Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engine Redirect. MBAM & MSE Find Nothing


  • This topic is locked This topic is locked
18 replies to this topic

#1 PlutoISaPlanet

PlutoISaPlanet

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 30 July 2012 - 03:59 PM

Hi, I can't seem to shake this thing. I removed some things initially with MBAM to no avail so I went to combofix, as this isn't my first rodeo, before coming here. Any help would be appreciated.

DDS Log:
Attached File  attach.txt   18.8KB   2 downloads

GMER:
Attached File  GMER Log.txt   198.45KB   4 downloads

ComboFix:
Attached File  ComboFix.txt   22.77KB   7 downloads

BC AdBot (Login to Remove)

 


#2 PlutoISaPlanet

PlutoISaPlanet
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 30 July 2012 - 07:11 PM

DDS Log Pasted for your viewing pleasure:


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/28/2011 1:19:58 PM
System Uptime: 7/29/2012 3:27:18 PM (0 hours ago)
.
Motherboard: LENOVO | | 2714CTO
Processor: Intel Pentium III Xeon processor | None | 789/266mhz
.
==== Disk Partitions =========================
.
.
==== Installed Programs ======================
.
.
32 Bit HP CIO Components Installer
7-zip v9.20
Access Help
Acrobat.com
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.0)
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Service Activation
AutoCAD LT 2011 - English
AutoCAD LT 2011 Language Pack - English
Autodesk Material Library 2011
Bonjour
Camera Center
Classic Menu for Office
Client Security - Password Manager
Conexant HD Audio
DAEMON Tools Lite
Defraggler
Dell Color Printer 725
Drag-to-Disc
Dropbox
GOM Player
Google Apps Migration For Microsoft Outlook® 2.3.12.34
Google Apps Migration For Microsoft® Exchange 2.2.756.1127
Google Apps Sync™ for Microsoft Outlook® 3.1.94.203
Google Chrome
Google Earth
Google Update Helper
GoToMeeting 5.2.0.952
Help Center
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970685)
HP LaserJet M5035 MFP PCL 5,HP LaserJet M5025 MFP PCL 5 [HP LaserJet M5035 MFP PCL 5]
Hulu Desktop
iLivid
Integrated Camera
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Interface
Intel® Trusted Platform Module
InterVideo Register Manager
InterVideo WinDVD
iTunes
Java Auto Updater
Java™ 6 Update 31
K-Lite Codec Pack 7.5.0 (Full)
Lenovo Fingerprint Software
Lenovo System Interface Driver
Lenovo System Toolbox
Malwarebytes Anti-Malware version 1.62.0.1300
Mathcad 14.0 M020
Mathcad 14.0 M020 Help
Mathcad 14.0 M020 Resource Center
Message Center
Message Center Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Mobile Broadband Connect
MobileMe Control Panel
Mozilla Firefox 8.0.1 (x86 en-US)
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB925673)
Océ WPD
ODF Add-in for Microsoft Office
On Screen Display
POP and IMAP Troubleshooter
Presentation Director
Productivity Center Supplement for ThinkPad
QuickBooks
QuickBooks Premier: Professional Services Edition 2011
QuickTime
Recuva
Rescue and Recovery
Revo Uninstaller 1.92
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
RICOH R5U230 Media Driver ver.2.02.02.01
RISA-3D 8.1 Network
Safari
Searchqu Toolbar
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Skype™ 5.10
Sonic Icons for Lenovo
System Update
TeraCopy 2.2
ThinkPad 11a/b/g/n Wireless LAN Mini-PCI Express Adapter
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Modem Adapter
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Productivity Center
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verizon Wireless Mobile Broadband Self Activation
Video Download Converter version 1.0.0.0
VLC media player 1.1.11
VNC Free Edition 4.1.3
Wallpapers
WebFldrs XP
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (10/02/2008 8.1.2.37)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows Presentation Foundation
Windows Search 4.0
XML Paper Specification Shared Components Pack 1.0
XP Themes
.
==== Event Viewer Messages From Past Week ========
.
7/29/2012 3:38:16 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.901.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80072efd Error description: A connection with the server could not be established
7/29/2012 2:29:30 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.901.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80072efd Error description: A connection with the server could not be established
7/29/2012 2:15:09 PM, error: Dhcp [1002] - The IP address lease 192.168.2.5 for the Network Card with network address 00234EE1AA8E has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
7/24/2012 8:32:42 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Spooler service.
7/24/2012 8:32:06 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
7/24/2012 7:26:07 PM, error: Service Control Manager [7023] - The Task Scheduler service terminated with the following error: The process cannot access the file because it is being used by another process.
7/23/2012 9:15:15 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Microsoft Antimalware Service service, but this action failed with the following error: An instance of the service is already running.
7/23/2012 9:15:00 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
7/23/2012 9:14:49 PM, error: Microsoft Antimalware [5008] - Microsoft Antimalware engine has been terminated due to an unexpected error. Failure Type: Crash Exception code: 0xc0000005 Resource: file:C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
7/23/2012 8:51:58 AM, error: Dhcp [1002] - The IP address lease 192.168.2.5 for the Network Card with network address 00234EE1AA8E has been denied by the DHCP server 192.168.10.10 (The DHCP Server sent a DHCPNACK message).
7/23/2012 7:54:20 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer RST_SILVANA_NB that believes that it is the master browser for the domain on transport NetBT_Tcpip_{90556276-0751. The master browser is stopping or an election is being forced.
7/23/2012 7:44:34 AM, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
7/23/2012 7:26:15 AM, error: Print [33] - The PrintQueue Container could not be found because the DNS Domain name could not be retrieved. Error: 54b
7/23/2012 7:26:02 AM, error: Service Control Manager [7023] - The Lenovo Microphone Mute service terminated with the following error: The system cannot find the file specified.
7/23/2012 7:25:00 AM, error: NETLOGON [5719] - No Domain Controller is available for domain DOMAIN due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
7/23/2012 7:01:27 PM, error: Dhcp [1002] - The IP address lease 192.168.10.109 for the Network Card with network address 00234EE1AA8E has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
7/22/2012 6:46:42 PM, error: NetBT [4321] - The name "DOMAIN :1d" could not be registered on the Interface with IP address 192.168.2.5. The machine with the IP address 192.168.2.7 did not allow the name to be claimed by this machine.
.
==== End Of File ===========================

#3 PlutoISaPlanet

PlutoISaPlanet
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 01 August 2012 - 11:53 AM

I can't paste the GMER log because it says it's too long. Is it OK that it's just attached?

#4 PlutoISaPlanet

PlutoISaPlanet
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 01 August 2012 - 02:28 PM

I'm not sure the GMER scan completed the first time. Here it is again: Attached File  GMER.log   242.21KB   1 downloads

#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:23 AM

Posted 04 August 2012 - 04:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/463138 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:23 AM

Posted 04 August 2012 - 05:55 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.



tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 PlutoISaPlanet

PlutoISaPlanet
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 04 August 2012 - 06:50 PM

16:35:09.0892 4764 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
16:35:10.0282 4764 ============================================================
16:35:10.0282 4764 Current date / time: 2012/08/04 16:35:10.0282
16:35:10.0298 4764 SystemInfo:
16:35:10.0298 4764
16:35:10.0298 4764 OS Version: 5.1.2600 ServicePack: 3.0
16:35:10.0298 4764 Product type: Workstation
16:35:10.0829 4764 ComputerName: USER_R500
16:35:10.0829 4764 UserName: USER
16:35:10.0845 4764 Windows directory: C:\WINDOWS
16:35:10.0845 4764 System windows directory: C:\WINDOWS
16:35:10.0845 4764 Processor architecture: Intel x86
16:35:10.0845 4764 Number of processors: 2
16:35:10.0845 4764 Page size: 0x1000
16:35:10.0845 4764 Boot type: Normal boot
16:35:10.0845 4764 ============================================================
16:37:18.0491 4764 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
16:37:18.0522 4764 ============================================================
16:37:18.0522 4764 \Device\Harddisk0\DR0:
16:37:18.0537 4764 MBR partitions:
16:37:18.0537 4764 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x39767BD1
16:37:18.0537 4764 ============================================================
16:37:18.0631 4764 C: <-> \Device\Harddisk0\DR0\Partition0
16:37:18.0631 4764 ============================================================
16:37:18.0631 4764 Initialize success
16:37:18.0631 4764 ============================================================
16:41:38.0715 4456 ============================================================
16:41:38.0715 4456 Scan started
16:41:38.0715 4456 Mode: Manual;
16:41:38.0715 4456 ============================================================
16:41:45.0465 4456 Abiosdsk - ok
16:41:45.0512 4456 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:41:45.0528 4456 abp480n5 - ok
16:41:45.0559 4456 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:41:45.0559 4456 ACPI - ok
16:41:45.0575 4456 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:41:45.0575 4456 ACPIEC - ok
16:41:45.0731 4456 AcPrfMgrSvc (5bae4419ce3b9b0f6edd29ecb5e43864) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
16:41:45.0731 4456 AcPrfMgrSvc - ok
16:41:45.0825 4456 acs (5e0e99095dcb32d2b62e3d7e95f03042) C:\WINDOWS\system32\acs.exe
16:41:45.0840 4456 acs - ok
16:41:46.0059 4456 AcSvc (efb98baeb7f3aaa1e1f5af304290cbde) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
16:41:46.0059 4456 AcSvc - ok
16:42:18.0903 4456 ADMonitor (fb0be3b9ebc6219270e7e507582cf0ff) C:\WINDOWS\system32\ADMonitor.exe
16:42:19.0794 4456 ADMonitor - ok
16:42:20.0357 4456 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:42:20.0357 4456 adpu160m - ok
16:42:20.0513 4456 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:42:20.0528 4456 aec - ok
16:42:20.0591 4456 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:42:20.0591 4456 AFD - ok
16:42:20.0638 4456 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
16:42:20.0638 4456 agp440 - ok
16:42:20.0653 4456 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:42:20.0653 4456 agpCPQ - ok
16:42:20.0653 4456 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:42:20.0653 4456 Aha154x - ok
16:42:20.0669 4456 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:42:20.0669 4456 aic78u2 - ok
16:42:20.0669 4456 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:42:20.0685 4456 aic78xx - ok
16:42:20.0700 4456 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
16:42:20.0700 4456 Alerter - ok
16:42:20.0747 4456 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
16:42:20.0747 4456 ALG - ok
16:42:20.0778 4456 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
16:42:20.0778 4456 AliIde - ok
16:42:20.0810 4456 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:42:20.0810 4456 alim1541 - ok
16:42:20.0825 4456 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:42:20.0825 4456 amdagp - ok
16:42:20.0857 4456 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
16:42:20.0857 4456 amsint - ok
16:42:20.0903 4456 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
16:42:20.0935 4456 ANC - ok
16:42:20.0997 4456 ApfiltrService (14660206dc539db62f37b4a75a984578) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
16:42:20.0997 4456 ApfiltrService - ok
16:42:21.0107 4456 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:42:21.0107 4456 Apple Mobile Device - ok
16:42:21.0153 4456 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
16:42:21.0153 4456 AppMgmt - ok
16:42:21.0372 4456 AR5416 (7d53e5646ba23fd51296f7ef8979a000) C:\WINDOWS\system32\DRIVERS\athw.sys
16:42:21.0403 4456 AR5416 - ok
16:42:21.0638 4456 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:42:21.0638 4456 Arp1394 - ok
16:42:21.0700 4456 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
16:42:21.0700 4456 asc - ok
16:42:21.0732 4456 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:42:21.0732 4456 asc3350p - ok
16:42:21.0732 4456 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:42:21.0732 4456 asc3550 - ok
16:42:21.0872 4456 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:42:21.0919 4456 aspnet_state - ok
16:42:21.0935 4456 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:42:21.0935 4456 AsyncMac - ok
16:42:22.0013 4456 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:42:22.0013 4456 atapi - ok
16:42:22.0013 4456 Atdisk - ok
16:42:22.0028 4456 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:42:22.0028 4456 Atmarpc - ok
16:42:22.0403 4456 ATService (6a0f37bc6e960e4baa47048d6d877d3c) C:\WINDOWS\system32\AtService.exe
16:42:22.0778 4456 ATService - ok
16:42:23.0185 4456 ATSwpWDF (40e3212da94acf9e120c30acebc6ea80) C:\WINDOWS\system32\Drivers\ATSwpWDF.sys
16:42:23.0185 4456 ATSwpWDF - ok
16:42:23.0247 4456 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
16:42:23.0247 4456 AudioSrv - ok
16:42:23.0310 4456 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:42:23.0310 4456 audstub - ok
16:42:23.0388 4456 b57w2k (a9d0f6efc61d1ff69b55c495f85dd868) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
16:42:23.0388 4456 b57w2k - ok
16:42:23.0419 4456 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:42:23.0419 4456 Beep - ok
16:42:23.0497 4456 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
16:42:23.0513 4456 BITS - ok
16:42:23.0638 4456 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
16:42:23.0653 4456 Bonjour Service - ok
16:42:23.0716 4456 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
16:42:23.0716 4456 Browser - ok
16:42:23.0716 4456 catchme - ok
16:42:23.0747 4456 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:42:23.0763 4456 cbidf - ok
16:42:23.0763 4456 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:42:23.0763 4456 cbidf2k - ok
16:42:23.0778 4456 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:42:23.0794 4456 CCDECODE - ok
16:42:23.0810 4456 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:42:23.0810 4456 cd20xrnt - ok
16:42:23.0841 4456 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:42:23.0857 4456 Cdaudio - ok
16:42:23.0872 4456 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:42:23.0872 4456 Cdfs - ok
16:42:23.0888 4456 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:42:23.0903 4456 Cdrom - ok
16:42:23.0903 4456 Changer - ok
16:42:23.0966 4456 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
16:42:23.0966 4456 CiSvc - ok
16:42:23.0982 4456 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
16:42:23.0982 4456 ClipSrv - ok
16:42:24.0247 4456 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:42:24.0278 4456 clr_optimization_v2.0.50727_32 - ok
16:42:24.0341 4456 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:42:24.0341 4456 CmBatt - ok
16:42:24.0403 4456 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:42:24.0403 4456 CmdIde - ok
16:42:24.0560 4456 CnxtHdAudService (d93f3d5a627306b869e83ed035626992) C:\WINDOWS\system32\drivers\CHDAU32.sys
16:42:24.0575 4456 CnxtHdAudService - ok
16:42:24.0607 4456 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:42:24.0607 4456 Compbatt - ok
16:42:24.0622 4456 COMSysApp - ok
16:42:24.0700 4456 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:42:24.0700 4456 Cpqarray - ok
16:42:24.0778 4456 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
16:42:24.0778 4456 CryptSvc - ok
16:42:24.0825 4456 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:42:24.0825 4456 dac2w2k - ok
16:42:24.0841 4456 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:42:24.0841 4456 dac960nt - ok
16:42:24.0919 4456 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
16:42:24.0935 4456 DcomLaunch - ok
16:42:24.0982 4456 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
16:42:24.0982 4456 Dhcp - ok
16:42:25.0044 4456 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:42:25.0044 4456 Disk - ok
16:42:25.0107 4456 DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
16:42:25.0107 4456 DLABMFSM - ok
16:42:25.0107 4456 DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
16:42:25.0107 4456 DLABOIOM - ok
16:42:25.0122 4456 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
16:42:25.0122 4456 DLACDBHM - ok
16:42:25.0138 4456 DLADResM (93d03238cc3f0ee3c0b3985d110ec575) C:\WINDOWS\system32\DLA\DLADResM.SYS
16:42:25.0138 4456 DLADResM - ok
16:42:25.0153 4456 DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
16:42:25.0153 4456 DLAIFS_M - ok
16:42:25.0153 4456 DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
16:42:25.0153 4456 DLAOPIOM - ok
16:42:25.0169 4456 DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
16:42:25.0169 4456 DLAPoolM - ok
16:42:25.0185 4456 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
16:42:25.0185 4456 DLARTL_M - ok
16:42:25.0216 4456 DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
16:42:25.0216 4456 DLAUDFAM - ok
16:42:25.0232 4456 DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
16:42:25.0232 4456 DLAUDF_M - ok
16:42:25.0232 4456 dlcf_device - ok
16:42:25.0232 4456 dmadmin - ok
16:42:25.0341 4456 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:42:25.0357 4456 dmboot - ok
16:42:25.0388 4456 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:42:25.0388 4456 dmio - ok
16:42:25.0403 4456 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:42:25.0403 4456 dmload - ok
16:42:25.0419 4456 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
16:42:25.0435 4456 dmserver - ok
16:42:25.0482 4456 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:42:25.0482 4456 DMusic - ok
16:42:25.0544 4456 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
16:42:25.0544 4456 Dnscache - ok
16:42:25.0591 4456 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
16:42:25.0591 4456 Dot3svc - ok
16:42:25.0622 4456 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:42:25.0622 4456 dpti2o - ok
16:42:25.0653 4456 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:42:25.0653 4456 drmkaud - ok
16:42:25.0716 4456 DRVMCDB (83106585494d5eb96f59187200c144bd) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
16:42:25.0716 4456 DRVMCDB - ok
16:42:25.0732 4456 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
16:42:25.0732 4456 DRVNDDM - ok
16:42:25.0794 4456 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
16:42:25.0794 4456 dtsoftbus01 - ok
16:42:25.0872 4456 dtsvc (13f36b3cb0f73ad0a0b89a6afec97954) C:\WINDOWS\system32\DTS.exe
16:42:25.0982 4456 dtsvc - ok
16:42:26.0028 4456 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
16:42:26.0028 4456 EapHost - ok
16:42:26.0060 4456 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
16:42:26.0060 4456 ERSvc - ok
16:42:26.0107 4456 Eventlog (020ceaaedc8eb655b6506b8c70d53bb6) C:\WINDOWS\system32\services.exe
16:42:26.0107 4456 Eventlog - ok
16:42:26.0185 4456 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
16:42:26.0185 4456 EventSystem - ok
16:42:26.0247 4456 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:42:26.0263 4456 Fastfat - ok
16:42:26.0341 4456 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:42:26.0341 4456 FastUserSwitchingCompatibility - ok
16:42:26.0372 4456 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:42:26.0372 4456 Fdc - ok
16:42:26.0450 4456 FingerprintServer (d28b93001f499f102fffc6e73b4434a3) C:\WINDOWS\system32\FpLogonServ.exe
16:42:26.0591 4456 FingerprintServer - ok
16:42:26.0607 4456 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:42:26.0607 4456 Fips - ok
16:42:26.0778 4456 FLEXnet Licensing Service (d60ef46dc0e757fe5eb579db95b88954) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:42:26.0794 4456 FLEXnet Licensing Service - ok
16:42:26.0810 4456 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:42:26.0810 4456 Flpydisk - ok
16:42:26.0841 4456 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:42:26.0841 4456 FltMgr - ok
16:42:26.0966 4456 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:42:26.0966 4456 FontCache3.0.0.0 - ok
16:42:26.0997 4456 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:42:26.0997 4456 Fs_Rec - ok
16:42:27.0060 4456 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:42:27.0060 4456 Ftdisk - ok
16:42:27.0122 4456 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:42:27.0122 4456 GEARAspiWDM - ok
16:42:27.0153 4456 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:42:27.0153 4456 Gpc - ok
16:42:27.0294 4456 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
16:42:27.0294 4456 gupdate - ok
16:42:27.0310 4456 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
16:42:27.0310 4456 gupdatem - ok
16:42:27.0419 4456 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:42:27.0419 4456 HDAudBus - ok
16:42:27.0450 4456 HECI (2df64415a28ce036ac6acec7645a996f) C:\WINDOWS\system32\DRIVERS\HECI.sys
16:42:27.0450 4456 HECI - ok
16:42:27.0544 4456 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:42:27.0544 4456 helpsvc - ok
16:42:27.0575 4456 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
16:42:27.0575 4456 HidServ - ok
16:42:27.0591 4456 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:42:27.0607 4456 HidUsb - ok
16:42:27.0638 4456 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
16:42:27.0653 4456 hkmsvc - ok
16:42:27.0669 4456 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
16:42:27.0669 4456 hpn - ok
16:42:27.0700 4456 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:42:27.0700 4456 HPZid412 - ok
16:42:27.0716 4456 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:42:27.0716 4456 HPZipr12 - ok
16:42:27.0732 4456 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:42:27.0732 4456 HPZius12 - ok
16:42:27.0794 4456 HSFHWAZL (03a51d7d5666df3d4331581b3a3109dc) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
16:42:27.0794 4456 HSFHWAZL - ok
16:42:27.0872 4456 HSF_DPV (d92272a376bba4a0ed61f92280d71a10) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
16:42:27.0903 4456 HSF_DPV - ok
16:42:27.0966 4456 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:42:27.0982 4456 HTTP - ok
16:42:28.0029 4456 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
16:42:28.0029 4456 HTTPFilter - ok
16:42:28.0091 4456 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
16:42:28.0091 4456 i2omgmt - ok
16:42:28.0107 4456 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:42:28.0107 4456 i2omp - ok
16:42:28.0216 4456 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:42:28.0279 4456 i8042prt - ok
16:42:29.0185 4456 ialm (f339b2e3a3f63cc14077d614a56a967b) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:42:29.0372 4456 ialm - ok
16:42:29.0669 4456 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\WINDOWS\system32\DRIVERS\iaStor.sys
16:42:29.0669 4456 iaStor - ok
16:42:29.0700 4456 IBMPMDRV (7285cd0c2b686e0590f941b48414a9f4) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
16:42:29.0700 4456 IBMPMDRV - ok
16:42:29.0732 4456 IBMPMSVC (822675eb6dd6f078316aa6ebc545518c) C:\WINDOWS\system32\ibmpmsvc.exe
16:42:29.0732 4456 IBMPMSVC - ok
16:42:29.0763 4456 IBMTPCHK (3a7dbe81ec5edb96a0a61c7d4af3198d) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
16:42:29.0810 4456 IBMTPCHK - ok
16:42:30.0013 4456 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:42:30.0044 4456 idsvc - ok
16:42:30.0075 4456 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:42:30.0075 4456 Imapi - ok
16:42:30.0138 4456 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
16:42:30.0154 4456 ImapiService - ok
16:42:30.0185 4456 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:42:30.0185 4456 ini910u - ok
16:42:30.0200 4456 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:42:30.0200 4456 IntelIde - ok
16:42:30.0247 4456 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:42:30.0247 4456 intelppm - ok
16:42:30.0279 4456 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:42:30.0279 4456 Ip6Fw - ok
16:42:30.0279 4456 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:42:30.0279 4456 IpFilterDriver - ok
16:42:30.0294 4456 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:42:30.0294 4456 IpInIp - ok
16:42:30.0341 4456 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:42:30.0357 4456 IpNat - ok
16:42:30.0544 4456 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
16:42:30.0575 4456 iPod Service - ok
16:42:30.0622 4456 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:42:30.0622 4456 IPSec - ok
16:42:30.0654 4456 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:42:30.0669 4456 IRENUM - ok
16:42:30.0700 4456 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:42:30.0700 4456 isapnp - ok
16:42:30.0810 4456 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
16:42:30.0825 4456 IviRegMgr - ok
16:42:30.0857 4456 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
16:42:30.0857 4456 JavaQuickStarterService - ok
16:42:30.0904 4456 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:42:30.0904 4456 Kbdclass - ok
16:42:30.0966 4456 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:42:30.0982 4456 kmixer - ok
16:42:31.0029 4456 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:42:31.0044 4456 KSecDD - ok
16:42:31.0107 4456 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
16:42:31.0107 4456 LanmanServer - ok
16:42:31.0169 4456 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
16:42:31.0169 4456 lanmanworkstation - ok
16:42:31.0169 4456 lbrtfdc - ok
16:42:31.0279 4456 LENOVO.MICMUTE (02d0de905a7d32e38496853a94bbdd5c) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
16:42:31.0279 4456 LENOVO.MICMUTE - ok
16:42:31.0341 4456 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\WINDOWS\system32\DRIVERS\smiif32.sys
16:42:31.0341 4456 lenovo.smi - ok
16:42:31.0419 4456 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
16:42:31.0419 4456 LmHosts - ok
16:42:31.0497 4456 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
16:42:31.0497 4456 MBAMSwissArmy - ok
16:42:31.0529 4456 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:42:31.0529 4456 mdmxsdk - ok
16:42:31.0575 4456 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
16:42:31.0575 4456 Messenger - ok
16:42:31.0622 4456 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:42:31.0622 4456 mnmdd - ok
16:42:31.0669 4456 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
16:42:31.0669 4456 mnmsrvc - ok
16:42:31.0669 4456 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:42:31.0669 4456 Modem - ok
16:42:31.0716 4456 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:42:31.0716 4456 Mouclass - ok
16:42:31.0763 4456 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:42:31.0763 4456 mouhid - ok
16:42:31.0779 4456 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:42:31.0794 4456 MountMgr - ok
16:42:31.0825 4456 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
16:42:31.0825 4456 MpFilter - ok
16:42:31.0935 4456 MpKsl42d174ff (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{97BCABE1-1B33-4B32-973B-56B72348DB59}\MpKsl42d174ff.sys
16:42:31.0935 4456 MpKsl42d174ff - ok
16:42:31.0966 4456 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:42:31.0966 4456 mraid35x - ok
16:42:32.0013 4456 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:42:32.0013 4456 MRxDAV - ok
16:42:32.0075 4456 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:42:32.0091 4456 MRxSmb - ok
16:42:32.0122 4456 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
16:42:32.0122 4456 MSDTC - ok
16:42:32.0154 4456 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:42:32.0154 4456 Msfs - ok
16:42:32.0169 4456 MSIServer - ok
16:42:32.0200 4456 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:42:32.0200 4456 MSKSSRV - ok
16:42:32.0341 4456 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:42:32.0341 4456 MsMpSvc - ok
16:42:32.0372 4456 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:42:32.0372 4456 MSPCLOCK - ok
16:42:32.0372 4456 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:42:32.0372 4456 MSPQM - ok
16:42:32.0404 4456 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:42:32.0404 4456 mssmbios - ok
16:42:32.0435 4456 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:42:32.0450 4456 MSTEE - ok
16:42:32.0482 4456 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:42:32.0497 4456 Mup - ok
16:42:32.0544 4456 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:42:32.0544 4456 NABTSFEC - ok
16:42:32.0607 4456 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
16:42:32.0607 4456 napagent - ok
16:42:32.0654 4456 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:42:32.0669 4456 NDIS - ok
16:42:32.0700 4456 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:42:32.0700 4456 NdisIP - ok
16:42:32.0732 4456 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:42:32.0732 4456 NdisTapi - ok
16:42:32.0794 4456 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:42:32.0794 4456 Ndisuio - ok
16:42:32.0810 4456 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:42:32.0810 4456 NdisWan - ok
16:42:32.0857 4456 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:42:32.0857 4456 NDProxy - ok
16:42:32.0919 4456 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\WINDOWS\system32\HPZinw12.dll
16:42:32.0919 4456 Net Driver HPZ12 - ok
16:42:32.0935 4456 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:42:32.0935 4456 NetBIOS - ok
16:42:32.0982 4456 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:42:32.0997 4456 NetBT - ok
16:42:33.0029 4456 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:42:33.0044 4456 NetDDE - ok
16:42:33.0044 4456 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:42:33.0044 4456 NetDDEdsdm - ok
16:42:33.0091 4456 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:42:33.0091 4456 Netlogon - ok
16:42:33.0122 4456 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
16:42:33.0122 4456 Netman - ok
16:42:33.0279 4456 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:42:33.0294 4456 NetTcpPortSharing - ok
16:42:33.0341 4456 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:42:33.0341 4456 NIC1394 - ok
16:42:33.0482 4456 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
16:42:33.0482 4456 Nla - ok
16:42:33.0575 4456 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:42:33.0575 4456 Npfs - ok
16:42:33.0716 4456 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:42:33.0732 4456 Ntfs - ok
16:42:33.0732 4456 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:42:33.0747 4456 NtLmSsp - ok
16:42:33.0825 4456 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
16:42:33.0841 4456 NtmsSvc - ok
16:42:33.0857 4456 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:42:33.0872 4456 Null - ok
16:42:33.0888 4456 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:42:33.0904 4456 NwlnkFlt - ok
16:42:33.0904 4456 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:42:33.0904 4456 NwlnkFwd - ok
16:42:34.0060 4456 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:42:34.0075 4456 odserv - ok
16:42:34.0122 4456 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:42:34.0122 4456 ohci1394 - ok
16:42:34.0169 4456 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:42:34.0169 4456 ose - ok
16:42:34.0200 4456 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
16:42:34.0216 4456 Parport - ok
16:42:34.0247 4456 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:42:34.0247 4456 PartMgr - ok
16:42:34.0263 4456 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:42:34.0279 4456 ParVdm - ok
16:42:34.0388 4456 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:42:34.0388 4456 PCI - ok
16:42:34.0404 4456 PCIDump - ok
16:42:34.0435 4456 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:42:34.0435 4456 PCIIde - ok
16:42:34.0450 4456 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
16:42:34.0450 4456 Pcmcia - ok
16:42:34.0450 4456 PDCOMP - ok
16:42:34.0466 4456 PDFRAME - ok
16:42:34.0466 4456 PDRELI - ok
16:42:34.0482 4456 PDRFRAME - ok
16:42:34.0482 4456 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
16:42:34.0497 4456 perc2 - ok
16:42:34.0497 4456 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
16:42:34.0497 4456 perc2hib - ok
16:42:34.0607 4456 PlugPlay (020ceaaedc8eb655b6506b8c70d53bb6) C:\WINDOWS\system32\services.exe
16:42:34.0607 4456 PlugPlay - ok
16:42:34.0669 4456 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
16:42:34.0669 4456 pmem - ok
16:42:34.0794 4456 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\WINDOWS\system32\HPZipm12.dll
16:42:34.0794 4456 Pml Driver HPZ12 - ok
16:42:34.0857 4456 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:42:34.0857 4456 PolicyAgent - ok
16:42:34.0966 4456 Power Manager DBC Service (f4be7426345fee3ff88834cdea77e9a1) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
16:42:34.0966 4456 Power Manager DBC Service - ok
16:42:35.0013 4456 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:42:35.0013 4456 PptpMiniport - ok
16:42:35.0029 4456 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:42:35.0029 4456 ProtectedStorage - ok
16:42:35.0060 4456 psadd (271f3e304cf2a467188ef393c8fbd2b7) C:\WINDOWS\system32\DRIVERS\psadd.sys
16:42:35.0060 4456 psadd - ok
16:42:35.0075 4456 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:42:35.0075 4456 PSched - ok
16:42:35.0075 4456 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:42:35.0075 4456 Ptilink - ok
16:42:35.0107 4456 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:42:35.0122 4456 PxHelp20 - ok
16:42:35.0216 4456 QBCFMonitorService (27e26a7dbc17860630ce5065019c348f) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
16:42:35.0216 4456 QBCFMonitorService - ok
16:42:35.0279 4456 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
16:42:35.0279 4456 QBFCService - ok
16:42:35.0497 4456 QBVSS (78afb70dbe365bd6140e6740792ac3ea) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
16:42:35.0513 4456 QBVSS - ok
16:42:35.0669 4456 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
16:42:35.0669 4456 ql1080 - ok
16:42:35.0685 4456 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
16:42:35.0685 4456 Ql10wnt - ok
16:42:35.0716 4456 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
16:42:35.0716 4456 ql12160 - ok
16:42:35.0732 4456 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
16:42:35.0732 4456 ql1240 - ok
16:42:35.0763 4456 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
16:42:35.0763 4456 ql1280 - ok
16:42:35.0794 4456 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:42:35.0794 4456 RasAcd - ok
16:42:35.0841 4456 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
16:42:35.0841 4456 RasAuto - ok
16:42:35.0888 4456 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:42:35.0888 4456 Rasl2tp - ok
16:42:35.0919 4456 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
16:42:35.0919 4456 RasMan - ok
16:42:35.0935 4456 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:42:35.0935 4456 RasPppoe - ok
16:42:35.0950 4456 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:42:35.0966 4456 Raspti - ok
16:42:35.0997 4456 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:42:36.0013 4456 Rdbss - ok
16:42:36.0013 4456 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:42:36.0029 4456 RDPCDD - ok
16:42:36.0060 4456 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:42:36.0060 4456 rdpdr - ok
16:42:36.0107 4456 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
16:42:36.0122 4456 RDPWD - ok
16:42:36.0154 4456 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
16:42:36.0154 4456 RDSessMgr - ok
16:42:36.0185 4456 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:42:36.0185 4456 redbook - ok
16:42:36.0247 4456 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
16:42:36.0247 4456 RemoteAccess - ok
16:42:36.0294 4456 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
16:42:36.0310 4456 RemoteRegistry - ok
16:42:36.0388 4456 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
16:42:36.0388 4456 rimmptsk - ok
16:42:36.0435 4456 rimsptsk (c398bca91216755b098679a8da8a2300) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
16:42:36.0435 4456 rimsptsk - ok
16:42:36.0466 4456 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
16:42:36.0466 4456 rismxdp - ok
16:42:36.0529 4456 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
16:42:36.0529 4456 RpcLocator - ok
16:42:36.0622 4456 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
16:42:36.0638 4456 RpcSs - ok
16:42:36.0700 4456 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
16:42:36.0716 4456 RSVP - ok
16:42:36.0747 4456 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:42:36.0747 4456 SamSs - ok
16:42:36.0794 4456 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
16:42:36.0794 4456 SCardSvr - ok
16:42:36.0841 4456 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
16:42:36.0841 4456 Schedule - ok
16:42:36.0904 4456 sdbus (d1facb3c7d12f439c18ef01aa88c2a9d) C:\WINDOWS\system32\DRIVERS\sdbus.sys
16:42:36.0904 4456 sdbus - ok
16:42:36.0935 4456 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:42:36.0935 4456 Secdrv - ok
16:42:36.0982 4456 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
16:42:36.0982 4456 seclogon - ok
16:42:36.0997 4456 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
16:42:36.0997 4456 SENS - ok
16:42:37.0029 4456 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
16:42:37.0029 4456 Serial - ok
16:42:37.0060 4456 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
16:42:37.0060 4456 sffdisk - ok
16:42:37.0075 4456 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
16:42:37.0075 4456 sffp_sd - ok
16:42:37.0107 4456 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:42:37.0107 4456 Sfloppy - ok
16:42:37.0185 4456 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
16:42:37.0200 4456 SharedAccess - ok
16:42:37.0263 4456 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:42:37.0263 4456 ShellHWDetection - ok
16:42:37.0341 4456 Shockprf (2108fc5934843e5f346a715e71fa79f9) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
16:42:37.0341 4456 Shockprf - ok
16:42:37.0341 4456 Simbad - ok
16:42:37.0372 4456 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
16:42:37.0388 4456 sisagp - ok
16:42:37.0529 4456 SkypeUpdate (ea396139541706b4b433641d62ea53ce) C:\Program Files\Skype\Updater\Updater.exe
16:42:37.0529 4456 SkypeUpdate - ok
16:42:37.0591 4456 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:42:37.0607 4456 SLIP - ok
16:42:37.0794 4456 SNP2UVC (1ef34706531b188d1ce12127d8233e87) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
16:42:37.0826 4456 SNP2UVC - ok
16:42:37.0997 4456 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
16:42:37.0997 4456 Sparrow - ok
16:42:38.0044 4456 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:42:38.0044 4456 splitter - ok
16:42:38.0091 4456 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
16:42:38.0091 4456 Spooler - ok
16:42:38.0154 4456 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:42:38.0154 4456 sr - ok
16:42:38.0232 4456 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
16:42:38.0232 4456 srservice - ok
16:45:37.0888 4456 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:48:22.0919 4456 Srv - ok
16:48:25.0982 4456 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
16:48:27.0591 4456 SSDPSRV - ok
16:48:30.0998 4456 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
16:48:31.0013 4456 stisvc - ok
16:48:31.0138 4456 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:48:31.0138 4456 streamip - ok
16:48:32.0138 4456 SUService (c2191c1a5dfed0795e3d3b68905b195b) c:\program files\lenovo\system update\suservice.exe
16:48:32.0138 4456 SUService - ok
16:48:32.0201 4456 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:48:32.0216 4456 swenum - ok
16:48:32.0310 4456 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:48:32.0310 4456 swmidi - ok
16:48:32.0326 4456 SwPrv - ok
16:48:32.0576 4456 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
16:48:32.0748 4456 symc810 - ok
16:48:32.0841 4456 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:48:32.0841 4456 symc8xx - ok
16:48:32.0857 4456 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:48:32.0857 4456 sym_hi - ok
16:48:32.0873 4456 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:48:32.0888 4456 sym_u3 - ok
16:48:32.0919 4456 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:48:32.0935 4456 sysaudio - ok
16:48:32.0982 4456 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
16:48:32.0982 4456 SysmonLog - ok
16:48:33.0044 4456 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
16:48:33.0076 4456 TapiSrv - ok
16:48:33.0232 4456 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:48:33.0232 4456 Tcpip - ok
16:48:33.0310 4456 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:48:33.0310 4456 TDPIPE - ok
16:48:33.0341 4456 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:48:33.0341 4456 TDTCP - ok
16:48:33.0373 4456 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:48:33.0373 4456 TermDD - ok
16:48:33.0669 4456 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
16:48:33.0826 4456 TermService - ok
16:48:35.0419 4456 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:48:35.0435 4456 Themes - ok
16:48:38.0998 4456 ThinkVantage Registry Monitor Service (1c7b8e69bf9557a17a17f2120892acf9) c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
16:48:39.0076 4456 ThinkVantage Registry Monitor Service - ok
16:48:39.0154 4456 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
16:48:39.0154 4456 TlntSvr - ok
16:48:39.0201 4456 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
16:48:39.0216 4456 TosIde - ok
16:48:39.0294 4456 TPDIGIMN (1282722cf2cc5a88a606b8022d0f8b7e) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
16:48:39.0294 4456 TPDIGIMN - ok
16:48:39.0373 4456 TPHDEXLGSVC (5a726e3cc83655ef71912c4775d004f9) C:\WINDOWS\system32\TPHDEXLG.exe
16:48:39.0373 4456 TPHDEXLGSVC - ok
16:48:39.0451 4456 TPHKDRV (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
16:48:39.0451 4456 TPHKDRV - ok
16:48:39.0701 4456 TPHKSVC (bd87cdc95d68a096268a3efac6c2fe5d) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
16:48:39.0732 4456 TPHKSVC - ok
16:48:40.0029 4456 tpm (3724dff72b0f5307cf761cc91c2bb9f7) C:\WINDOWS\system32\DRIVERS\tpm.sys
16:48:40.0029 4456 tpm - ok
16:48:40.0107 4456 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
16:48:40.0107 4456 TPPWRIF - ok
16:48:40.0216 4456 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
16:48:40.0216 4456 TrkWks - ok
16:48:40.0279 4456 TSMAPIP (f10f36e20448a5500a5f83f67ee4aad4) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
16:48:40.0310 4456 TSMAPIP - ok
16:48:40.0685 4456 TSSCoreService (ddd4a2c9a37b93c7d8a539f785572565) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
16:48:40.0701 4456 TSSCoreService - ok
16:48:40.0810 4456 TVT Backup Protection Service (1aa675a55e169bc45b5685355bec2c66) C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
16:48:40.0826 4456 TVT Backup Protection Service - ok
16:48:41.0091 4456 TVT Backup Service (ff86960cf29eab25cddecc92cbba43d4) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
16:48:41.0107 4456 TVT Backup Service - ok
16:48:41.0419 4456 TVT Scheduler (49851e0177f2044184c125e919d1917c) c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
16:48:41.0451 4456 TVT Scheduler - ok
16:48:41.0701 4456 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
16:48:41.0701 4456 tvtfilter - ok
16:48:41.0716 4456 TVTI2C (7e66dda1ef146bfc3a6e36e08e036602) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
16:48:41.0716 4456 TVTI2C - ok
16:48:41.0857 4456 TVT_UpdateMonitor (22a001f3fbb92e3811c3bfd8fdad3ed3) C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
16:48:41.0873 4456 TVT_UpdateMonitor - ok
16:48:41.0919 4456 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:48:41.0919 4456 Udfs - ok
16:48:41.0966 4456 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
16:48:41.0966 4456 ultra - ok
16:48:42.0013 4456 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
16:48:42.0013 4456 UMWdf - ok
16:48:42.0060 4456 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:48:42.0076 4456 Update - ok
16:48:42.0123 4456 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
16:48:42.0138 4456 upnphost - ok
16:48:42.0138 4456 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
16:48:42.0154 4456 UPS - ok
16:48:42.0185 4456 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
16:48:42.0279 4456 USBAAPL - ok
16:48:42.0341 4456 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:48:42.0341 4456 usbccgp - ok
16:48:42.0404 4456 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:48:42.0404 4456 usbehci - ok
16:48:42.0419 4456 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:48:42.0419 4456 usbhub - ok
16:48:42.0482 4456 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:48:42.0482 4456 usbprint - ok
16:48:42.0529 4456 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:48:42.0529 4456 usbscan - ok
16:48:42.0576 4456 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:48:42.0576 4456 USBSTOR - ok
16:48:42.0623 4456 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:48:42.0623 4456 usbuhci - ok
16:48:42.0685 4456 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
16:48:42.0685 4456 usbvideo - ok
16:48:42.0716 4456 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:48:42.0716 4456 VgaSave - ok
16:48:42.0748 4456 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
16:48:42.0748 4456 viaagp - ok
16:48:42.0763 4456 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
16:48:42.0763 4456 ViaIde - ok
16:48:42.0810 4456 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:48:42.0810 4456 VolSnap - ok
16:48:42.0873 4456 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
16:48:42.0888 4456 VSS - ok
16:48:42.0935 4456 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
16:48:42.0935 4456 W32Time - ok
16:48:42.0966 4456 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:48:42.0966 4456 Wanarp - ok
16:48:43.0060 4456 Wdf01000 (8b35229d2761bc8ed526cb69e4f6685e) C:\WINDOWS\system32\Drivers\wdf01000.sys
16:48:43.0076 4456 Wdf01000 - ok
16:48:43.0076 4456 WDICA - ok
16:48:43.0154 4456 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:48:43.0154 4456 wdmaud - ok
16:48:43.0216 4456 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
16:48:43.0216 4456 WebClient - ok
16:48:43.0419 4456 winachsf (ed10a3d367dd5596506022d5e2a3cba0) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:48:43.0435 4456 winachsf - ok
16:48:43.0591 4456 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
16:48:43.0591 4456 winmgmt - ok
16:48:44.0310 4456 WMConnectCDS (cd99c9feae87c1963273f6b150251e33) C:\Program Files\Windows Media Connect 2\wmccds.exe
16:48:44.0341 4456 WMConnectCDS - ok
16:48:44.0591 4456 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
16:48:44.0607 4456 WmdmPmSN - ok
16:48:44.0732 4456 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
16:48:44.0748 4456 Wmi - ok
16:48:44.0857 4456 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:48:44.0857 4456 WmiAcpi - ok
16:48:44.0935 4456 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:48:44.0935 4456 WmiApSrv - ok
16:48:44.0982 4456 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
16:48:44.0982 4456 WpdUsb - ok
16:48:45.0044 4456 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:48:45.0044 4456 WS2IFSL - ok
16:48:45.0107 4456 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
16:48:45.0107 4456 wscsvc - ok
16:48:45.0107 4456 WSearch - ok
16:48:45.0185 4456 WSIMD (21ac4f228f3d36876a42277c76a766c0) C:\WINDOWS\system32\DRIVERS\wsimd.sys
16:48:45.0185 4456 WSIMD - ok
16:48:45.0232 4456 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:48:45.0232 4456 WSTCODEC - ok
16:48:45.0294 4456 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
16:48:45.0310 4456 wuauserv - ok
16:48:45.0451 4456 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
16:48:45.0451 4456 WZCSVC - ok
16:48:45.0498 4456 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
16:48:45.0498 4456 xmlprov - ok
16:48:45.0529 4456 MBR (0x1B8) (6c8a14fa1c7d0cde471c7f474b55d28a) \Device\Harddisk0\DR0
16:48:46.0701 4456 \Device\Harddisk0\DR0 - ok
16:48:46.0732 4456 Boot (0x1200) (23e93a79ba7cdf5216c03c80fc67a6aa) \Device\Harddisk0\DR0\Partition0
16:48:46.0732 4456 \Device\Harddisk0\DR0\Partition0 - ok
16:48:46.0732 4456 ============================================================
16:48:46.0732 4456 Scan finished
16:48:46.0732 4456 ============================================================
16:48:46.0748 5712 Detected object count: 0
16:48:46.0748 5712 Actual detected object count: 0
16:49:50.0919 3888 ============================================================
16:49:50.0919 3888 Scan started
16:49:50.0919 3888 Mode: Manual;
16:49:50.0919 3888 ============================================================
16:49:51.0638 3888 Abiosdsk - ok
16:49:51.0701 3888 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:49:51.0701 3888 abp480n5 - ok
16:49:51.0716 3888 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:49:51.0716 3888 ACPI - ok
16:49:51.0732 3888 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:49:51.0732 3888 ACPIEC - ok
16:49:51.0873 3888 AcPrfMgrSvc (5bae4419ce3b9b0f6edd29ecb5e43864) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
16:49:51.0873 3888 AcPrfMgrSvc - ok
16:49:51.0966 3888 acs (5e0e99095dcb32d2b62e3d7e95f03042) C:\WINDOWS\system32\acs.exe
16:49:51.0966 3888 acs - ok
16:49:52.0029 3888 AcSvc (efb98baeb7f3aaa1e1f5af304290cbde) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
16:49:52.0029 3888 AcSvc - ok
16:49:52.0091 3888 ADMonitor (fb0be3b9ebc6219270e7e507582cf0ff) C:\WINDOWS\system32\ADMonitor.exe
16:49:52.0091 3888 ADMonitor - ok
16:49:52.0123 3888 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:49:52.0123 3888 adpu160m - ok
16:49:52.0185 3888 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:49:52.0185 3888 aec - ok
16:49:52.0294 3888 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:49:52.0294 3888 AFD - ok
16:49:52.0326 3888 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
16:49:52.0326 3888 agp440 - ok
16:49:52.0341 3888 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:49:52.0341 3888 agpCPQ - ok
16:49:52.0341 3888 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:49:52.0341 3888 Aha154x - ok
16:49:52.0357 3888 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:49:52.0357 3888 aic78u2 - ok
16:49:52.0357 3888 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:49:52.0373 3888 aic78xx - ok
16:49:52.0404 3888 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
16:49:52.0404 3888 Alerter - ok
16:49:52.0419 3888 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
16:49:52.0419 3888 ALG - ok
16:49:52.0466 3888 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
16:49:52.0466 3888 AliIde - ok
16:49:52.0482 3888 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:49:52.0482 3888 alim1541 - ok
16:49:52.0482 3888 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:49:52.0498 3888 amdagp - ok
16:49:52.0513 3888 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
16:49:52.0513 3888 amsint - ok
16:49:52.0529 3888 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
16:49:52.0544 3888 ANC - ok
16:49:52.0607 3888 ApfiltrService (14660206dc539db62f37b4a75a984578) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
16:49:52.0607 3888 ApfiltrService - ok
16:49:52.0716 3888 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:49:52.0732 3888 Apple Mobile Device - ok
16:49:52.0763 3888 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
16:49:52.0779 3888 AppMgmt - ok
16:49:52.0904 3888 AR5416 (7d53e5646ba23fd51296f7ef8979a000) C:\WINDOWS\system32\DRIVERS\athw.sys
16:49:52.0919 3888 AR5416 - ok
16:49:52.0982 3888 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:49:52.0982 3888 Arp1394 - ok
16:49:53.0029 3888 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
16:49:53.0029 3888 asc - ok
16:49:53.0044 3888 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:49:53.0044 3888 asc3350p - ok
16:49:53.0044 3888 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:49:53.0044 3888 asc3550 - ok
16:49:53.0154 3888 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:49:53.0154 3888 aspnet_state - ok
16:49:53.0185 3888 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:49:53.0185 3888 AsyncMac - ok
16:49:53.0216 3888 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:49:53.0232 3888 atapi - ok
16:49:53.0232 3888 Atdisk - ok
16:49:53.0248 3888 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:49:53.0248 3888 Atmarpc - ok
16:49:53.0451 3888 ATService (6a0f37bc6e960e4baa47048d6d877d3c) C:\WINDOWS\system32\AtService.exe
16:49:53.0482 3888 ATService - ok
16:49:53.0716 3888 ATSwpWDF (40e3212da94acf9e120c30acebc6ea80) C:\WINDOWS\system32\Drivers\ATSwpWDF.sys
16:49:53.0716 3888 ATSwpWDF - ok
16:49:53.0763 3888 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
16:49:53.0763 3888 AudioSrv - ok
16:49:53.0826 3888 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:49:53.0826 3888 audstub - ok
16:49:53.0888 3888 b57w2k (a9d0f6efc61d1ff69b55c495f85dd868) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
16:49:53.0888 3888 b57w2k - ok
16:49:53.0904 3888 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:49:53.0904 3888 Beep - ok
16:49:53.0982 3888 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
16:49:53.0998 3888 BITS - ok
16:49:54.0123 3888 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
16:49:54.0138 3888 Bonjour Service - ok
16:49:54.0185 3888 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
16:49:54.0185 3888 Browser - ok
16:49:54.0185 3888 catchme - ok
16:49:54.0232 3888 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:49:54.0232 3888 cbidf - ok
16:49:54.0232 3888 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:49:54.0232 3888 cbidf2k - ok
16:49:54.0263 3888 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:49:54.0263 3888 CCDECODE - ok
16:49:54.0279 3888 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:49:54.0279 3888 cd20xrnt - ok
16:49:54.0310 3888 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:49:54.0310 3888 Cdaudio - ok
16:49:54.0326 3888 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:49:54.0326 3888 Cdfs - ok
16:49:54.0341 3888 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:49:54.0341 3888 Cdrom - ok
16:49:54.0357 3888 Changer - ok
16:49:54.0388 3888 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
16:49:54.0388 3888 CiSvc - ok
16:49:54.0404 3888 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
16:49:54.0404 3888 ClipSrv - ok
16:49:54.0498 3888 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:49:54.0498 3888 clr_optimization_v2.0.50727_32 - ok
16:49:54.0560 3888 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:49:54.0560 3888 CmBatt - ok
16:49:54.0591 3888 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:49:54.0591 3888 CmdIde - ok
16:49:54.0685 3888 CnxtHdAudService (d93f3d5a627306b869e83ed035626992) C:\WINDOWS\system32\drivers\CHDAU32.sys
16:49:54.0701 3888 CnxtHdAudService - ok
16:49:54.0716 3888 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:49:54.0716 3888 Compbatt - ok
16:49:54.0716 3888 COMSysApp - ok
16:49:54.0763 3888 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:49:54.0763 3888 Cpqarray - ok
16:49:54.0810 3888 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
16:49:54.0810 3888 CryptSvc - ok
16:49:54.0826 3888 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:49:54.0826 3888 dac2w2k - ok
16:49:54.0841 3888 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:49:54.0841 3888 dac960nt - ok
16:49:54.0904 3888 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
16:49:54.0919 3888 DcomLaunch - ok
16:49:54.0982 3888 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
16:49:54.0982 3888 Dhcp - ok
16:49:55.0029 3888 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:49:55.0029 3888 Disk - ok
16:49:55.0091 3888 DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
16:49:55.0091 3888 DLABMFSM - ok
16:49:55.0107 3888 DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
16:49:55.0107 3888 DLABOIOM - ok
16:49:55.0107 3888 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
16:49:55.0107 3888 DLACDBHM - ok
16:49:55.0123 3888 DLADResM (93d03238cc3f0ee3c0b3985d110ec575) C:\WINDOWS\system32\DLA\DLADResM.SYS
16:49:55.0123 3888 DLADResM - ok
16:49:55.0138 3888 DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
16:49:55.0138 3888 DLAIFS_M - ok
16:49:55.0154 3888 DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
16:49:55.0154 3888 DLAOPIOM - ok
16:49:55.0154 3888 DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
16:49:55.0154 3888 DLAPoolM - ok
16:49:55.0185 3888 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
16:49:55.0185 3888 DLARTL_M - ok
16:49:55.0201 3888 DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
16:49:55.0201 3888 DLAUDFAM - ok
16:49:55.0216 3888 DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
16:49:55.0216 3888 DLAUDF_M - ok
16:49:55.0232 3888 dlcf_device - ok
16:49:55.0232 3888 dmadmin - ok
16:49:55.0341 3888 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:49:55.0357 3888 dmboot - ok
16:49:55.0373 3888 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:49:55.0373 3888 dmio - ok
16:49:55.0388 3888 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:49:55.0388 3888 dmload - ok
16:49:55.0404 3888 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
16:49:55.0404 3888 dmserver - ok
16:49:55.0466 3888 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:49:55.0466 3888 DMusic - ok
16:49:55.0529 3888 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
16:49:55.0529 3888 Dnscache - ok
16:49:55.0591 3888 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
16:49:55.0607 3888 Dot3svc - ok
16:49:55.0638 3888 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:49:55.0638 3888 dpti2o - ok
16:49:55.0669 3888 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:49:55.0669 3888 drmkaud - ok
16:49:55.0732 3888 DRVMCDB (83106585494d5eb96f59187200c144bd) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
16:49:55.0732 3888 DRVMCDB - ok
16:49:55.0748 3888 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
16:49:55.0748 3888 DRVNDDM - ok
16:49:55.0810 3888 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
16:49:55.0810 3888 dtsoftbus01 - ok
16:49:55.0857 3888 dtsvc (13f36b3cb0f73ad0a0b89a6afec97954) C:\WINDOWS\system32\DTS.exe
16:49:55.0857 3888 dtsvc - ok
16:49:55.0904 3888 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
16:49:55.0904 3888 EapHost - ok
16:49:55.0951 3888 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
16:49:55.0951 3888 ERSvc - ok
16:49:55.0998 3888 Eventlog (020ceaaedc8eb655b6506b8c70d53bb6) C:\WINDOWS\system32\services.exe
16:49:55.0998 3888 Eventlog - ok
16:49:56.0076 3888 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
16:49:56.0076 3888 EventSystem - ok
16:49:56.0138 3888 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:49:56.0138 3888 Fastfat - ok
16:49:56.0201 3888 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:49:56.0201 3888 FastUserSwitchingCompatibility - ok
16:49:56.0279 3888 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:49:56.0279 3888 Fdc - ok
16:49:56.0341 3888 FingerprintServer (d28b93001f499f102fffc6e73b4434a3) C:\WINDOWS\system32\FpLogonServ.exe
16:49:56.0341 3888 FingerprintServer - ok
16:49:56.0357 3888 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:49:56.0357 3888 Fips - ok
16:49:56.0529 3888 FLEXnet Licensing Service (d60ef46dc0e757fe5eb579db95b88954) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:49:56.0544 3888 FLEXnet Licensing Service - ok
16:49:56.0560 3888 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:49:56.0560 3888 Flpydisk - ok
16:49:56.0591 3888 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:49:56.0591 3888 FltMgr - ok
16:49:56.0716 3888 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:49:56.0716 3888 FontCache3.0.0.0 - ok
16:49:56.0748 3888 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:49:56.0748 3888 Fs_Rec - ok
16:49:56.0810 3888 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:49:56.0810 3888 Ftdisk - ok
16:49:56.0873 3888 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:49:56.0873 3888 GEARAspiWDM - ok
16:49:56.0904 3888 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:49:56.0904 3888 Gpc - ok
16:49:57.0044 3888 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
16:49:57.0044 3888 gupdate - ok
16:49:57.0044 3888 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
16:49:57.0044 3888 gupdatem - ok
16:49:57.0107 3888 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:49:57.0107 3888 HDAudBus - ok
16:49:57.0154 3888 HECI (2df64415a28ce036ac6acec7645a996f) C:\WINDOWS\system32\DRIVERS\HECI.sys
16:49:57.0154 3888 HECI - ok
16:49:57.0279 3888 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:49:57.0279 3888 helpsvc - ok
16:49:57.0310 3888 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
16:49:57.0310 3888 HidServ - ok
16:49:57.0326 3888 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:49:57.0326 3888 HidUsb - ok
16:49:57.0373 3888 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
16:49:57.0373 3888 hkmsvc - ok
16:49:57.0419 3888 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
16:49:57.0419 3888 hpn - ok
16:49:57.0451 3888 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:49:57.0451 3888 HPZid412 - ok
16:49:57.0466 3888 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:49:57.0466 3888 HPZipr12 - ok
16:49:57.0482 3888 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:49:57.0482 3888 HPZius12 - ok
16:49:57.0544 3888 HSFHWAZL (03a51d7d5666df3d4331581b3a3109dc) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
16:49:57.0544 3888 HSFHWAZL - ok
16:49:57.0638 3888 HSF_DPV (d92272a376bba4a0ed61f92280d71a10) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
16:49:57.0638 3888 HSF_DPV - ok
16:49:57.0826 3888 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:49:57.0826 3888 HTTP - ok
16:49:57.0873 3888 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
16:49:57.0888 3888 HTTPFilter - ok
16:49:57.0935 3888 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
16:49:57.0935 3888 i2omgmt - ok
16:49:57.0966 3888 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:49:57.0966 3888 i2omp - ok
16:49:58.0013 3888 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:49:58.0013 3888 i8042prt - ok
16:49:58.0576 3888 ialm (f339b2e3a3f63cc14077d614a56a967b) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:49:58.0669 3888 ialm - ok
16:49:58.0888 3888 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\WINDOWS\system32\DRIVERS\iaStor.sys
16:49:58.0888 3888 iaStor - ok
16:49:58.0904 3888 IBMPMDRV (7285cd0c2b686e0590f941b48414a9f4) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
16:49:58.0904 3888 IBMPMDRV - ok
16:49:58.0966 3888 IBMPMSVC (822675eb6dd6f078316aa6ebc545518c) C:\WINDOWS\system32\ibmpmsvc.exe
16:49:58.0966 3888 IBMPMSVC - ok
16:49:59.0013 3888 IBMTPCHK (3a7dbe81ec5edb96a0a61c7d4af3198d) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
16:49:59.0013 3888 IBMTPCHK - ok
16:49:59.0216 3888 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:49:59.0216 3888 idsvc - ok
16:49:59.0263 3888 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:49:59.0263 3888 Imapi - ok
16:49:59.0326 3888 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
16:49:59.0326 3888 ImapiService - ok
16:49:59.0373 3888 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:49:59.0373 3888 ini910u - ok
16:49:59.0388 3888 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:49:59.0388 3888 IntelIde - ok
16:49:59.0419 3888 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:49:59.0419 3888 intelppm - ok
16:49:59.0451 3888 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:49:59.0451 3888 Ip6Fw - ok
16:49:59.0466 3888 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:49:59.0466 3888 IpFilterDriver - ok
16:49:59.0466 3888 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:49:59.0466 3888 IpInIp - ok
16:49:59.0513 3888 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:49:59.0513 3888 IpNat - ok
16:49:59.0685 3888 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
16:49:59.0701 3888 iPod Service - ok
16:49:59.0748 3888 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:49:59.0748 3888 IPSec - ok
16:49:59.0794 3888 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:49:59.0794 3888 IRENUM - ok
16:49:59.0826 3888 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:49:59.0826 3888 isapnp - ok
16:49:59.0935 3888 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
16:49:59.0935 3888 IviRegMgr - ok
16:49:59.0966 3888 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
16:49:59.0982 3888 JavaQuickStarterService - ok
16:50:00.0013 3888 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:50:00.0029 3888 Kbdclass - ok
16:50:00.0091 3888 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:50:00.0091 3888 kmixer - ok
16:50:00.0154 3888 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:50:00.0154 3888 KSecDD - ok
16:50:00.0216 3888 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
16:50:00.0216 3888 LanmanServer - ok
16:50:00.0310 3888 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
16:50:00.0310 3888 lanmanworkstation - ok
16:50:00.0310 3888 lbrtfdc - ok
16:50:00.0419 3888 LENOVO.MICMUTE (02d0de905a7d32e38496853a94bbdd5c) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
16:50:00.0419 3888 LENOVO.MICMUTE - ok
16:50:00.0466 3888 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\WINDOWS\system32\DRIVERS\smiif32.sys
16:50:00.0482 3888 lenovo.smi - ok
16:50:00.0544 3888 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
16:50:00.0544 3888 LmHosts - ok
16:50:00.0607 3888 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
16:50:00.0607 3888 MBAMSwissArmy - ok
16:50:00.0638 3888 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:50:00.0654 3888 mdmxsdk - ok
16:50:00.0685 3888 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
16:50:00.0685 3888 Messenger - ok
16:50:00.0716 3888 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:50:00.0732 3888 mnmdd - ok
16:50:00.0763 3888 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
16:50:00.0763 3888 mnmsrvc - ok
16:50:00.0779 3888 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:50:00.0779 3888 Modem - ok
16:50:00.0826 3888 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:50:00.0826 3888 Mouclass - ok
16:50:00.0873 3888 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:50:00.0873 3888 mouhid - ok
16:50:00.0888 3888 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:50:00.0888 3888 MountMgr - ok
16:50:00.0935 3888 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
16:50:00.0935 3888 MpFilter - ok
16:50:01.0013 3888 MpKsl42d174ff (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{97BCABE1-1B33-4B32-973B-56B72348DB59}\MpKsl42d174ff.sys
16:50:01.0013 3888 MpKsl42d174ff - ok
16:50:01.0044 3888 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:50:01.0044 3888 mraid35x - ok
16:50:01.0091 3888 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:50:01.0091 3888 MRxDAV - ok
16:50:01.0169 3888 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:50:01.0169 3888 MRxSmb - ok
16:50:01.0201 3888 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
16:50:01.0201 3888 MSDTC - ok
16:50:01.0232 3888 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:50:01.0232 3888 Msfs - ok
16:50:01.0232 3888 MSIServer - ok
16:50:01.0294 3888 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:50:01.0294 3888 MSKSSRV - ok
16:50:01.0419 3888 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:50:01.0419 3888 MsMpSvc - ok
16:50:01.0451 3888 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:50:01.0451 3888 MSPCLOCK - ok
16:50:01.0451 3888 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:50:01.0451 3888 MSPQM - ok
16:50:01.0482 3888 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:50:01.0482 3888 mssmbios - ok
16:50:01.0529 3888 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:50:01.0529 3888 MSTEE - ok
16:50:01.0576 3888 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:50:01.0576 3888 Mup - ok
16:50:01.0607 3888 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:50:01.0607 3888 NABTSFEC - ok
16:50:01.0654 3888 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
16:50:01.0669 3888 napagent - ok
16:50:01.0716 3888 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:50:01.0716 3888 NDIS - ok
16:50:01.0748 3888 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:50:01.0763 3888 NdisIP - ok
16:50:01.0794 3888 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:50:01.0794 3888 NdisTapi - ok
16:50:01.0841 3888 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:50:01.0857 3888 Ndisuio - ok
16:50:01.0857 3888 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:50:01.0857 3888 NdisWan - ok
16:50:01.0919 3888 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:50:01.0919 3888 NDProxy - ok
16:50:01.0966 3888 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\WINDOWS\system32\HPZinw12.dll
16:50:01.0966 3888 Net Driver HPZ12 - ok
16:50:01.0998 3888 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:50:01.0998 3888 NetBIOS - ok
16:50:02.0044 3888 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:50:02.0044 3888 NetBT - ok
16:50:02.0091 3888 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:50:02.0107 3888 NetDDE - ok
16:50:02.0107 3888 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:50:02.0107 3888 NetDDEdsdm - ok
16:50:02.0138 3888 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:50:02.0138 3888 Netlogon - ok
16:50:02.0185 3888 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
16:50:02.0185 3888 Netman - ok
16:50:02.0357 3888 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:50:02.0373 3888 NetTcpPortSharing - ok
16:50:02.0388 3888 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:50:02.0404 3888 NIC1394 - ok
16:50:02.0466 3888 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
16:50:02.0466 3888 Nla - ok
16:50:02.0513 3888 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:50:02.0513 3888 Npfs - ok
16:50:02.0576 3888 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:50:02.0591 3888 Ntfs - ok
16:50:02.0591 3888 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:50:02.0591 3888 NtLmSsp - ok
16:50:02.0654 3888 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
16:50:02.0669 3888 NtmsSvc - ok
16:50:02.0685 3888 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:50:02.0685 3888 Null - ok
16:50:02.0716 3888 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:50:02.0716 3888 NwlnkFlt - ok
16:50:02.0732 3888 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:50:02.0732 3888 NwlnkFwd - ok
16:50:02.0904 3888 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:50:02.0904 3888 odserv - ok
16:50:02.0951 3888 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:50:02.0951 3888 ohci1394 - ok
16:50:02.0998 3888 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:50:02.0998 3888 ose - ok
16:50:03.0029 3888 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
16:50:03.0029 3888 Parport - ok
16:50:03.0060 3888 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:50:03.0060 3888 PartMgr - ok
16:50:03.0091 3888 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:50:03.0091 3888 ParVdm - ok
16:50:03.0107 3888 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:50:03.0107 3888 PCI - ok
16:50:03.0107 3888 PCIDump - ok
16:50:03.0138 3888 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:50:03.0138 3888 PCIIde - ok
16:50:03.0169 3888 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
16:50:03.0169 3888 Pcmcia - ok
16:50:03.0169 3888 PDCOMP - ok
16:50:03.0185 3888 PDFRAME - ok
16:50:03.0185 3888 PDRELI - ok
16:50:03.0201 3888 PDRFRAME - ok
16:50:03.0232 3888 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
16:50:03.0232 3888 perc2 - ok
16:50:03.0248 3888 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
16:50:03.0248 3888 perc2hib - ok
16:50:03.0310 3888 PlugPlay (020ceaaedc8eb655b6506b8c70d53bb6) C:\WINDOWS\system32\services.exe
16:50:03.0310 3888 PlugPlay - ok
16:50:03.0357 3888 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
16:50:03.0357 3888 pmem - ok
16:50:03.0404 3888 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\WINDOWS\system32\HPZipm12.dll
16:50:03.0419 3888 Pml Driver HPZ12 - ok
16:50:03.0466 3888 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:50:03.0466 3888 PolicyAgent - ok
16:50:03.0576 3888 Power Manager DBC Service (f4be7426345fee3ff88834cdea77e9a1) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
16:50:03.0576 3888 Power Manager DBC Service - ok
16:50:03.0638 3888 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:50:03.0638 3888 PptpMiniport - ok
16:50:03.0638 3888 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:50:03.0638 3888 ProtectedStorage - ok
16:50:03.0669 3888 psadd (271f3e304cf2a467188ef393c8fbd2b7) C:\WINDOWS\system32\DRIVERS\psadd.sys
16:50:03.0669 3888 psadd - ok
16:50:03.0685 3888 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:50:03.0685 3888 PSched - ok
16:50:03.0685 3888 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:50:03.0701 3888 Ptilink - ok
16:50:03.0732 3888 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:50:03.0732 3888 PxHelp20 - ok
16:50:03.0826 3888 QBCFMonitorService (27e26a7dbc17860630ce5065019c348f) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
16:50:03.0826 3888 QBCFMonitorService - ok
16:50:03.0873 3888 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
16:50:03.0873 3888 QBFCService - ok
16:50:04.0029 3888 QBVSS (78afb70dbe365bd6140e6740792ac3ea) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
16:50:04.0044 3888 QBVSS - ok
16:50:04.0216 3888 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
16:50:04.0232 3888 ql1080 - ok
16:50:04.0232 3888 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
16:50:04.0232 3888 Ql10wnt - ok
16:50:04.0263 3888 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
16:50:04.0263 3888 ql12160 - ok
16:50:04.0310 3888 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
16:50:04.0310 3888 ql1240 - ok
16:50:04.0326 3888 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
16:50:04.0326 3888 ql1280 - ok
16:50:04.0373 3888 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:50:04.0373 3888 RasAcd - ok
16:50:04.0451 3888 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
16:50:04.0451 3888 RasAuto - ok
16:50:04.0482 3888 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:50:04.0482 3888 Rasl2tp - ok
16:50:04.0576 3888 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
16:50:04.0576 3888 RasMan - ok
16:50:04.0591 3888 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:50:04.0591 3888 RasPppoe - ok
16:50:04.0623 3888 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:50:04.0623 3888 Raspti - ok
16:50:04.0669 3888 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:50:04.0685 3888 Rdbss - ok
16:50:04.0732 3888 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:50:04.0732 3888 RDPCDD - ok
16:50:04.0810 3888 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:50:04.0810 3888 rdpdr - ok
16:50:04.0888 3888 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
16:50:04.0888 3888 RDPWD - ok
16:50:04.0951 3888 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
16:50:04.0951 3888 RDSessMgr - ok
16:50:05.0060 3888 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:50:05.0060 3888 redbook - ok
16:50:05.0107 3888 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
16:50:05.0107 3888 RemoteAccess - ok
16:50:05.0154 3888 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
16:50:05.0154 3888 RemoteRegistry - ok
16:50:05.0201 3888 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
16:50:05.0216 3888 rimmptsk - ok
16:50:05.0216 3888 rimsptsk (c398bca91216755b098679a8da8a2300) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
16:50:05.0216 3888 rimsptsk - ok
16:50:05.0248 3888 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
16:50:05.0248 3888 rismxdp - ok
16:50:05.0310 3888 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
16:50:05.0310 3888 RpcLocator - ok
16:50:05.0388 3888 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
16:50:05.0388 3888 RpcSs - ok
16:50:05.0419 3888 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
16:50:05.0419 3888 RSVP - ok
16:50:05.0466 3888 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:50:05.0466 3888 SamSs - ok
16:50:05.0544 3888 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
16:50:05.0544 3888 SCardSvr - ok
16:50:05.0607 3888 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
16:50:05.0623 3888 Schedule - ok
16:50:05.0669 3888 sdbus (d1facb3c7d12f439c18ef01aa88c2a9d) C:\WINDOWS\system32\DRIVERS\sdbus.sys
16:50:05.0669 3888 sdbus - ok
16:50:05.0701 3888 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:50:05.0701 3888 Secdrv - ok
16:50:05.0748 3888 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
16:50:05.0748 3888 seclogon - ok
16:50:05.0763 3888 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
16:50:05.0763 3888 SENS - ok
16:50:05.0794 3888 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
16:50:05.0794 3888 Serial - ok
16:50:05.0810 3888 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
16:50:05.0810 3888 sffdisk - ok
16:50:05.0826 3888 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
16:50:05.0826 3888 sffp_sd - ok
16:50:05.0857 3888 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:50:05.0857 3888 Sfloppy - ok
16:50:05.0935 3888 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
16:50:05.0951 3888 SharedAccess - ok
16:50:05.0998 3888 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:50:05.0998 3888 ShellHWDetection - ok
16:50:06.0076 3888 Shockprf (2108fc5934843e5f346a715e71fa79f9) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
16:50:06.0076 3888 Shockprf - ok
16:50:06.0076 3888 Simbad - ok
16:50:06.0107 3888 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
16:50:06.0123 3888 sisagp - ok
16:50:06.0185 3888 SkypeUpdate (ea396139541706b4b433641d62ea53ce) C:\Program Files\Skype\Updater\Updater.exe
16:50:06.0201 3888 SkypeUpdate - ok
16:50:06.0232 3888 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:50:06.0232 3888 SLIP - ok
16:50:06.0419 3888 SNP2UVC (1ef34706531b188d1ce12127d8233e87) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
16:50:06.0451 3888 SNP2UVC - ok
16:50:06.0623 3888 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
16:50:06.0623 3888 Sparrow - ok
16:50:06.0669 3888 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:50:06.0669 3888 splitter - ok
16:50:06.0716 3888 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
16:50:06.0716 3888 Spooler - ok
16:50:06.0779 3888 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:50:06.0779 3888 sr - ok
16:50:06.0841 3888 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
16:50:06.0841 3888 srservice - ok
16:50:06.0919 3888 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:50:06.0935 3888 Srv - ok
16:50:06.0982 3888 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
16:50:06.0982 3888 SSDPSRV - ok
16:50:07.0044 3888 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
16:50:07.0060 3888 stisvc - ok
16:50:07.0091 3888 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:50:07.0091 3888 streamip - ok
16:50:07.0294 3888 SUService (c2191c1a5dfed0795e3d3b68905b195b) c:\program files\lenovo\system update\suservice.exe
16:50:07.0294 3888 SUService - ok
16:50:07.0310 3888 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:50:07.0310 3888 swenum - ok
16:50:07.0326 3888 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:50:07.0326 3888 swmidi - ok
16:50:07.0326 3888 SwPrv - ok
16:50:07.0357 3888 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
16:50:07.0357 3888 symc810 - ok
16:50:07.0404 3888 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:50:07.0404 3888 symc8xx - ok
16:50:07.0404 3888 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:50:07.0404 3888 sym_hi - ok
16:50:07.0419 3888 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:50:07.0419 3888 sym_u3 - ok
16:50:07.0466 3888 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:50:07.0466 3888 sysaudio - ok
16:50:07.0513 3888 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
16:50:07.0513 3888 SysmonLog - ok
16:50:07.0560 3888 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
16:50:07.0576 3888 TapiSrv - ok
16:50:07.0654 3888 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:50:07.0669 3888 Tcpip - ok
16:50:07.0701 3888 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:50:07.0701 3888 TDPIPE - ok
16:50:07.0716 3888 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:50:07.0716 3888 TDTCP - ok
16:50:07.0748 3888 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:50:07.0748 3888 TermDD - ok
16:50:07.0826 3888 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
16:50:07.0826 3888 TermService - ok
16:50:07.0888 3888 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:50:07.0888 3888 Themes - ok
16:50:08.0107 3888 ThinkVantage Registry Monitor Service (1c7b8e69bf9557a17a17f2120892acf9) c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
16:50:08.0123 3888 ThinkVantage Registry Monitor Service - ok
16:50:08.0169 3888 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
16:50:08.0169 3888 TlntSvr - ok
16:50:08.0201 3888 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
16:50:08.0201 3888 TosIde - ok
16:50:08.0232 3888 TPDIGIMN (1282722cf2cc5a88a606b8022d0f8b7e) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
16:50:08.0232 3888 TPDIGIMN - ok
16:50:08.0294 3888 TPHDEXLGSVC (5a726e3cc83655ef71912c4775d004f9) C:\WINDOWS\system32\TPHDEXLG.exe
16:50:08.0310 3888 TPHDEXLGSVC - ok
16:50:08.0357 3888 TPHKDRV (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
16:50:08.0357 3888 TPHKDRV - ok
16:50:08.0404 3888 TPHKSVC (bd87cdc95d68a096268a3efac6c2fe5d) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
16:50:08.0419 3888 TPHKSVC - ok
16:50:08.0435 3888 tpm (3724dff72b0f5307cf761cc91c2bb9f7) C:\WINDOWS\system32\DRIVERS\tpm.sys
16:50:08.0435 3888 tpm - ok
16:50:08.0482 3888 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
16:50:08.0482 3888 TPPWRIF - ok
16:50:08.0544 3888 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
16:50:08.0544 3888 TrkWks - ok
16:50:08.0576 3888 TSMAPIP (f10f36e20448a5500a5f83f67ee4aad4) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
16:50:08.0576 3888 TSMAPIP - ok
16:50:08.0732 3888 TSSCoreService (ddd4a2c9a37b93c7d8a539f785572565) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
16:50:08.0748 3888 TSSCoreService - ok
16:50:08.0810 3888 TVT Backup Protection Service (1aa675a55e169bc45b5685355bec2c66) C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
16:50:08.0810 3888 TVT Backup Protection Service - ok
16:50:08.0919 3888 TVT Backup Service (ff86960cf29eab25cddecc92cbba43d4) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
16:50:08.0935 3888 TVT Backup Service - ok
16:50:09.0169 3888 TVT Scheduler (49851e0177f2044184c125e919d1917c) c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
16:50:09.0185 3888 TVT Scheduler - ok
16:50:09.0419 3888 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
16:50:09.0419 3888 tvtfilter - ok
16:50:09.0435 3888 TVTI2C (7e66dda1ef146bfc3a6e36e08e036602) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
16:50:09.0435 3888 TVTI2C - ok
16:50:09.0576 3888 TVT_UpdateMonitor (22a001f3fbb92e3811c3bfd8fdad3ed3) C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
16:50:09.0576 3888 TVT_UpdateMonitor - ok
16:50:09.0638 3888 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:50:09.0638 3888 Udfs - ok
16:50:09.0685 3888 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
16:50:09.0685 3888 ultra - ok
16:50:09.0716 3888 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
16:50:09.0716 3888 UMWdf - ok
16:50:09.0779 3888 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:50:09.0779 3888 Update - ok
16:50:09.0841 3888 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
16:50:09.0841 3888 upnphost - ok
16:50:09.0857 3888 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
16:50:09.0873 3888 UPS - ok
16:50:09.0904 3888 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
16:50:09.0904 3888 USBAAPL - ok
16:50:09.0951 3888 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:50:09.0951 3888 usbccgp - ok
16:50:10.0013 3888 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:50:10.0013 3888 usbehci - ok
16:50:10.0029 3888 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:50:10.0029 3888 usbhub - ok
16:50:10.0091 3888 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:50:10.0091 3888 usbprint - ok
16:50:10.0138 3888 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:50:10.0138 3888 usbscan - ok
16:50:10.0185 3888 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:50:10.0185 3888 USBSTOR - ok
16:50:10.0232 3888 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:50:10.0232 3888 usbuhci - ok
16:50:10.0294 3888 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
16:50:10.0310 3888 usbvideo - ok
16:50:10.0341 3888 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:50:10.0341 3888 VgaSave - ok
16:50:10.0373 3888 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
16:50:10.0373 3888 viaagp - ok
16:50:10.0388 3888 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
16:50:10.0388 3888 ViaIde - ok
16:50:10.0435 3888 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:50:10.0435 3888 VolSnap - ok
16:50:10.0544 3888 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
16:50:10.0560 3888 VSS - ok
16:50:10.0607 3888 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
16:50:10.0623 3888 W32Time - ok
16:50:10.0638 3888 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:50:10.0638 3888 Wanarp - ok
16:50:10.0748 3888 Wdf01000 (8b35229d2761bc8ed526cb69e4f6685e) C:\WINDOWS\system32\Drivers\wdf01000.sys
16:50:10.0748 3888 Wdf01000 - ok
16:50:10.0763 3888 WDICA - ok
16:50:10.0810 3888 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:50:10.0810 3888 wdmaud - ok
16:50:10.0873 3888 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
16:50:10.0873 3888 WebClient - ok
16:50:10.0998 3888 winachsf (ed10a3d367dd5596506022d5e2a3cba0) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:50:11.0013 3888 winachsf - ok
16:50:11.0123 3888 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
16:50:11.0138 3888 winmgmt - ok
16:50:11.0326 3888 WMConnectCDS (cd99c9feae87c1963273f6b150251e33) C:\Program Files\Windows Media Connect 2\wmccds.exe
16:50:11.0341 3888 WMConnectCDS - ok
16:50:11.0357 3888 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
16:50:11.0357 3888 WmdmPmSN - ok
16:50:11.0451 3888 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
16:50:11.0466 3888 Wmi - ok
16:50:11.0560 3888 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:50:11.0560 3888 WmiAcpi - ok
16:50:11.0638 3888 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:50:11.0654 3888 WmiApSrv - ok
16:50:11.0701 3888 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
16:50:11.0701 3888 WpdUsb - ok
16:50:11.0748 3888 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:50:11.0748 3888 WS2IFSL - ok
16:50:11.0810 3888 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
16:50:11.0810 3888 wscsvc - ok
16:50:11.0826 3888 WSearch - ok
16:50:11.0888 3888 WSIMD (21ac4f228f3d36876a42277c76a766c0) C:\WINDOWS\system32\DRIVERS\wsimd.sys
16:50:11.0888 3888 WSIMD - ok
16:50:11.0935 3888 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:50:11.0935 3888 WSTCODEC - ok
16:50:11.0982 3888 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
16:50:11.0982 3888 wuauserv - ok
16:50:12.0029 3888 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
16:50:12.0044 3888 WZCSVC - ok
16:50:12.0076 3888 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
16:50:12.0091 3888 xmlprov - ok
16:50:12.0107 3888 MBR (0x1B8) (6c8a14fa1c7d0cde471c7f474b55d28a) \Device\Harddisk0\DR0
16:50:12.0857 3888 \Device\Harddisk0\DR0 - ok
16:50:12.0919 3888 Boot (0x1200) (23e93a79ba7cdf5216c03c80fc67a6aa) \Device\Harddisk0\DR0\Partition0
16:50:12.0919 3888 \Device\Harddisk0\DR0\Partition0 - ok
16:50:12.0919 3888 ============================================================
16:50:12.0919 3888 Scan finished
16:50:12.0919 3888 ============================================================
16:50:12.0935 0548 Detected object count: 0
16:50:12.0935 0548 Actual detected object count: 0

Edited by PlutoISaPlanet, 04 August 2012 - 06:58 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:23 AM

Posted 04 August 2012 - 07:05 PM

ok let me have the aswMBR report please



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 PlutoISaPlanet

PlutoISaPlanet
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 04 August 2012 - 09:58 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-04 16:54:47
-----------------------------
16:54:47.419 OS Version: Windows 5.1.2600 Service Pack 3
16:54:47.419 Number of processors: 2 586 0x170A
16:54:47.419 ComputerName: user_R500 UserName: user
16:54:51.388 Initialize success
16:58:57.029 AVAST engine defs: 12080401
16:59:00.966 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:59:00.966 Disk 0 Vendor: Hitachi_ JE3O Size: 476940MB BusType: 3
16:59:01.013 Disk 0 MBR read successfully
16:59:01.013 Disk 0 MBR scan
16:59:01.076 Disk 0 unknown MBR code
16:59:01.091 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 470735 MB offset 63
16:59:01.138 Disk 0 Partition 2 00 12 Compaq diag MSDOS5.0 6201 MB offset 964066320
16:59:01.435 Disk 0 scanning sectors +976767120
16:59:01.560 Disk 0 scanning C:\WINDOWS\system32\drivers
16:59:32.498 Service scanning
17:00:01.263 Service MpKsl42d174ff c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{97BCABE1-1B33-4B32-973B-56B72348DB59}\MpKsl42d174ff.sys **LOCKED** 32
17:00:35.904 Modules scanning
17:00:49.685 Disk 0 trace - called modules:
17:00:49.716 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
17:00:49.716 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac53ab8]
17:00:49.732 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000087[0x8acb4440]
17:00:49.732 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a718028]
17:00:53.029 AVAST engine scan C:\WINDOWS
17:01:18.201 AVAST engine scan C:\WINDOWS\system32
17:10:36.138 AVAST engine scan C:\WINDOWS\system32\drivers
17:11:32.123 AVAST engine scan C:\Documents and Settings\user.DOMAIN
17:14:03.529 File: C:\Documents and Settings\user.DOMAIN\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com\components\xpcomponent.dll **INFECTED** Win32:Adware-gen [Adw]
17:14:13.654 File: C:\Documents and Settings\user.DOMAIN\Application Data\Mozilla\Firefox\Profiles\1ya1nklm.default\extensions\links@rivalgaming.com\components\xpcomponent.dll **INFECTED** Win32:Adware-gen [Adw]
17:39:09.877 AVAST engine scan C:\Documents and Settings\All Users
17:42:30.128 Scan finished successfully
19:56:52.044 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user.DOMAIN\Desktop\MBR.dat"
19:56:52.044 The log file has been saved successfully to "C:\Documents and Settings\user.DOMAIN\Desktop\aswMBR.txt"

Thanks!

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:23 AM

Posted 04 August 2012 - 11:49 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache:: 

Folder::
C:\Documents and Settings\user.DOMAIN\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
C:\Documents and Settings\user.DOMAIN\Application Data\Mozilla\Firefox\Profiles\1ya1nklm.default\extensions\links@rivalgaming.com
c:\documents and settings\USER.DOMAIN\Application Data\searchquband
c:\documents and settings\USER.DOMAIN\Local Settings\Application Data\Ilivid Player
c:\program files\iLivid
c:\documents and settings\USER.DOMAIN\Application Data\searchqutoolbar
c:\documents and settings\All Users\Application Data\boost_interprocess
c:\program files\Searchqu Toolbar
c:\program files\Video Download Converter
c:\program files\VideoDownloadConverter_4z
c:\progra~1\SEARCH~1

FireFox::
FF - ProfilePath - c:\documents and settings\USER.DOMAIN\Application Data\Mozilla\Firefox\Profiles\1ya1nklm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=390&systemid=406&sr=0&q=

DDS::
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=HJman000&ptb=9B8EECDD-DA80-43FA-805B-12E713BE7C38&si=5

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 PlutoISaPlanet

PlutoISaPlanet
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 05 August 2012 - 01:37 AM

ComboFix 12-08-05.02 - rDOMAIN 08/04/2012 23:15:02.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3032.2049 [GMT -7:00]
Running from: c:\documents and settings\rDOMAIN.DOMAIN\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\rDOMAIN.DOMAIN\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\boost_interprocess
c:\documents and settings\All Users\Application Data\boost_interprocess\F0A9E2667E5BCD01\{1832B446-3F6D-4880-99C1-0B3B26170D94}
c:\documents and settings\All Users\Application Data\TEMP
c:\progra~1\SEARCH~1
c:\progra~1\SEARCH~1\Datamngr\BrowserConnection.dll
c:\progra~1\SEARCH~1\Datamngr\datamngr.dll
c:\progra~1\SEARCH~1\Datamngr\datamngrUI.exe
c:\progra~1\SEARCH~1\Datamngr\DnsBHO.dll
c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\chrome.manifest
c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\chrome.manifest.alt
c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt
c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\components\DataMngrHlpFF10.dll
c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\components\DataMngrHlpFF11.dll
c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\components\DataMngrHlpFF12.dll
c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\components\DataMngrHlpFF13.dll
c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll
c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll
c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll
c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll
c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll
c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\components\DataMngrHlpFF8.dll
c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\components\DataMngrHlpFF9.dll
c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\content\DataMngr.js
c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\content\DnsBHO.js
c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\content\Error404BHO.js
c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\content\NewTabBHO.js
c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\content\overlay.js
c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\content\overlay.xul
c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\content\RelatedSearch.js
c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\content\RequestPreserver.js
c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\content\SearchBHO.js
c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\content\SettingManager.js
c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\content\Settings.xml
c:\progra~1\SEARCH~1\Datamngr\FirefoxExtension\install.rdf
c:\progra~1\SEARCH~1\Datamngr\IEBHO.dll
c:\progra~1\SEARCH~1\Datamngr\ToolBar\as_guid.dat
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\bandoocode.js
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\data\search\engines.xml
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\data\search\search.xsl
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\about.xml
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\bandoocode.js
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\external.js
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\vmncode.js
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\modules\datastore.jsm
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\neterror.xhtml
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\partner.coupons.xml
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\preferences.xml
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\radiobeta.js
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\template.xml
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\toolbar.htm
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\toolbar.xul
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\vmncode.js
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\content\vmnrsswin.xml
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\babylon_logo.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\bandoo.css
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\bluelite.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\bluesky.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn-search-over.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn-search.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn-settings-over.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn-settings.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn-widgets.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn_settings.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\ca.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\dictionary.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\divider.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\downloadcom.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\dtxlogo.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\ebay.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\email.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\email_on.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\facebook.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\games.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred0.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred0_5.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred1.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred1_5.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred2.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred2_5.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred3.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred3_5.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred4.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred4_5.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred5.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphredna.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\grey.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\ico-shield.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\icon_amazon.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\icon_games.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\icon_radio_png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\icon_seperator_png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\icon_twitter.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\icon_youtube.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\images.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\imesh.css
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\add.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\aol.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\blank.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\checkmark.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\chevron.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\collapse.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\comcast.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\dtx.css
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\edit-back.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\expand.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\found.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\gmail.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\highlight.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\hotmail.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\ico-check.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\imap.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\lock.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\mailcom.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\modify.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\move.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\movetarget.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\pop.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\reload.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\remove.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\rename.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\rss.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\search-go.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\search.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\throbber.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\yahoo.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\lichen.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\logo-about.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\logo-over.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\logo-separator.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\logo.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\mail.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\maps.bmp
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\modify-save.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\modify.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\modifyhot.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\music.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\news.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\options\options-main.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\options\options-search.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\options\options-weather.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\options\options-weather.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\options\options-widgets.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\orange.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\pixsy.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\protect-id.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\radiobeta.ico
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\relatedlinks.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-collapse.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-delete.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-expand.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-feed.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-folder.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-found.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-reload.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-subscribe.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\rssback.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\rsstopback.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\search-over.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\search.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\search_button_over_png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\search_button_png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\settings.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\shopping.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\siteinfo.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin-bluelite.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin-bluesky.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin-grey.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin-lichen.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin-orange.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin-yellow.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin.xml
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\technorati.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\throbber.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\translate.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\video.bmp
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\vmn.css
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\vmn.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\weather.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\web.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\wikipedia.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\yahoosearch.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\yellow.gif
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\youtube.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\chrome\skin\zoom.png
c:\progra~1\SEARCH~1\Datamngr\ToolBar\components\windowmediator.js
c:\progra~1\SEARCH~1\Datamngr\ToolBar\dtUser.exe
c:\progra~1\SEARCH~1\Datamngr\ToolBar\manifest.xml
c:\progra~1\SEARCH~1\Datamngr\ToolBar\searchquband.dll
c:\progra~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
c:\progra~1\SEARCH~1\Datamngr\ToolBar\uninstall.exe
c:\progra~1\SEARCH~1\sysid.ini
c:\progra~1\SEARCH~1\uninstall.exe
c:\program files\iLivid
c:\program files\iLivid\fantastic\fantasticInst.exe
c:\program files\iLivid\fantastic\icon.ico
c:\program files\iLivid\ftalk.ico
c:\program files\iLivid\Helper.dll
c:\program files\iLivid\ilivid.exe
c:\program files\iLivid\ilivid.ico
c:\program files\iLivid\imageformats\qgif4.dll
c:\program files\iLivid\imageformats\qjpeg4.dll
c:\program files\iLivid\libeay32.dll
c:\program files\iLivid\libgcc_s_dw2-1.dll
c:\program files\iLivid\mingwm10.dll
c:\program files\iLivid\phonon4.dll
c:\program files\iLivid\QtCore4.dll
c:\program files\iLivid\QtGui4.dll
c:\program files\iLivid\QtNetwork4.dll
c:\program files\iLivid\QtScript4.dll
c:\program files\iLivid\QtSvg4.dll
c:\program files\iLivid\QtWebKit4.dll
c:\program files\iLivid\QtXmlPatterns4.dll
c:\program files\iLivid\script.qscript
c:\program files\iLivid\script1.81.qscript
c:\program files\iLivid\ssleay32.dll
c:\program files\iLivid\uninstall.exe
c:\program files\Searchqu Toolbar\Datamngr\BrowserConnection.dll
c:\program files\Searchqu Toolbar\Datamngr\datamngr.dll
c:\program files\Searchqu Toolbar\Datamngr\datamngrUI.exe
c:\program files\Searchqu Toolbar\Datamngr\DnsBHO.dll
c:\program files\Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest
c:\program files\Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest.alt
c:\program files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt
c:\program files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF10.dll
c:\program files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF11.dll
c:\program files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF12.dll
c:\program files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF13.dll
c:\program files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll
c:\program files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll
c:\program files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll
c:\program files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll
c:\program files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll
c:\program files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF8.dll
c:\program files\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF9.dll
c:\program files\Searchqu Toolbar\Datamngr\FirefoxExtension\content\DataMngr.js
c:\program files\Searchqu Toolbar\Datamngr\FirefoxExtension\content\DnsBHO.js
c:\program files\Searchqu Toolbar\Datamngr\FirefoxExtension\content\Error404BHO.js
c:\program files\Searchqu Toolbar\Datamngr\FirefoxExtension\content\NewTabBHO.js
c:\program files\Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.js
c:\program files\Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.xul
c:\program files\Searchqu Toolbar\Datamngr\FirefoxExtension\content\RelatedSearch.js
c:\program files\Searchqu Toolbar\Datamngr\FirefoxExtension\content\RequestPreserver.js
c:\program files\Searchqu Toolbar\Datamngr\FirefoxExtension\content\SearchBHO.js
c:\program files\Searchqu Toolbar\Datamngr\FirefoxExtension\content\SettingManager.js
c:\program files\Searchqu Toolbar\Datamngr\FirefoxExtension\content\Settings.xml
c:\program files\Searchqu Toolbar\Datamngr\FirefoxExtension\install.rdf
c:\program files\Searchqu Toolbar\Datamngr\IEBHO.dll
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\as_guid.dat
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\template.xml
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ca.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\divider.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\games.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_amazon.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_games.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\images.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search-go.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\mail.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\music.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\news.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\settings.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\translate.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\weather.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\web.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\components\windowmediator.js
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\manifest.xml
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
c:\program files\Searchqu Toolbar\Datamngr\ToolBar\uninstall.exe
c:\program files\Searchqu Toolbar\sysid.ini
c:\program files\Searchqu Toolbar\uninstall.exe
c:\program files\Video Download Converter
c:\program files\Video Download Converter\DevComponents.DotNetBar2.dll
c:\program files\Video Download Converter\ffmpeg.exe
c:\program files\Video Download Converter\FLVPlayer.exe
c:\program files\Video Download Converter\unins000.dat
c:\program files\Video Download Converter\unins000.exe
c:\program files\Video Download Converter\Video Download Converter.exe
c:\program files\Video Download Converter\Video Download Converter.exe.config
c:\program files\VideoDownloadConverter_4z
c:\program files\VideoDownloadConverter_4z\bar\1.bin\4zauxstb.dll
c:\program files\VideoDownloadConverter_4z\bar\1.bin\4zdatact.dll
c:\program files\VideoDownloadConverter_4z\bar\1.bin\4zdlghk.dll
c:\program files\VideoDownloadConverter_4z\bar\1.bin\4zdyn.dll
c:\program files\VideoDownloadConverter_4z\bar\1.bin\4zfeedmg.dll
c:\program files\VideoDownloadConverter_4z\bar\1.bin\4zhighin.exe
c:\program files\VideoDownloadConverter_4z\bar\1.bin\4zhtmlmu.dll
c:\program files\VideoDownloadConverter_4z\bar\1.bin\4zhttpct.dll
c:\program files\VideoDownloadConverter_4z\bar\1.bin\4zidle.dll
c:\program files\VideoDownloadConverter_4z\bar\1.bin\4zieovr.dll
c:\program files\VideoDownloadConverter_4z\bar\1.bin\4zimpipe.exe
c:\program files\VideoDownloadConverter_4z\bar\1.bin\4zmedint.exe
c:\program files\VideoDownloadConverter_4z\bar\1.bin\4zmlbtn.dll
c:\program files\VideoDownloadConverter_4z\bar\1.bin\4zmsg.dll
c:\program files\VideoDownloadConverter_4z\bar\1.bin\4zPlugin.dll
c:\program files\VideoDownloadConverter_4z\bar\1.bin\4zradio.dll
c:\program files\VideoDownloadConverter_4z\bar\1.bin\4zregfft.dll
c:\program files\VideoDownloadConverter_4z\bar\1.bin\4zreghk.dll
c:\program files\VideoDownloadConverter_4z\bar\1.bin\4zregiet.dll
c:\program files\VideoDownloadConverter_4z\bar\1.bin\4zscript.dll
c:\program files\VideoDownloadConverter_4z\bar\1.bin\4zskin.dll
c:\program files\VideoDownloadConverter_4z\bar\1.bin\4zsknlcr.dll
c:\program files\VideoDownloadConverter_4z\bar\1.bin\4zskplay.exe
c:\program files\VideoDownloadConverter_4z\bar\1.bin\4ztpinst.dll
c:\program files\VideoDownloadConverter_4z\bar\1.bin\4zuabtn.dll
c:\program files\VideoDownloadConverter_4z\bar\1.bin\CHROME.MANIFEST
c:\program files\VideoDownloadConverter_4z\bar\1.bin\chrome\4zffxtbr.jar
c:\program files\VideoDownloadConverter_4z\bar\1.bin\CREXT.DLL
c:\program files\VideoDownloadConverter_4z\bar\1.bin\CrExtP4z.exe
c:\program files\VideoDownloadConverter_4z\bar\1.bin\INSTALL.RDF
c:\program files\VideoDownloadConverter_4z\bar\1.bin\installKeys.js
c:\program files\VideoDownloadConverter_4z\bar\1.bin\LOGO.BMP
c:\program files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll
c:\program files\VideoDownloadConverter_4z\bar\1.bin\T8EXTEX.DLL
c:\program files\VideoDownloadConverter_4z\bar\1.bin\T8EXTPEX.DLL
c:\program files\VideoDownloadConverter_4z\bar\1.bin\T8HTML.DLL
c:\program files\VideoDownloadConverter_4z\bar\1.bin\T8RES.DLL
c:\program files\VideoDownloadConverter_4z\bar\1.bin\T8TICKER.DLL
c:\program files\VideoDownloadConverter_4z\bar\1.bin\ThirdPartyInstallers\VDC_Silent.exe
c:\program files\VideoDownloadConverter_4z\bar\Cache\2ED1078A
c:\program files\VideoDownloadConverter_4z\bar\Cache\2ED11E3F
c:\program files\VideoDownloadConverter_4z\bar\Cache\2ED13B8B.bmp
c:\program files\VideoDownloadConverter_4z\bar\Cache\2ED14CD1.bmp
c:\program files\VideoDownloadConverter_4z\bar\Cache\2ED152BC.bmp
c:\program files\VideoDownloadConverter_4z\bar\Cache\2ED15A3E.bmp
c:\program files\VideoDownloadConverter_4z\bar\Cache\2ED160A7.bmp
c:\program files\VideoDownloadConverter_4z\bar\Cache\2ED16450.bmp
c:\program files\VideoDownloadConverter_4z\bar\Cache\2ED165E6.bmp
c:\program files\VideoDownloadConverter_4z\bar\Cache\files.ini
c:\program files\VideoDownloadConverter_4z\bar\gen1\COMMON.T8S
c:\program files\VideoDownloadConverter_4z\bar\History\search3
c:\program files\VideoDownloadConverter_4z\bar\IE9Mesg\COMMON.T8S
c:\program files\VideoDownloadConverter_4z\bar\Message\COMMON.T8S
c:\program files\VideoDownloadConverter_4z\bar\Message\COMMON\8_step1.gif
c:\program files\VideoDownloadConverter_4z\bar\Message\COMMON\anemone.js
c:\program files\VideoDownloadConverter_4z\bar\Message\COMMON\bd_grad.gif
c:\program files\VideoDownloadConverter_4z\bar\Message\COMMON\hpguard.js
c:\program files\VideoDownloadConverter_4z\bar\Message\COMMON\hpguard1.htm
c:\program files\VideoDownloadConverter_4z\bar\Message\COMMON\hpguard2.htm
c:\program files\VideoDownloadConverter_4z\bar\Message\COMMON\hpp_ok.png
c:\program files\VideoDownloadConverter_4z\bar\Message\COMMON\hpp_x.png
c:\program files\VideoDownloadConverter_4z\bar\Message\COMMON\hpp_x2.png
c:\program files\VideoDownloadConverter_4z\bar\Message\COMMON\index.htm
c:\program files\VideoDownloadConverter_4z\bar\Message\COMMON\mid_dots.gif
c:\program files\VideoDownloadConverter_4z\bar\Message\COMMON\mws_logo.gif
c:\program files\VideoDownloadConverter_4z\bar\Message\COMMON\protect.htm
c:\program files\VideoDownloadConverter_4z\bar\Message\COMMON\rebut4b.htm
c:\program files\VideoDownloadConverter_4z\bar\Message\COMMON\shield.png
c:\program files\VideoDownloadConverter_4z\bar\Message\COMMON\stop.gif
c:\program files\VideoDownloadConverter_4z\bar\Message\COMMON\systrayp.htm
c:\program files\VideoDownloadConverter_4z\bar\Message\COMMON\tp_grad.gif
c:\program files\VideoDownloadConverter_4z\bar\Settings\prevcfg2.htm
c:\program files\VideoDownloadConverter_4z\bar\Settings\s_pid.dat
c:\program files\VideoDownloadConverter_4z\VideoDownloadConverter_4z\Cache\PopupProperties206581960.html
c:\program files\VideoDownloadConverter_4z\VideoDownloadConverter_4z\Cache\PopupProperties206581966.html
c:\program files\VideoDownloadConverter_4z\VideoDownloadConverter_4z\Cache\Radio.html
c:\program files\VideoDownloadConverter_4z\VideoDownloadConverter_4z\Cache\VideosBtn.html
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))
.
.
2012-08-05 06:06 . 2012-08-05 06:06 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{97BCABE1-1B33-4B32-973B-56B72348DB59}\offreg.dll
2012-08-04 23:26 . 2012-08-04 23:26 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{97BCABE1-1B33-4B32-973B-56B72348DB59}\MpKsl42d174ff.sys
2012-08-03 16:08 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{97BCABE1-1B33-4B32-973B-56B72348DB59}\mpengine.dll
2012-08-02 16:02 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-30 23:49 . 2012-07-30 23:49 -------- d-sh--w- c:\documents and settings\rDOMAIN\IETldCache
2012-07-29 22:50 . 2012-07-29 22:50 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-16 20:50 . 2012-07-16 20:50 -------- d-----w- c:\documents and settings\rDOMAIN.DOMAIN\Application Data\Malwarebytes
2012-07-06 14:01 . 2012-07-06 14:01 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 14:01 . 2011-07-28 21:29 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 20:46 . 2011-07-28 22:21 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19 . 2008-07-21 22:50 1866112 ------w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-07-21 22:49 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2008-07-21 22:49 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-07-21 22:50 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19 . 2009-08-07 02:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2008-07-21 22:01 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2008-07-21 22:01 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2008-07-21 22:01 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2009-08-07 02:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2008-07-21 22:49 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2008-07-21 22:01 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2008-07-21 22:01 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2009-08-07 02:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2008-07-21 22:01 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2008-07-21 22:01 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:18 . 2011-07-29 22:43 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18 . 2011-07-29 22:43 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 22:18 . 2011-07-29 22:43 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2008-07-21 22:49 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-30 04:22 . 2012-05-10 14:59 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-16 15:08 . 2008-07-21 22:50 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2008-07-21 22:49 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2008-07-21 22:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-07-21 22:49 385024 ------w- c:\windows\system32\html.iec
2011-12-11 06:17 . 2011-07-28 21:25 134104 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-29_22.29.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-04 23:25 . 2012-08-04 23:25 16384 c:\windows\Temp\Perflib_Perfdata_630.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ------w- c:\documents and settings\rDOMAIN.DOMAIN\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ------w- c:\documents and settings\rDOMAIN.DOMAIN\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ------w- c:\documents and settings\rDOMAIN.DOMAIN\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ------w- c:\documents and settings\rDOMAIN.DOMAIN\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2011-09-05 1240992]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-07 256576]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-05-28 61728]
"TpShocks"="TpShocks.exe" [2009-02-03 181536]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-07 167936]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-14 15136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-11 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-11 142872]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-01-28 185688]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-01-28 124248]
"CameraApplicationLauncher"="c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2009-03-13 16384]
"RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-04-16 417792]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-03-17 208896]
"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-05-15 40960]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-04-17 425984]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-04-17 172032]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-05 3093816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2012-06-19 2305912]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"DLCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2006-10-21 73728]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\rDOMAIN.DOMAIN\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\rDOMAIN.DOMAIN\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2011-7-28 50688]
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-3-9 5969752]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-5-14 1156968]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2011\QBW32.EXE [2012-5-14 1178984]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2008-10-27 01:41 180224 ------w- c:\windows\system32\FpWinlogonNp.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\rDOMAIN.DOMAIN\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [1/28/2009 5:57 PM 20520]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [5/10/2012 7:59 AM 242240]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [10/23/2008 1:15 AM 13480]
R1 MpKsl42d174ff;MpKsl42d174ff;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{97BCABE1-1B33-4B32-973B-56B72348DB59}\MpKsl42d174ff.sys [8/4/2012 4:26 PM 29904]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [10/26/2008 6:33 PM 1676536]
R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [10/26/2008 6:38 PM 98304]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [7/28/2011 12:36 PM 53248]
R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [6/30/2011 1:25 PM 1248256]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [5/14/2009 6:58 PM 62320]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/24/2008 3:34 PM 520192]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [7/28/2011 12:15 PM 482176]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2/22/2008 3:54 PM 37312]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/1/2011 9:09 AM 136176]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [5/14/2009 6:58 PM 45424]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/3/2012 1:19 PM 160944]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 5:50 PM 360448]
S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [10/26/2008 6:38 PM 106496]
S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [10/26/2008 6:41 PM 118784]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/1/2011 9:09 AM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/29/2012 3:50 PM 40776]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 52437199
*NewlyCreated* - ASWMBR
*NewlyCreated* - MPKSL42D174FF
*Deregistered* - 52437199
*Deregistered* - aswMBR
*Deregistered* - WAM
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-08-04 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd17cf7f79c6ee.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-01 06:15]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cd17cf80b9420a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-01 06:15]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-837682630-1215160974-2102413119-1119Core1cd07dc7bc14a9e.job
- c:\documents and settings\rDOMAIN.DOMAIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-28 06:15]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-837682630-1215160974-2102413119-1119UA.job
- c:\documents and settings\rDOMAIN.DOMAIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-28 06:15]
.
2012-08-04 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-27 00:03]
.
2012-05-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57]
.
2012-08-05 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2011-07-28 04:41]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: adp.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\rDOMAIN.DOMAIN\Application Data\Mozilla\Firefox\Profiles\1ya1nklm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=390&systemid=406&sr=0&q=
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-DATAMNGR - c:\progra~1\SEARCH~1\Datamngr\DATAMN~1.EXE
AddRemove-iLivid - c:\program files\iLivid\uninstall.exe
AddRemove-Searchqu Toolbar - c:\program files\Searchqu Toolbar\uninstall.exe
AddRemove-VDC_is1 - c:\program files\Video Download Converter\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-04 23:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1220)
c:\windows\system32\FpWinLogonNp.dll
c:\program files\Lenovo Fingerprint Software\ATCSSINT.dll
c:\program files\Lenovo Fingerprint Software\SharedResources.dll
c:\program files\Lenovo Fingerprint Software\FPResource.dll
c:\program files\Lenovo\Client Security Solution\CSS_Enroll.dll
c:\program files\Lenovo\Client Security Solution\css_banner.dll
c:\windows\system32\cssuserdatadispatcher.dll
c:\windows\system32\tvttsp.dll
c:\windows\system32\tcsrpc.dll
c:\windows\system32\igfxdev.dll
c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
Completion time: 2012-08-04 23:34:28
ComboFix-quarantined-files.txt 2012-08-05 06:34
ComboFix2.txt 2012-07-30 20:59
.
Pre-Run: 373,870,862,336 bytes free
Post-Run: 374,058,631,168 bytes free
.
- - End Of File - - E429A9D4C5C92189AE2BD441640A0825

no problems running Combofix. I'll let you know how the computer's doing after a bit of playing with it.
Thanks.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:23 AM

Posted 05 August 2012 - 03:01 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

iLivid
Java™ 6 Update 31
Searchqu Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 PlutoISaPlanet

PlutoISaPlanet
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 05 August 2012 - 03:53 PM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.05.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
rUSER :: USER_R500 [administrator]

8/5/2012 1:35:49 PM
mbam-log-2012-08-05 (13-35-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 246085
Time elapsed: 12 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:53:09 PM, on 8/5/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\DTS.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\AtService.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlcfcoms.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Intuit\QuickBooks 2011\qbhelp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Documents and Settings\USER.DOMAIN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\USER.DOMAIN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\USER.DOMAIN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\USER.DOMAIN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\USER.DOMAIN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\USER.DOMAIN\My Documents\Downloads\HijackThis.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [CreateLMBCShortCut] "C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\USER.DOMAIN\Application Data\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Intuit Data Protect.lnk = C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: QuickBooks_Standard_21.lnk = C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C2ED62BE-4FF5-4FAF-9274-3BA328DCA35C} (TimeTrackingV2.UserControl1) - https://timetracking.quickbooks.com/ocx/tts/TimeTrackingV2.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DOMAINassociates.com
O17 - HKLM\Software\..\Telephony: DomainName = DOMAINassociates.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = DOMAINassociates.com
O18 - Protocol: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\WINDOWS\system32\ADMonitor.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\WINDOWS\system32\AtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: Data Transfer Service (dtsvc) - Unknown owner - C:\WINDOWS\system32\DTS.exe
O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe

--
End of file - 17853 bytes

I'll have a good idea of how the computer's running tomorrow after working on it. Thank you for your help.

Edited by PlutoISaPlanet, 05 August 2012 - 03:54 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:23 AM

Posted 05 August 2012 - 04:09 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
      O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
      O4 - HKLM\..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
      O4 - HKLM\..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe
      O4 - HKLM\..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
      O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
      O4 - HKLM\..\Run: [CreateLMBCShortCut] "C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe"
      O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
      O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
      O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
      O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - Startup: Dropbox.lnk = C:\Documents and Settings\USER.DOMAIN\Application Data\Dropbox\bin\Dropbox.exe
      O4 - Global Startup: Intuit Data Protect.lnk = C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
      O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
      O4 - Global Startup: QuickBooks_Standard_21.lnk = C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
      O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 PlutoISaPlanet

PlutoISaPlanet
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 06 August 2012 - 03:30 PM

ESET Log:

C:\Documents and Settings\user.DOMAIN\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com\components\xpcomponent.dll probably a variant of Win32/Adware.Gamevance.CI application
C:\Documents and Settings\user.DOMAIN\Application Data\Mozilla\Firefox\Profiles\1ya1nklm.default\extensions\links@rivalgaming.com\components\xpcomponent.dll probably a variant of Win32/Adware.Gamevance.CI application
C:\Documents and Settings\user.DOMAIN\My Documents\DTLite4454-0315.exe Win32/OpenCandy application
C:\Documents and Settings\user.DOMAIN\My Documents\Downloads\Unconfirmed 10430.crdownload probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Documents and Settings\user.DOMAIN\My Documents\Downloads\VideoDownloadConvertSetup2.5.3.20.HJman000.exe probably a variant of Win32/Toolbar.MyWebSearch.L application
C:\Qoobox\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zdatact.dll.vir a variant of Win32/Toolbar.MyWebSearch.A application
C:\Qoobox\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zhtmlmu.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.B application
C:\Qoobox\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zieovr.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zPlugin.dll.vir probably a variant of Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zskin.dll.vir a variant of Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files\VideoDownloadConverter_4z\bar\1.bin\T8HTML.DLL.vir probably a variant of Win32/Toolbar.MyWebSearch.F application
C:\Qoobox\Quarantine\C\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll.vir a variant of Win32/Toolbar.SearchSuite application
C:\Qoobox\Quarantine\C\PROGRA~1\SEARCH~1\Datamngr\DnsBHO.dll.vir a variant of Win32/Toolbar.SearchSuite application
C:\Qoobox\Quarantine\C\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll.vir Win32/Toolbar.SearchSuite application
C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP445\A0046768.dll a variant of Win32/Adware.Gamevance.CG application
C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP445\A0046770.exe Win32/Adware.Gamevance.CP application
C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP445\A0046789.exe a variant of Win32/Adware.Gamevance.CJ application
C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP460\A0052339.dll probably a variant of Win32/Adware.Gamevance.CI application
C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP466\A0053659.dll a variant of Win32/Toolbar.SearchSuite application
C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP466\A0053661.dll a variant of Win32/Toolbar.SearchSuite application
C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP466\A0053675.dll Win32/Toolbar.SearchSuite application
C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP466\A0053712.dll a variant of Win32/Toolbar.MyWebSearch.A application
C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP466\A0053717.dll probably a variant of Win32/Toolbar.MyWebSearch.B application
C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP466\A0053720.dll probably a variant of Win32/Toolbar.MyWebSearch.P application
C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP466\A0053725.dll probably a variant of Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP466\A0053731.dll a variant of Win32/Toolbar.MyWebSearch.P application
C:\System Volume Information\_restore{7471DDEE-C517-42CF-B462-8B6EFDC18CC5}\RP466\A0053742.DLL probably a variant of Win32/Toolbar.MyWebSearch.F application




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users