIPE - ok
16:52:16.0755 1652 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
16:52:16.0755 1652 TDTCP - ok
16:52:16.0786 1652 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
16:52:16.0786 1652 tdx - ok
16:52:16.0802 1652 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
16:52:16.0802 1652 TermDD - ok
16:52:16.0833 1652 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
16:52:16.0833 1652 TermService - ok
16:52:16.0848 1652 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:52:16.0848 1652 Themes - ok
16:52:16.0880 1652 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:52:16.0880 1652 THREADORDER - ok
16:52:16.0911 1652 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:52:16.0911 1652 TrkWks - ok
16:52:16.0958 1652 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
16:52:16.0958 1652 TrustedInstaller - ok
16:52:16.0958 1652 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:52:16.0958 1652 tssecsrv - ok
16:52:16.0989 1652 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
16:52:16.0989 1652 tunnel - ok
16:52:17.0004 1652 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:52:17.0004 1652 uagp35 - ok
16:52:17.0036 1652 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
16:52:17.0036 1652 udfs - ok
16:52:17.0145 1652 ufad-ws60 (215462ae7e6a897d675e84dd1e3b3b56) C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe
16:52:17.0145 1652 ufad-ws60 - ok
16:52:17.0176 1652 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:52:17.0176 1652 UI0Detect - ok
16:52:17.0192 1652 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
16:52:17.0192 1652 uliagpkx - ok
16:52:17.0207 1652 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
16:52:17.0207 1652 umbus - ok
16:52:17.0223 1652 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:52:17.0223 1652 UmPass - ok
16:52:17.0238 1652 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
16:52:17.0238 1652 UmRdpService - ok
16:52:17.0270 1652 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:52:17.0270 1652 upnphost - ok
16:52:17.0285 1652 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
16:52:17.0285 1652 USBAAPL64 - ok
16:52:17.0332 1652 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
16:52:17.0332 1652 usbaudio - ok
16:52:17.0348 1652 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
16:52:17.0348 1652 usbccgp - ok
16:52:17.0363 1652 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
16:52:17.0363 1652 usbcir - ok
16:52:17.0379 1652 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
16:52:17.0379 1652 usbehci - ok
16:52:17.0410 1652 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
16:52:17.0410 1652 usbhub - ok
16:52:17.0426 1652 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
16:52:17.0426 1652 usbohci - ok
16:52:17.0457 1652 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:52:17.0457 1652 usbprint - ok
16:52:17.0488 1652 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:52:17.0488 1652 usbscan - ok
16:52:17.0504 1652 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:52:17.0504 1652 USBSTOR - ok
16:52:17.0519 1652 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
16:52:17.0519 1652 usbuhci - ok
16:52:17.0535 1652 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:52:17.0550 1652 UxSms - ok
16:52:17.0582 1652 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
16:52:17.0582 1652 VaultSvc - ok
16:52:17.0597 1652 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
16:52:17.0597 1652 vdrvroot - ok
16:52:17.0644 1652 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
16:52:17.0644 1652 vds - ok
16:52:17.0675 1652 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:52:17.0675 1652 vga - ok
16:52:17.0691 1652 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:52:17.0691 1652 VgaSave - ok
16:52:17.0706 1652 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
16:52:17.0706 1652 vhdmp - ok
16:52:17.0722 1652 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
16:52:17.0722 1652 viaide - ok
16:52:17.0831 1652 VMAuthdService (11dcd7a2a0b1f8532b80f5aa98f9903e) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
16:52:17.0831 1652 VMAuthdService - ok
16:52:17.0862 1652 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
16:52:17.0862 1652 vmbus - ok
16:52:17.0862 1652 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
16:52:17.0862 1652 VMBusHID - ok
16:52:17.0909 1652 vmci (4c8a14dbd410b510a88f77cb645f2c2a) C:\Windows\system32\drivers\vmci.sys
16:52:17.0909 1652 vmci - ok
16:52:17.0956 1652 vmkbd2 (ffc30caeeb2fc5fee8568cff74edeaed) C:\Windows\system32\drivers\VMkbd.sys
16:52:17.0956 1652 vmkbd2 - ok
16:52:18.0003 1652 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
16:52:18.0003 1652 VMnetAdapter - ok
16:52:18.0034 1652 VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
16:52:18.0034 1652 VMnetBridge - ok
16:52:18.0034 1652 VMnetDHCP - ok
16:52:18.0034 1652 VMnetuserif (d0b809f6a9fb437c2b880c3ca8c10780) C:\Windows\system32\drivers\vmnetuserif.sys
16:52:18.0034 1652 VMnetuserif - ok
16:52:18.0112 1652 VMUSBArbService (19368f7c4dc6ef444b826249fc8a0e30) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
16:52:18.0112 1652 VMUSBArbService - ok
16:52:18.0128 1652 VMware NAT Service - ok
16:52:18.0174 1652 vmx86 (541a6d6536710fd0602ec3aa24a81756) C:\Windows\system32\drivers\vmx86.sys
16:52:18.0174 1652 vmx86 - ok
16:52:18.0206 1652 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
16:52:18.0206 1652 volmgr - ok
16:52:18.0221 1652 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
16:52:18.0221 1652 volmgrx - ok
16:52:18.0252 1652 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
16:52:18.0252 1652 volsnap - ok
16:52:18.0268 1652 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:52:18.0268 1652 vsmraid - ok
16:52:18.0330 1652 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
16:52:18.0346 1652 VSS - ok
16:52:18.0455 1652 vstor2-ws60 (e61c910e2ddf4797c1b1f9239636e894) C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
16:52:18.0455 1652 vstor2-ws60 - ok
16:52:18.0549 1652 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:52:18.0549 1652 vwifibus - ok
16:52:18.0580 1652 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:52:18.0596 1652 W32Time - ok
16:52:18.0611 1652 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:52:18.0611 1652 WacomPen - ok
16:52:18.0642 1652 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
16:52:18.0642 1652 WANARP - ok
16:52:18.0642 1652 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
16:52:18.0642 1652 Wanarpv6 - ok
16:52:18.0720 1652 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:52:18.0736 1652 WatAdminSvc - ok
16:52:18.0830 1652 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
16:52:18.0830 1652 wbengine - ok
16:52:18.0939 1652 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:52:18.0939 1652 WbioSrvc - ok
16:52:18.0954 1652 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
16:52:18.0954 1652 wcncsvc - ok
16:52:18.0970 1652 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:52:18.0970 1652 WcsPlugInService - ok
16:52:19.0017 1652 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:52:19.0017 1652 Wd - ok
16:52:19.0048 1652 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:52:19.0048 1652 Wdf01000 - ok
16:52:19.0064 1652 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:52:19.0064 1652 WdiServiceHost - ok
16:52:19.0064 1652 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:52:19.0064 1652 WdiSystemHost - ok
16:52:19.0095 1652 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
16:52:19.0095 1652 WebClient - ok
16:52:19.0110 1652 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:52:19.0110 1652 Wecsvc - ok
16:52:19.0126 1652 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:52:19.0126 1652 wercplsupport - ok
16:52:19.0157 1652 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:52:19.0157 1652 WerSvc - ok
16:52:19.0188 1652 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:52:19.0188 1652 WfpLwf - ok
16:52:19.0220 1652 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:52:19.0220 1652 WIMMount - ok
16:52:19.0251 1652 WinDefend - ok
16:52:19.0251 1652 WinHttpAutoProxySvc - ok
16:52:19.0298 1652 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:52:19.0298 1652 Winmgmt - ok
16:52:19.0376 1652 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
16:52:19.0391 1652 WinRM - ok
16:52:19.0500 1652 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
16:52:19.0500 1652 WinUsb - ok
16:52:19.0563 1652 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:52:19.0563 1652 Wlansvc - ok
16:52:19.0734 1652 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:52:19.0734 1652 wlidsvc - ok
16:52:19.0844 1652 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:52:19.0844 1652 WmiAcpi - ok
16:52:19.0890 1652 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:52:19.0890 1652 wmiApSrv - ok
16:52:19.0937 1652 WMPNetworkSvc - ok
16:52:19.0968 1652 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:52:19.0968 1652 WPCSvc - ok
16:52:19.0984 1652 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
16:52:19.0984 1652 WPDBusEnum - ok
16:52:20.0000 1652 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:52:20.0000 1652 ws2ifsl - ok
16:52:20.0031 1652 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
16:52:20.0031 1652 wscsvc - ok
16:52:20.0062 1652 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
16:52:20.0062 1652 WSDPrintDevice - ok
16:52:20.0062 1652 WSearch - ok
16:52:20.0140 1652 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
16:52:20.0156 1652 wuauserv - ok
16:52:20.0280 1652 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
16:52:20.0280 1652 WudfPf - ok
16:52:20.0296 1652 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:52:20.0296 1652 WUDFRd - ok
16:52:20.0327 1652 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
16:52:20.0327 1652 wudfsvc - ok
16:52:20.0343 1652 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:52:20.0358 1652 WwanSvc - ok
16:52:20.0483 1652 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
16:52:20.0483 1652 xnacc - ok
16:52:20.0514 1652 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:52:20.0530 1652 \Device\Harddisk0\DR0 - ok
16:52:20.0546 1652 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
16:52:20.0546 1652 \Device\Harddisk1\DR1 - ok
16:52:20.0546 1652 Boot (0x1200) (91da301e3d7a4c2018aae6083f84e7be) \Device\Harddisk0\DR0\Partition0
16:52:20.0546 1652 \Device\Harddisk0\DR0\Partition0 - ok
16:52:20.0561 1652 Boot (0x1200) (553c395b6e30479b971da8fe80267c7f) \Device\Harddisk1\DR1\Partition0
16:52:20.0561 1652 \Device\Harddisk1\DR1\Partition0 - ok
16:52:20.0561 1652 ============================================================
16:52:20.0561 1652 Scan finished
16:52:20.0561 1652 ============================================================
16:52:20.0561 0980 Detected object count: 0
16:52:20.0561 0980 Actual detected object count: 0

aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-06 16:55:39
-----------------------------
16:55:39.368 OS Version: Windows x64 6.1.7600
16:55:39.368 Number of processors: 2 586 0x170A
16:55:39.368 ComputerName: PETOW-PC UserName: petow
16:55:39.820 Initialize success
16:55:40.897 AVAST engine defs: 12050201
16:56:01.863 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:56:01.863 Disk 0 Vendor: IC35L060AVVA07-0 VA3OA52A Size: 58644MB BusType: 3
16:56:01.863 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-7
16:56:01.863 Disk 1 Vendor: ST3500320AS SD1A Size: 476940MB BusType: 3
16:56:01.879 Disk 0 MBR read successfully
16:56:01.879 Disk 0 MBR scan
16:56:02.362 Disk 0 Windows 7 default MBR code
16:56:02.362 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 58635 MB offset 63
16:56:03.220 Disk 0 scanning C:\Windows\system32\drivers
16:56:18.415 Service scanning
16:57:00.660 Modules scanning
16:57:00.660 Disk 0 trace - called modules:
16:57:00.675 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
16:57:01.175 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048ce060]
16:57:01.175 3 CLASSPNP.SYS[fffff8800188d43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80043f7060]
16:57:01.331 AVAST engine scan C:\Windows
16:57:03.624 AVAST engine scan C:\Windows\system32
16:59:14.243 AVAST engine scan C:\Windows\system32\drivers
16:59:22.402 AVAST engine scan C:\Users\petow
17:02:28.588 AVAST engine scan C:\ProgramData
17:03:23.609 Scan finished successfully
17:59:59.644 Disk 0 MBR has been saved successfully to "C:\Users\petow\Desktop\MBR.dat"
17:59:59.644 The log file has been saved successfully to "C:\Users\petow\Desktop\aswMBR.txt

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:19 AM

Posted 06 May 2012 - 09:43 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\users\petow\AppData\Local\Ilivid Player
c:\program files (x86)\Searchqu Toolbar
c:\progra~2\SEARCH~1

DDS::
uStart Page = hxxp://www.searchnu.com/406

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:19 AM

Posted 08 May 2012 - 11:48 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 petow

petow
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 11 May 2012 - 05:57 AM

Just been real busy lately. The searchnu problem seems to be fixed. Heres the log report and thanks again.

ComboFix 12-05-11.02 - petow 05/11/2012 6:48.2.2 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4095.3043 [GMT -4:00]
Running from: c:\users\petow\Desktop\ComboFix.exe
Command switches used :: c:\users\petow\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~2\SEARCH~1
c:\progra~2\SEARCH~1\Datamngr\BrowserConnection.dll
c:\progra~2\SEARCH~1\Datamngr\datamngr.dll
c:\progra~2\SEARCH~1\Datamngr\datamngrUI.exe
c:\progra~2\SEARCH~1\Datamngr\DnsBHO.dll
c:\progra~2\SEARCH~1\Datamngr\FirefoxExtension\chrome.manifest
c:\progra~2\SEARCH~1\Datamngr\FirefoxExtension\chrome.manifest.alt
c:\progra~2\SEARCH~1\Datamngr\FirefoxExtension\components\DataMngrHlp.dll
c:\progra~2\SEARCH~1\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt
c:\progra~2\SEARCH~1\Datamngr\FirefoxExtension\components\DataMngrHlpFF10.dll
c:\progra~2\SEARCH~1\Datamngr\FirefoxExtension\components\DataMngrHlpFF11.dll
c:\progra~2\SEARCH~1\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll
c:\progra~2\SEARCH~1\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll
c:\progra~2\SEARCH~1\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll
c:\progra~2\SEARCH~1\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll
c:\progra~2\SEARCH~1\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll
c:\progra~2\SEARCH~1\Datamngr\FirefoxExtension\components\DataMngrHlpFF8.dll
c:\progra~2\SEARCH~1\Datamngr\FirefoxExtension\components\DataMngrHlpFF9.dll
c:\progra~2\SEARCH~1\Datamngr\FirefoxExtension\content\DataMngr.js
c:\progra~2\SEARCH~1\Datamngr\FirefoxExtension\content\DnsBHO.js
c:\progra~2\SEARCH~1\Datamngr\FirefoxExtension\content\Error404BHO.js
c:\progra~2\SEARCH~1\Datamngr\FirefoxExtension\content\NewTabBHO.js
c:\progra~2\SEARCH~1\Datamngr\FirefoxExtension\content\overlay.js
c:\progra~2\SEARCH~1\Datamngr\FirefoxExtension\content\overlay.xul
c:\progra~2\SEARCH~1\Datamngr\FirefoxExtension\content\RelatedSearch.js
c:\progra~2\SEARCH~1\Datamngr\FirefoxExtension\content\SearchBHO.js
c:\progra~2\SEARCH~1\Datamngr\FirefoxExtension\content\SessionRestore.js
c:\progra~2\SEARCH~1\Datamngr\FirefoxExtension\content\SettingManager.js
c:\progra~2\SEARCH~1\Datamngr\FirefoxExtension\content\Settings.xml
c:\progra~2\SEARCH~1\Datamngr\FirefoxExtension\content\Settings.xml.alt
c:\progra~2\SEARCH~1\Datamngr\FirefoxExtension\install.rdf
c:\progra~2\SEARCH~1\Datamngr\FirefoxExtension\install.rdf.alt
c:\progra~2\SEARCH~1\Datamngr\IEBHO.dll
c:\progra~2\SEARCH~1\Datamngr\ToolBar\as_guid.dat
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\bandoocode.js
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\data\search\engines.xml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\data\search\search.xsl
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\about.xml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\bandoocode.js
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\external.js
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\vmncode.js
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\modules\datastore.jsm
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\neterror.xhtml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\partner.coupons.xml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\preferences.xml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\radiobeta.js
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\template.xml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\toolbar.htm
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\toolbar.xul
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\vmncode.js
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\vmnrsswin.xml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\babylon_logo.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\bandoo.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\bluelite.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\bluesky.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn-search-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn-search.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn-settings-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn-settings.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn-widgets.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn_settings.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\ca.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\dictionary.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\divider.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\downloadcom.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\dtxlogo.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\ebay.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\email.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\email_on.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\facebook.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\games.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred0.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred0_5.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred1.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred1_5.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred2.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred2_5.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred3.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred3_5.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred4.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred4_5.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred5.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphredna.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\grey.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\ico-shield.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\icon_amazon.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\icon_games.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\icon_radio_png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\icon_seperator_png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\icon_twitter.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\icon_youtube.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\images.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\imesh.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\add.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\aol.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\blank.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\checkmark.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\chevron.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\collapse.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\comcast.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\dtx.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\edit-back.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\expand.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\found.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\gmail.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\highlight.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\hotmail.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\ico-check.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\imap.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\lock.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\mailcom.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\modify.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\move.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\movetarget.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\pop.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\reload.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\remove.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\rename.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\rss.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\search-go.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\search.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\throbber.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\yahoo.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lichen.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\logo-about.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\logo-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\logo-separator.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\logo.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\mail.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\maps.bmp
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\modify-save.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\modify.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\modifyhot.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\music.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\news.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\options\options-main.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\options\options-search.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\options\options-weather.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\options\options-weather.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\options\options-widgets.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\orange.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\pixsy.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\protect-id.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\radiobeta.ico
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\relatedlinks.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-collapse.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-delete.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-expand.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-feed.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-folder.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-found.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-reload.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-subscribe.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rssback.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rsstopback.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\search-over.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\search.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\search_button_over_png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\search_button_png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\settings.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\shopping.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\siteinfo.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin-bluelite.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin-bluesky.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin-grey.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin-lichen.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin-orange.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin-yellow.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin.xml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\technorati.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\throbber.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\translate.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\video.bmp
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\vmn.css
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\vmn.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\weather.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\web.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\wikipedia.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\yahoosearch.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\yellow.gif
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\youtube.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\zoom.png
c:\progra~2\SEARCH~1\Datamngr\ToolBar\components\windowmediator.js
c:\progra~2\SEARCH~1\Datamngr\ToolBar\dtUser.exe
c:\progra~2\SEARCH~1\Datamngr\ToolBar\manifest.xml
c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchquband.dll
c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
c:\progra~2\SEARCH~1\Datamngr\ToolBar\uninstall.exe
c:\progra~2\SEARCH~1\Datamngr\x64\BrowserConnection.dll
c:\progra~2\SEARCH~1\Datamngr\x64\datamngr.dll
c:\progra~2\SEARCH~1\Datamngr\x64\datamngrUI.exe
c:\progra~2\SEARCH~1\Datamngr\x64\DnsBHO.dll
c:\progra~2\SEARCH~1\Datamngr\x64\IEBHO.dll
c:\progra~2\SEARCH~1\sysid.ini
c:\progra~2\SEARCH~1\uninstall.exe
c:\program files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe
c:\program files (x86)\Searchqu Toolbar\Datamngr\DnsBHO.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest
c:\program files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest.alt
c:\program files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt
c:\program files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF10.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF11.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF8.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF9.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\DataMngr.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\DnsBHO.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\Error404BHO.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\NewTabBHO.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.xul
c:\program files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\RelatedSearch.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\SearchBHO.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\SessionRestore.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\SettingManager.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\Settings.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\content\Settings.xml.alt
c:\program files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\install.rdf
c:\program files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\install.rdf.alt
c:\program files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\as_guid.dat
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\template.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ca.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\divider.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\games.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_amazon.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_games.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\images.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search-go.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\mail.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\music.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\news.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\settings.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\translate.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\weather.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\web.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\components\windowmediator.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\manifest.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\uninstall.exe
c:\program files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\x64\datamngrUI.exe
c:\program files (x86)\Searchqu Toolbar\Datamngr\x64\DnsBHO.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll
c:\program files (x86)\Searchqu Toolbar\sysid.ini
c:\program files (x86)\Searchqu Toolbar\uninstall.exe
c:\users\petow\AppData\Local\Ilivid Player
c:\users\petow\AppData\Local\Ilivid Player\script.qscript
.
.
((((((((((((((((((((((((( Files Created from 2012-04-11 to 2012-05-11 )))))))))))))))))))))))))))))))
.
.
2012-05-03 06:58 . 2012-05-06 09:37 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0AAD36E9-6D69-41E5-BD24-FD921DE86E0B}\offreg.dll
2012-05-01 08:37 . 2012-04-18 07:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0AAD36E9-6D69-41E5-BD24-FD921DE86E0B}\mpengine.dll
2012-04-28 03:36 . 2012-04-28 03:36 -------- d-----w- c:\programdata\boost_interprocess
2012-04-12 07:04 . 2012-02-28 01:11 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-04-12 07:04 . 2012-02-28 06:49 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-04-12 07:04 . 2012-02-28 01:13 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-04-12 07:04 . 2012-02-28 06:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-04-12 07:00 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 07:00 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 07:00 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 07:00 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 07:00 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 07:00 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 07:00 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 19:56 . 2011-08-24 16:00 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-23 14:18 . 2010-03-04 01:22 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-23 08:03 . 2012-02-23 08:03 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-23 08:03 . 2012-02-23 08:03 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-23 08:03 . 2012-02-23 08:03 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-23 08:03 . 2012-02-23 08:03 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-23 08:03 . 2012-02-23 08:03 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-23 08:03 . 2012-02-23 08:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-23 08:03 . 2012-02-23 08:03 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-23 08:03 . 2012-02-23 08:03 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-23 08:03 . 2012-02-23 08:03 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-23 08:03 . 2012-02-23 08:03 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-23 08:03 . 2012-02-23 08:03 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-23 08:03 . 2012-02-23 08:03 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-23 08:03 . 2012-02-23 08:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-23 08:03 . 2012-02-23 08:03 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-23 08:03 . 2012-02-23 08:03 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-23 08:03 . 2012-02-23 08:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-23 08:03 . 2012-02-23 08:03 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-23 08:03 . 2012-02-23 08:03 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-23 08:03 . 2012-02-23 08:03 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-23 08:03 . 2012-02-23 08:03 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-23 08:03 . 2012-02-23 08:03 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-23 08:03 . 2012-02-23 08:03 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-23 08:03 . 2012-02-23 08:03 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-23 08:03 . 2012-02-23 08:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-23 08:03 . 2012-02-23 08:03 448512 ----a-w- c:\windows\system32\html.iec
2012-02-23 08:03 . 2012-02-23 08:03 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-23 08:03 . 2012-02-23 08:03 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-23 08:03 . 2012-02-23 08:03 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-23 08:03 . 2012-02-23 08:03 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-23 08:03 . 2012-02-23 08:03 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-23 08:03 . 2012-02-23 08:03 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-23 08:03 . 2012-02-23 08:03 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-23 08:03 . 2012-02-23 08:03 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-23 08:03 . 2012-02-23 08:03 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-23 08:01 . 2012-02-23 08:01 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-02-23 08:01 . 2012-02-23 08:01 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2012-02-23 08:01 . 2012-02-23 08:01 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-02-23 08:01 . 2012-02-23 08:01 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-02-23 08:01 . 2012-02-23 08:01 4068864 ----a-w- c:\windows\system32\mf.dll
2012-02-23 08:01 . 2012-02-23 08:01 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2012-02-23 08:01 . 2012-02-23 08:01 283648 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-02-23 08:01 . 2012-02-23 08:01 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-02-23 08:01 . 2012-02-23 08:01 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-02-23 08:01 . 2012-02-23 08:01 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-02-23 08:01 . 2012-02-23 08:01 206848 ----a-w- c:\windows\system32\mfps.dll
2012-02-23 08:01 . 2012-02-23 08:01 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2012-02-23 08:01 . 2012-02-23 08:01 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2012-02-23 08:01 . 2012-02-23 08:01 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2012-02-23 08:01 . 2012-02-23 08:01 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2012-02-23 08:01 . 2012-02-23 08:01 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2012-02-23 08:01 . 2012-02-23 08:01 144384 ----a-w- c:\windows\system32\cdd.dll
2012-02-23 08:01 . 2012-02-23 08:01 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2012-02-23 08:01 . 2012-02-23 08:01 1133568 ----a-w- c:\windows\system32\FntCache.dll
2012-02-15 06:27 . 2012-03-14 11:34 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 05:44 . 2012-03-14 11:34 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-15 04:47 . 2012-03-14 11:34 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:46 . 2012-03-14 11:34 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-02-15 03:21 . 2012-02-15 03:21 25839104 ----a-w- c:\windows\system32\atio6axx.dll
2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-02-15 03:18 . 2012-02-15 03:18 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-02-15 03:17 . 2011-05-25 03:06 957952 ----a-w- c:\windows\system32\aticfx64.dll
2012-02-15 03:13 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-02-15 03:07 . 2011-12-06 03:06 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-02-15 02:52 . 2011-05-25 02:49 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-02-15 02:40 . 2012-02-15 02:40 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-02-15 02:34 . 2012-02-15 02:34 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll
2012-02-15 02:29 . 2012-02-15 02:29 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-02-15 02:25 . 2012-02-15 02:25 7551488 ----a-w- c:\windows\system32\atiumd64.dll
2012-02-15 02:16 . 2010-02-03 03:23 58880 ----a-w- c:\windows\system32\coinst.dll
2012-02-15 02:14 . 2012-02-15 02:14 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-02-15 02:13 . 2012-02-15 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-02-15 02:12 . 2010-02-03 03:23 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-02-15 02:12 . 2011-12-06 02:11 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-02-15 02:12 . 2012-02-15 02:12 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-02-15 02:12 . 2012-02-15 02:12 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="d:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2011-03-26 64112]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 aswSP;aswSP; [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
R2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2009-06-23 127352]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-10 136176]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-26 539248]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-10 136176]
R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 97873412
*NewlyCreated* - ASWMBR
*Deregistered* - 97873412
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-10 19:54]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-10 19:54]
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\petow\AppData\Roaming\Mozilla\Firefox\Profiles\d9h94kc4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&sr=0&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-DATAMNGR - c:\progra~2\SEARCH~1\Datamngr\DATAMN~1.EXE
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Searchqu Toolbar - c:\program files (x86)\Searchqu Toolbar\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-11 06:53:44
ComboFix-quarantined-files.txt 2012-05-11 10:53
ComboFix2.txt 2012-05-06 14:41
.
Pre-Run: 12,024,115,200 bytes free
Post-Run: 11,967,483,904 bytes free
.
- - End Of File - - 8F645658A7F45B21FF40D2F6CA28E270

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:19 AM

Posted 11 May 2012 - 07:32 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Adobe Reader 9.4.0
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 petow

petow
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 12 May 2012 - 10:22 AM

Here are the logs from malwarebytes and hijackthis. Everything went fine and the computer seems to be working fine.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.12.05

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
petow :: PETOW-PC [administrator]

5/12/2012 11:12:31 AM
mbam-log-2012-05-12 (11-12-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243032
Time elapsed: 3 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:19:37 AM, on 5/12/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe -update plugin
O4 - Global Startup: AML Device Install.lnk = C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9568 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:19 AM

Posted 12 May 2012 - 08:51 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
      O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe -update plugin
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:19 AM

Posted 15 May 2012 - 05:03 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:19 AM

Posted 17 May 2012 - 11:56 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:19 AM

Posted 20 May 2012 - 11:28 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users