Solved MSE detects Win32/Hoicfh.A but cannot clear issue

Status
Not open for further replies.
********* continued ************

c:\program files (x86)\iLivid
c:\program files (x86)\iLivid\fantastic\fantasticInst.exe
c:\program files (x86)\iLivid\fantastic\icon.ico
c:\program files (x86)\iLivid\ftalk.ico
c:\program files (x86)\iLivid\Helper.dll
c:\program files (x86)\iLivid\ilivid.exe
c:\program files (x86)\iLivid\ilivid.ico
c:\program files (x86)\iLivid\imageformats\qgif4.dll
c:\program files (x86)\iLivid\imageformats\qjpeg4.dll
c:\program files (x86)\iLivid\libeay32.dll
c:\program files (x86)\iLivid\libgcc_s_dw2-1.dll
c:\program files (x86)\iLivid\mingwm10.dll
c:\program files (x86)\iLivid\phonon4.dll
c:\program files (x86)\iLivid\QtCore4.dll
c:\program files (x86)\iLivid\QtGui4.dll
c:\program files (x86)\iLivid\QtNetwork4.dll
c:\program files (x86)\iLivid\QtScript4.dll
c:\program files (x86)\iLivid\QtSvg4.dll
c:\program files (x86)\iLivid\QtWebKit4.dll
c:\program files (x86)\iLivid\QtXmlPatterns4.dll
c:\program files (x86)\iLivid\script.qscript
c:\program files (x86)\iLivid\script1.81.qscript
c:\program files (x86)\iLivid\ssleay32.dll
c:\program files (x86)\iLivid\uninstall.exe
c:\program files (x86)\iLivid\VLC\activex\axvlc.dll
c:\program files (x86)\iLivid\VLC\activex\axvlc.dll.manifest
c:\program files (x86)\iLivid\VLC\activex\README.TXT
c:\program files (x86)\iLivid\VLC\activex\test.html
c:\program files (x86)\iLivid\VLC\AUTHORS.txt
c:\program files (x86)\iLivid\VLC\COPYING.txt
c:\program files (x86)\iLivid\VLC\http\.hosts
c:\program files (x86)\iLivid\VLC\http\dialogs\.hosts
c:\program files (x86)\iLivid\VLC\http\dialogs\browse
c:\program files (x86)\iLivid\VLC\http\dialogs\footer
c:\program files (x86)\iLivid\VLC\http\dialogs\input
c:\program files (x86)\iLivid\VLC\http\dialogs\main
c:\program files (x86)\iLivid\VLC\http\dialogs\mosaic
c:\program files (x86)\iLivid\VLC\http\dialogs\playlist
c:\program files (x86)\iLivid\VLC\http\dialogs\sout
c:\program files (x86)\iLivid\VLC\http\dialogs\vlm
c:\program files (x86)\iLivid\VLC\http\favicon.ico
c:\program files (x86)\iLivid\VLC\http\flash.html
c:\program files (x86)\iLivid\VLC\http\iehacks.css
c:\program files (x86)\iLivid\VLC\http\images\delete.png
c:\program files (x86)\iLivid\VLC\http\images\delete_small.png
c:\program files (x86)\iLivid\VLC\http\images\eject.png
c:\program files (x86)\iLivid\VLC\http\images\empty.png
c:\program files (x86)\iLivid\VLC\http\images\fullscreen.png
c:\program files (x86)\iLivid\VLC\http\images\help.png
c:\program files (x86)\iLivid\VLC\http\images\info.png
c:\program files (x86)\iLivid\VLC\http\images\loop.png
c:\program files (x86)\iLivid\VLC\http\images\minus.png
c:\program files (x86)\iLivid\VLC\http\images\next.png
c:\program files (x86)\iLivid\VLC\http\images\pause.png
c:\program files (x86)\iLivid\VLC\http\images\play.png
c:\program files (x86)\iLivid\VLC\http\images\playlist.png
c:\program files (x86)\iLivid\VLC\http\images\playlist_small.png
c:\program files (x86)\iLivid\VLC\http\images\plus.png
c:\program files (x86)\iLivid\VLC\http\images\prev.png
c:\program files (x86)\iLivid\VLC\http\images\refresh.png
c:\program files (x86)\iLivid\VLC\http\images\repeat.png
c:\program files (x86)\iLivid\VLC\http\images\sd.png
c:\program files (x86)\iLivid\VLC\http\images\shuffle.png
c:\program files (x86)\iLivid\VLC\http\images\slider_bar.png
c:\program files (x86)\iLivid\VLC\http\images\slider_left.png
c:\program files (x86)\iLivid\VLC\http\images\slider_point.png
c:\program files (x86)\iLivid\VLC\http\images\slider_right.png
c:\program files (x86)\iLivid\VLC\http\images\slow.png
c:\program files (x86)\iLivid\VLC\http\images\snapshot.png
c:\program files (x86)\iLivid\VLC\http\images\sort.png
c:\program files (x86)\iLivid\VLC\http\images\sout.png
c:\program files (x86)\iLivid\VLC\http\images\speaker.png
c:\program files (x86)\iLivid\VLC\http\images\speaker_mute.png
c:\program files (x86)\iLivid\VLC\http\images\stop.png
c:\program files (x86)\iLivid\VLC\http\images\vlc16x16.png
c:\program files (x86)\iLivid\VLC\http\images\volume_down.png
c:\program files (x86)\iLivid\VLC\http\images\volume_up.png
c:\program files (x86)\iLivid\VLC\http\images\white.png
c:\program files (x86)\iLivid\VLC\http\images\white_cross_small.png
c:\program files (x86)\iLivid\VLC\http\index.html
c:\program files (x86)\iLivid\VLC\http\js\functions.js
c:\program files (x86)\iLivid\VLC\http\js\mosaic.js
c:\program files (x86)\iLivid\VLC\http\js\vlm.js
c:\program files (x86)\iLivid\VLC\http\mosaic.html
c:\program files (x86)\iLivid\VLC\http\requests\browse.xml
c:\program files (x86)\iLivid\VLC\http\requests\playlist.xml
c:\program files (x86)\iLivid\VLC\http\requests\readme.txt
c:\program files (x86)\iLivid\VLC\http\requests\status.xml
c:\program files (x86)\iLivid\VLC\http\requests\vlm.xml
c:\program files (x86)\iLivid\VLC\http\requests\vlm_cmd.xml
c:\program files (x86)\iLivid\VLC\http\style.css
c:\program files (x86)\iLivid\VLC\http\vlm.html
c:\program files (x86)\iLivid\VLC\http\vlm_export.html
c:\program files (x86)\iLivid\VLC\languages\bengali.nsh
c:\program files (x86)\iLivid\VLC\languages\brazilian_portuguese.nsh
c:\program files (x86)\iLivid\VLC\languages\bulgarian.nsh
c:\program files (x86)\iLivid\VLC\languages\catalan.nsh
c:\program files (x86)\iLivid\VLC\languages\danish.nsh
c:\program files (x86)\iLivid\VLC\languages\declaration.nsh
c:\program files (x86)\iLivid\VLC\languages\dutch.nsh
c:\program files (x86)\iLivid\VLC\languages\english.nsh
c:\program files (x86)\iLivid\VLC\languages\estonian.nsh
c:\program files (x86)\iLivid\VLC\languages\finnish.nsh
c:\program files (x86)\iLivid\VLC\languages\french.nsh
c:\program files (x86)\iLivid\VLC\languages\german.nsh
c:\program files (x86)\iLivid\VLC\languages\hungarian.nsh
c:\program files (x86)\iLivid\VLC\languages\italian.nsh
c:\program files (x86)\iLivid\VLC\languages\japanese.nsh
c:\program files (x86)\iLivid\VLC\languages\lithuanian.nsh
c:\program files (x86)\iLivid\VLC\languages\occitan.nsh
c:\program files (x86)\iLivid\VLC\languages\polish.nsh
c:\program files (x86)\iLivid\VLC\languages\punjabi.nsh
c:\program files (x86)\iLivid\VLC\languages\romanian.nsh
c:\program files (x86)\iLivid\VLC\languages\schinese.nsh
c:\program files (x86)\iLivid\VLC\languages\slovak.nsh
c:\program files (x86)\iLivid\VLC\languages\slovenian.nsh
c:\program files (x86)\iLivid\VLC\languages\sorani.nsh
c:\program files (x86)\iLivid\VLC\languages\spanish.nsh
c:\program files (x86)\iLivid\VLC\libvlc.dll
c:\program files (x86)\iLivid\VLC\libvlc.dll.manifest
c:\program files (x86)\iLivid\VLC\libvlccore.dll
c:\program files (x86)\iLivid\VLC\locale\ach\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\af\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\am\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\ar\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\ast\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\be\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\bg\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\bn\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\br\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\ca\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\cgg\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\ckb\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\co\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\cs\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\da\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\de\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\el\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\en_GB\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\es\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\et\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\eu\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\fa\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\ff\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\fi\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\fr\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\fur\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\ga\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\gl\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\he\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\hi\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\hr\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\hu\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\hy\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\id\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\is\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\it\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\ja\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\ka\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\kk\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\km\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\ko\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\lg\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\lt\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\lv\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\mk\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\ml\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\mn\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\ms\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\my\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\nb\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\ne\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\nl\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\nn\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\oc\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\pa\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\pl\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\ps\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\pt_BR\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\pt_PT\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\ro\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\ru\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\si\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\sk\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\sl\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\sq\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\sr\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\sv\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\ta\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\tet\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\th\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\tl\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\tr\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\uk\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\vi\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\wa\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\zh_CN\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\zh_TW\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\locale\zu\LC_MESSAGES\vlc.mo
c:\program files (x86)\iLivid\VLC\lua\extensions\allocine-fr.lua
c:\program files (x86)\iLivid\VLC\lua\extensions\imdb.lua
c:\program files (x86)\iLivid\VLC\lua\extensions\README.txt
c:\program files (x86)\iLivid\VLC\lua\http\.hosts
c:\program files (x86)\iLivid\VLC\lua\http\custom.lua
c:\program files (x86)\iLivid\VLC\lua\http\dialogs\.hosts
c:\program files (x86)\iLivid\VLC\lua\http\dialogs\browse
c:\program files (x86)\iLivid\VLC\lua\http\dialogs\footer
c:\program files (x86)\iLivid\VLC\lua\http\dialogs\input
c:\program files (x86)\iLivid\VLC\lua\http\dialogs\main
c:\program files (x86)\iLivid\VLC\lua\http\dialogs\mosaic
c:\program files (x86)\iLivid\VLC\lua\http\dialogs\playlist
c:\program files (x86)\iLivid\VLC\lua\http\dialogs\sout
c:\program files (x86)\iLivid\VLC\lua\http\dialogs\vlm
c:\program files (x86)\iLivid\VLC\lua\http\favicon.ico
c:\program files (x86)\iLivid\VLC\lua\http\flash.html
c:\program files (x86)\iLivid\VLC\lua\http\iehacks.css
c:\program files (x86)\iLivid\VLC\lua\http\images\delete.png
c:\program files (x86)\iLivid\VLC\lua\http\images\delete_small.png
c:\program files (x86)\iLivid\VLC\lua\http\images\eject.png
c:\program files (x86)\iLivid\VLC\lua\http\images\empty.png
c:\program files (x86)\iLivid\VLC\lua\http\images\fullscreen.png
c:\program files (x86)\iLivid\VLC\lua\http\images\help.png
c:\program files (x86)\iLivid\VLC\lua\http\images\info.png
c:\program files (x86)\iLivid\VLC\lua\http\images\loop.png
c:\program files (x86)\iLivid\VLC\lua\http\images\minus.png
c:\program files (x86)\iLivid\VLC\lua\http\images\next.png
c:\program files (x86)\iLivid\VLC\lua\http\images\pause.png
c:\program files (x86)\iLivid\VLC\lua\http\images\play.png
c:\program files (x86)\iLivid\VLC\lua\http\images\playlist.png
c:\program files (x86)\iLivid\VLC\lua\http\images\playlist_small.png
c:\program files (x86)\iLivid\VLC\lua\http\images\plus.png
c:\program files (x86)\iLivid\VLC\lua\http\images\prev.png
c:\program files (x86)\iLivid\VLC\lua\http\images\refresh.png
c:\program files (x86)\iLivid\VLC\lua\http\images\repeat.png
c:\program files (x86)\iLivid\VLC\lua\http\images\reset.png
c:\program files (x86)\iLivid\VLC\lua\http\images\sd.png
c:\program files (x86)\iLivid\VLC\lua\http\images\shuffle.png
c:\program files (x86)\iLivid\VLC\lua\http\images\slider_bar.png
c:\program files (x86)\iLivid\VLC\lua\http\images\slider_left.png
c:\program files (x86)\iLivid\VLC\lua\http\images\slider_point.png
c:\program files (x86)\iLivid\VLC\lua\http\images\slider_right.png
c:\program files (x86)\iLivid\VLC\lua\http\images\slow.png
c:\program files (x86)\iLivid\VLC\lua\http\images\snapshot.png
c:\program files (x86)\iLivid\VLC\lua\http\images\sort.png
c:\program files (x86)\iLivid\VLC\lua\http\images\sout.png
c:\program files (x86)\iLivid\VLC\lua\http\images\speaker.png
c:\program files (x86)\iLivid\VLC\lua\http\images\speaker_mute.png
c:\program files (x86)\iLivid\VLC\lua\http\images\stop.png
c:\program files (x86)\iLivid\VLC\lua\http\images\vlc16x16.png
c:\program files (x86)\iLivid\VLC\lua\http\images\volume_down.png
c:\program files (x86)\iLivid\VLC\lua\http\images\volume_up.png
c:\program files (x86)\iLivid\VLC\lua\http\images\white.png
c:\program files (x86)\iLivid\VLC\lua\http\images\white_cross_small.png
c:\program files (x86)\iLivid\VLC\lua\http\index.html
c:\program files (x86)\iLivid\VLC\lua\http\js\functions.js
c:\program files (x86)\iLivid\VLC\lua\http\js\mosaic.js
c:\program files (x86)\iLivid\VLC\lua\http\js\vlm.js
c:\program files (x86)\iLivid\VLC\lua\http\mosaic.html
c:\program files (x86)\iLivid\VLC\lua\http\requests\browse.xml
c:\program files (x86)\iLivid\VLC\lua\http\requests\playlist.xml
c:\program files (x86)\iLivid\VLC\lua\http\requests\readme.txt
c:\program files (x86)\iLivid\VLC\lua\http\requests\status.xml
c:\program files (x86)\iLivid\VLC\lua\http\requests\vlm.xml
c:\program files (x86)\iLivid\VLC\lua\http\requests\vlm_cmd.xml
c:\program files (x86)\iLivid\VLC\lua\http\style.css
c:\program files (x86)\iLivid\VLC\lua\http\vlm.html
c:\program files (x86)\iLivid\VLC\lua\http\vlm_export.html
c:\program files (x86)\iLivid\VLC\lua\intf\dummy.lua
c:\program files (x86)\iLivid\VLC\lua\intf\dumpmeta.lua
c:\program files (x86)\iLivid\VLC\lua\intf\hotkeys.lua
c:\program files (x86)\iLivid\VLC\lua\intf\http.lua
c:\program files (x86)\iLivid\VLC\lua\intf\luac.lua
c:\program files (x86)\iLivid\VLC\lua\intf\modules\common.lua
c:\program files (x86)\iLivid\VLC\lua\intf\modules\host.lua
c:\program files (x86)\iLivid\VLC\lua\intf\rc.lua
c:\program files (x86)\iLivid\VLC\lua\intf\README.txt
c:\program files (x86)\iLivid\VLC\lua\intf\telnet.lua
c:\program files (x86)\iLivid\VLC\lua\meta\art\01_googleimage.lua
c:\program files (x86)\iLivid\VLC\lua\meta\art\02_frenchtv.lua
c:\program files (x86)\iLivid\VLC\lua\meta\art\03_lastfm.lua
c:\program files (x86)\iLivid\VLC\lua\meta\art\04_musicbrainz.lua
c:\program files (x86)\iLivid\VLC\lua\meta\art\README.txt
c:\program files (x86)\iLivid\VLC\lua\meta\fetcher\README.txt
c:\program files (x86)\iLivid\VLC\lua\meta\fetcher\tvrage.lua
c:\program files (x86)\iLivid\VLC\lua\meta\reader\filename.lua
c:\program files (x86)\iLivid\VLC\lua\meta\reader\README.txt
c:\program files (x86)\iLivid\VLC\lua\modules\sandbox.lua
c:\program files (x86)\iLivid\VLC\lua\modules\simplexml.lua
c:\program files (x86)\iLivid\VLC\lua\playlist\anevia_streams.lua
c:\program files (x86)\iLivid\VLC\lua\playlist\anevia_xml.lua
c:\program files (x86)\iLivid\VLC\lua\playlist\appletrailers.lua
c:\program files (x86)\iLivid\VLC\lua\playlist\bbc_co_uk.lua
c:\program files (x86)\iLivid\VLC\lua\playlist\break.lua
c:\program files (x86)\iLivid\VLC\lua\playlist\canalplus.lua
c:\program files (x86)\iLivid\VLC\lua\playlist\cue.lua
c:\program files (x86)\iLivid\VLC\lua\playlist\dailymotion.lua
c:\program files (x86)\iLivid\VLC\lua\playlist\france2.lua
c:\program files (x86)\iLivid\VLC\lua\playlist\googlevideo.lua
c:\program files (x86)\iLivid\VLC\lua\playlist\jamendo.lua
c:\program files (x86)\iLivid\VLC\lua\playlist\joox.lua
c:\program files (x86)\iLivid\VLC\lua\playlist\katsomo.lua
c:\program files (x86)\iLivid\VLC\lua\playlist\koreus.lua
c:\program files (x86)\iLivid\VLC\lua\playlist\lelombrik.lua
c:\program files (x86)\iLivid\VLC\lua\playlist\megavideo.lua
c:\program files (x86)\iLivid\VLC\lua\playlist\metacafe.lua
c:\program files (x86)\iLivid\VLC\lua\playlist\metachannels.lua
c:\program files (x86)\iLivid\VLC\lua\playlist\mpora.lua
c:\program files (x86)\iLivid\VLC\lua\playlist\pinkbike.lua
c:\program files (x86)\iLivid\VLC\lua\playlist\README.txt
c:\program files (x86)\iLivid\VLC\lua\playlist\rockbox_fm_presets.lua
c:\program files (x86)\iLivid\VLC\lua\playlist\vimeo.lua
c:\program files (x86)\iLivid\VLC\lua\playlist\youtube.lua
c:\program files (x86)\iLivid\VLC\lua\playlist\youtube_homepage.lua
c:\program files (x86)\iLivid\VLC\lua\README.txt
c:\program files (x86)\iLivid\VLC\lua\sd\fmc.lua
c:\program files (x86)\iLivid\VLC\lua\sd\freebox.lua
c:\program files (x86)\iLivid\VLC\lua\sd\icecast.lua
c:\program files (x86)\iLivid\VLC\lua\sd\jamendo.lua
c:\program files (x86)\iLivid\VLC\lua\sd\metachannels.lua
c:\program files (x86)\iLivid\VLC\lua\sd\README.txt
c:\program files (x86)\iLivid\VLC\mozilla\npvlc.dll
c:\program files (x86)\iLivid\VLC\mozilla\npvlc.dll.manifest
c:\program files (x86)\iLivid\VLC\NEWS.txt
c:\program files (x86)\iLivid\VLC\NSIS\UAC.dll
c:\program files (x86)\iLivid\VLC\NSIS\UAC.nsh
c:\program files (x86)\iLivid\VLC\osdmenu\default.cfg
c:\program files (x86)\iLivid\VLC\osdmenu\default\selected\bw.png
c:\program files (x86)\iLivid\VLC\osdmenu\default\selected\esc.png
c:\program files (x86)\iLivid\VLC\osdmenu\default\selected\fw.png
c:\program files (x86)\iLivid\VLC\osdmenu\default\selected\next.png
c:\program files (x86)\iLivid\VLC\osdmenu\default\selected\play_pause.png
c:\program files (x86)\iLivid\VLC\osdmenu\default\selected\previous.png
c:\program files (x86)\iLivid\VLC\osdmenu\default\selected\stop.png
c:\program files (x86)\iLivid\VLC\osdmenu\default\selected\volume.png
c:\program files (x86)\iLivid\VLC\osdmenu\default\selection\bw.png
c:\program files (x86)\iLivid\VLC\osdmenu\default\selection\esc.png
c:\program files (x86)\iLivid\VLC\osdmenu\default\selection\fw.png
c:\program files (x86)\iLivid\VLC\osdmenu\default\selection\next.png
c:\program files (x86)\iLivid\VLC\osdmenu\default\selection\play_pause.png
c:\program files (x86)\iLivid\VLC\osdmenu\default\selection\previous.png
c:\program files (x86)\iLivid\VLC\osdmenu\default\selection\stop.png
c:\program files (x86)\iLivid\VLC\osdmenu\default\selection\volume.png
c:\program files (x86)\iLivid\VLC\osdmenu\default\unselected.png
c:\program files (x86)\iLivid\VLC\osdmenu\default\volume\volume_00.png
c:\program files (x86)\iLivid\VLC\osdmenu\default\volume\volume_01.png
c:\program files (x86)\iLivid\VLC\osdmenu\default\volume\volume_02.png
c:\program files (x86)\iLivid\VLC\osdmenu\default\volume\volume_03.png
c:\program files (x86)\iLivid\VLC\osdmenu\default\volume\volume_04.png
c:\program files (x86)\iLivid\VLC\osdmenu\default\volume\volume_05.png
c:\program files (x86)\iLivid\VLC\osdmenu\default\volume\volume_06.png
c:\program files (x86)\iLivid\VLC\osdmenu\default\volume\volume_07.png
c:\program files (x86)\iLivid\VLC\osdmenu\default\volume\volume_08.png
c:\program files (x86)\iLivid\VLC\osdmenu\default\volume\volume_09.png
c:\program files (x86)\iLivid\VLC\osdmenu\default\volume\volume_10.png
c:\program files (x86)\iLivid\VLC\plugins\liba52_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\liba52tofloat32_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\liba52tospdif_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libaccess_attachment_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libaccess_bd_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libaccess_fake_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libaccess_ftp_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libaccess_http_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libaccess_imem_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libaccess_mms_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libaccess_output_dummy_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libaccess_output_file_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libaccess_output_http_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libaccess_output_shout_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libaccess_output_udp_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libaccess_realrtsp_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libaccess_smb_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libaccess_tcp_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libaccess_udp_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libadjust_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libadpcm_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libaes3_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libaiff_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libalphamask_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libaout_directx_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libaout_file_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libaout_sdl_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libaraw_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libasf_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libatmo_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libau_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libaudio_format_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libaudiobargraph_a_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libaudiobargraph_v_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libaudioscrobbler_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libavcodec_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libavi_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libball_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libbda_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libblend_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libblendbench_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libbluescreen_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libcaca_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libcanvas_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libcc_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libcdda_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libcdg_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libchain_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libchorus_flanger_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libclone_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libcolorthres_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libconverter_fixed_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libcrop_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libcroppadd_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libcvdsub_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libdeinterlace_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libdemux_cdg_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libdemuxdump_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libdirac_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libdirect3d_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libdirectx_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libdmo_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libdolby_surround_decoder_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libdrawable_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libdshow_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libdts_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libdtstofloat32_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libdtstospdif_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libdummy_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libdvbsub_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libdvdnav_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libdvdread_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libequalizer_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\liberase_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libes_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libexport_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libextract_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libfaad_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libfake_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libfilesystem_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libflac_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libflacsys_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libfloat32_mixer_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libfluidsynth_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libfolder_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libfreetype_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libgaussianblur_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libgestures_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libglobalhotkeys_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libglwin32_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libgme_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libgnutls_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libgoom_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libgradient_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libgrain_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libgrey_yuv_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libh264_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libheadphone_channel_mixer_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libhotkeys_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libi420_rgb_mmx_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libi420_rgb_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libi420_rgb_sse2_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libi420_yuy2_mmx_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libi420_yuy2_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libi420_yuy2_sse2_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libi422_i420_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libi422_yuy2_mmx_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libi422_yuy2_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libi422_yuy2_sse2_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libinvert_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libinvmem_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libkate_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\liblibass_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\liblibmpeg2_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\liblive555_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\liblogger_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\liblogo_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\liblpcm_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\liblua_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libmagnify_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libmarq_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libmediadirs_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libmemcpy3dn_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libmemcpymmx_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libmemcpymmxext_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libmirror_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libmjpeg_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libmkv_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libmod_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libmono_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libmosaic_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libmotionblur_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libmotiondetect_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libmp4_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libmpc_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libmpeg_audio_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libmpgatofixed32_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libmpgv_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libmsn_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libmux_asf_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libmux_avi_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libmux_dummy_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libmux_mp4_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libmux_mpjpeg_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libmux_ogg_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libmux_ps_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libmux_ts_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libmux_wav_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libnetsync_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libnoise_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libnormvol_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libnsc_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libnsv_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libntservice_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libnuv_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libogg_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\liboldhttp_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\liboldrc_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\liboldtelnet_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libosd_parser_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libosdmenu_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libpacketizer_copy_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libpacketizer_dirac_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libpacketizer_flac_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libpacketizer_h264_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libpacketizer_mlp_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libpacketizer_mpeg4audio_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libpacketizer_mpeg4video_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libpacketizer_mpegvideo_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libpacketizer_vc1_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libpanoramix_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libparam_eq_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libplaylist_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libpng_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libpodcast_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libportaudio_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libpostproc_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libprojectm_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libps_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libpsychedelic_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libpuzzle_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libpva_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libqt4_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libquicktime_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\librawaud_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\librawdv_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\librawvid_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\librawvideo_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libreal_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\librealvideo_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libremoteosd_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libripple_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\librotate_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\librss_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\librtp_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\librv32_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libsap_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libscale_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libscaletempo_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libscene_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libschroedinger_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libscreen_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libsdl_image_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libsharpen_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libsimple_channel_mixer_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libskins2_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libsmf_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libspatializer_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libspdif_mixer_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libspeex_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libspudec_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libstats_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libstream_filter_rar_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libstream_filter_record_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libstream_out_autodel_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libstream_out_bridge_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libstream_out_description_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libstream_out_display_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libstream_out_dummy_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libstream_out_duplicate_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libstream_out_es_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libstream_out_gather_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libstream_out_mosaic_bridge_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libstream_out_raop_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libstream_out_record_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libstream_out_rtp_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libstream_out_smem_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libstream_out_standard_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libstream_out_transcode_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libsubsdec_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libsubsusf_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libsubtitle_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libsvcdsub_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libswscale_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libt140_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libtaglib_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libtheora_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libtransform_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libtrivial_channel_mixer_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libtrivial_mixer_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libts_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libtta_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libtwolame_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libty_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libugly_resampler_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libvc1_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libvcd_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libvideo_filter_wrapper_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libvisual_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libvmem_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libvobsub_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libvoc_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libvod_rtsp_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libvorbis_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libvout_sdl_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libvout_wrapper_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libwall_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libwav_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libwave_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libwaveout_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libwingdi_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libx264_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libxa_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libxml_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libxtag_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libyuv_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libyuvp_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libyuy2_i420_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libyuy2_i422_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libzip_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\libzvbi_plugin.dll
c:\program files (x86)\iLivid\VLC\plugins\plugins-04041e-3e8.dat
c:\program files (x86)\iLivid\VLC\README.txt
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\deprecated.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\libvlc.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\libvlc_events.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\libvlc_media.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\libvlc_media_discoverer.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\libvlc_media_library.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\libvlc_media_list.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\libvlc_media_list_player.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\libvlc_media_player.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\libvlc_structures.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\libvlc_version.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\libvlc_vlm.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_access.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_acl.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_aout.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_aout_mixer.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_arrays.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_art_finder.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_avcodec.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_bits.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_block.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_block_helper.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_charset.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_codec.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_common.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_config.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_config_cat.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_configuration.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_cpu.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_demux.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_dialog.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_epg.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_es.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_es_out.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_events.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_filter.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_fourcc.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_fs.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_gcrypt.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_http.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_httpd.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_image.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_inhibit.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_input.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_input_item.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_main.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_md5.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_messages.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_meta.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_modules.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_mouse.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_mtime.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_objects.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_picture.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_picture_fifo.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_picture_pool.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_playlist.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_plugin.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_probe.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_rand.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_services_discovery.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_sout.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_sql.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_stream.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_strings.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_subpicture.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_threads.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_url.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_variables.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_video_splitter.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_vlm.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_vout.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_vout_display.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_vout_opengl.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_vout_window.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_xlib.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\plugins\vlc_xml.h
c:\program files (x86)\iLivid\VLC\sdk\include\vlc\vlc.h
c:\program files (x86)\iLivid\VLC\sdk\lib\libvlc.dll.a
c:\program files (x86)\iLivid\VLC\sdk\lib\libvlc.la
c:\program files (x86)\iLivid\VLC\sdk\lib\libvlccore.dll.a
c:\program files (x86)\iLivid\VLC\sdk\lib\libvlccore.la
c:\program files (x86)\iLivid\VLC\sdk\lib\pkgconfig\libvlc.pc
c:\program files (x86)\iLivid\VLC\sdk\lib\pkgconfig\vlc-plugin.pc
c:\program files (x86)\iLivid\VLC\skins\default.vlt
c:\program files (x86)\iLivid\VLC\skins\fonts\FreeSans.ttf
c:\program files (x86)\iLivid\VLC\skins\fonts\FreeSansBold.ttf
c:\program files (x86)\iLivid\VLC\skins\skin.catalog
c:\program files (x86)\iLivid\VLC\skins\skin.dtd
c:\program files (x86)\iLivid\VLC\spad.nsi
c:\program files (x86)\iLivid\VLC\THANKS.txt
c:\program files (x86)\iLivid\VLC\vlc-cache-gen.exe
c:\program files (x86)\iLivid\VLC\vlc.exe
c:\program files (x86)\iLivid\VLC\vlc.exe.manifest
c:\program files (x86)\iLivid\VLC\vlc.ico
c:\program files (x86)\iLivid\VLC\vlc.win32.nsi
 
******* continued ********

c:\program files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe
c:\program files (x86)\Searchqu Toolbar\Datamngr\DnsBHO.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\installhelper.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\as_guid.dat
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\template.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ca.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\divider.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\games.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_amazon.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_games.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\images.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search-go.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\mail.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\music.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\news.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\settings.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\translate.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\weather.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\web.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\components\windowmediator.js
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\manifest.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\uninstall.exe
c:\program files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\x64\datamngrUI.exe
c:\program files (x86)\Searchqu Toolbar\Datamngr\x64\DnsBHO.dll
c:\program files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll
c:\program files (x86)\Searchqu Toolbar\sysid.ini
c:\program files (x86)\Searchqu Toolbar\uninstall.exe
c:\program files\Enigma Software Group
c:\program files\Enigma Software Group\SpyHunter\gil.dat
c:\program files\Enigma Software Group\SpyHunter\INSTALL.LOG
c:\program files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20120718_081551.log
c:\program files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20120718_104320.log
c:\program files\Enigma Software Group\SpyHunter\safeol.dat
c:\program files\Enigma Software Group\SpyHunter\scanlog.log
c:\program files\Enigma Software Group\SpyHunter\supportlog.txt
c:\program files\Enigma Software Group\SpyHunter\unkcache.dat
c:\programdata\B282
c:\programdata\B282\{83CC873F-6BDE-4998-8E42-B8B3733BA581}.swf
c:\users\Tom\AppData\Local\Ilivid Player
c:\users\Tom\AppData\Local\Ilivid Player\script.qscript
c:\users\Tom\AppData\Local\PackageAware
c:\users\Tom\AppData\Roaming\DriverCure
c:\users\Tom\AppData\Roaming\DriverCure\LogFile.txt
c:\users\Tom\AppData\Roaming\SpeedyPC Software
c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCall.dll
c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCalla.dll
c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCalla2.dll
c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCalla21.dll
c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCalla31.exe
c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCalla32.dll
c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCalla33.dll
c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCalla34.dll
c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCalla36.dll
c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCalla36.exe
c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseData.ini
.
 
******** continued ************

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_esgiguard
-------\Service_esgiguard
.
.
((((((((((((((((((((((((( Files Created from 2012-06-25 to 2012-07-25 )))))))))))))))))))))))))))))))
.
.
2012-07-25 19:38 . 2012-07-25 19:38--------d-----w-c:\users\Public\AppData\Local\temp
2012-07-25 19:38 . 2012-07-25 19:38--------d-----w-c:\users\DefaultAppPool\AppData\Local\temp
2012-07-25 19:38 . 2012-07-25 19:38--------d-----w-c:\users\Default\AppData\Local\temp
2012-07-25 19:38 . 2012-07-25 19:38--------d-----w-c:\users\Classic .NET AppPool\AppData\Local\temp
2012-07-25 12:51 . 2012-06-29 10:049133488----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{67510547-6CC6-4EEE-AE69-2F02B99F7286}\mpengine.dll
2012-07-25 12:02 . 2012-06-29 10:049133488----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-23 19:27 . 2012-07-23 19:27--------d-----w-c:\programdata\boost_interprocess
2012-07-18 12:13 . 2012-07-18 12:13--------d-----w-c:\program files (x86)\Common Files\Wise Installation Wizard
2012-07-18 01:46 . 2012-07-25 19:49--------d-----w-c:\users\Tom\AppData\Local\Temp
2012-07-18 01:10 . 2012-07-18 01:48--------d-----w-c:\users\Tom\AppData\Local\LogMeIn Rescue Applet
2012-07-18 00:40 . 2012-07-18 14:59--------d-----w-c:\programdata\SpeedyPC Software
2012-07-16 14:28 . 2012-06-12 03:083148800----a-w-c:\windows\system32\win32k.sys
2012-07-16 13:37 . 2012-06-09 05:4314172672----a-w-c:\windows\system32\shell32.dll
2012-07-16 13:37 . 2012-04-28 03:55210944----a-w-c:\windows\system32\drivers\rdpwd.sys
2012-07-16 13:35 . 2012-04-20 05:42451072----a-w-c:\program files\Internet Explorer\ieproxy.dll
2012-07-16 13:34 . 2012-06-02 04:40225280----a-w-c:\windows\SysWow64\schannel.dll
2012-07-16 13:34 . 2012-06-02 05:4895600----a-w-c:\windows\system32\drivers\ksecdd.sys
2012-07-16 13:34 . 2012-06-02 04:4022016----a-w-c:\windows\SysWow64\secur32.dll
2012-07-16 13:34 . 2012-06-02 04:3496768----a-w-c:\windows\SysWow64\sspicli.dll
2012-07-16 13:32 . 2012-04-26 05:4177312----a-w-c:\windows\system32\rdpwsx.dll
2012-07-16 13:32 . 2012-04-26 05:41149504----a-w-c:\windows\system32\rdpcorekmts.dll
2012-07-16 13:32 . 2012-04-26 05:349216----a-w-c:\windows\system32\rdrmemptylst.exe
2012-07-16 13:32 . 2012-04-24 05:371462272----a-w-c:\windows\system32\crypt32.dll
2012-07-16 13:32 . 2012-04-24 04:361158656----a-w-c:\windows\SysWow64\crypt32.dll
2012-07-16 13:32 . 2012-04-24 05:37184320----a-w-c:\windows\system32\cryptsvc.dll
2012-07-16 13:32 . 2012-04-24 05:37140288----a-w-c:\windows\system32\cryptnet.dll
2012-07-16 13:32 . 2012-04-24 04:36140288----a-w-c:\windows\SysWow64\cryptsvc.dll
2012-07-16 13:32 . 2012-04-24 04:36103936----a-w-c:\windows\SysWow64\cryptnet.dll
2012-07-16 11:14 . 2012-07-16 11:14--------d-----w-c:\program files (x86)\Oracle
2012-07-12 12:26 . 2012-07-12 12:269226440----a-w-c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-04 19:06 . 2012-07-23 19:30--------d--h--w-c:\windows\SysWow64\{71.74.95.131}
2012-07-04 16:56 . 2012-05-03 12:38927800------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1ACA8E6C-DD25-4663-BBFF-C5297E44762B}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 12:27 . 2012-05-05 11:2570344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 12:27 . 2012-05-05 11:25426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-06 02:06 . 2012-05-09 10:38772544----a-w-c:\windows\SysWow64\npDeployJava1.dll
2012-07-06 02:06 . 2011-07-20 14:11687544----a-w-c:\windows\SysWow64\deployJava1.dll
2012-07-03 17:46 . 2010-12-12 13:3024904----a-w-c:\windows\system32\drivers\mbam.sys
2012-07-03 07:19 . 2010-09-22 23:1659701280----a-w-c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-19 10:1138424----a-w-c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 10:122428952----a-w-c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 10:1257880----a-w-c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 10:1244056----a-w-c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 10:11701976----a-w-c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 10:122622464----a-w-c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 10:1199840----a-w-c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-19 10:11186752----a-w-c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-19 10:1136864----a-w-c:\windows\system32\wuapp.exe
2012-05-31 16:25 . 2010-09-22 22:48279656------w-c:\windows\system32\MpSigStub.exe
2012-05-07 09:33 . 2012-05-07 09:3369000----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D5AB106-6E8F-4C25-9CF6-CF69C4B17EB7}\offreg.dll
2012-05-05 11:45 . 2012-05-05 11:45839112----a-w-c:\windows\system32\deployJava1.dll
2012-05-05 11:45 . 2012-05-05 11:45955848----a-w-c:\windows\system32\npDeployJava1.dll
2012-05-03 12:38 . 2012-06-13 17:35927800------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-25_12.39.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-24 19:44 . 2012-07-25 19:3910018 c:\windows\system64\wdi\ERCQueuedResolutions.dat
- 2010-11-24 19:44 . 2012-07-18 14:4010018 c:\windows\system64\wdi\ERCQueuedResolutions.dat
- 2010-11-24 19:44 . 2012-07-18 14:4010018 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2010-11-24 19:44 . 2012-07-25 19:3910018 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2010-09-22 22:55 . 2012-07-25 12:0216384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-22 22:55 . 2012-07-25 19:2016384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-22 22:55 . 2012-07-25 12:0216384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-22 22:55 . 2012-07-25 19:2016384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-07-25 12:38 . 2012-07-25 12:382048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-25 19:40 . 2012-07-25 19:402048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-25 19:40 . 2012-07-25 19:402048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-25 12:38 . 2012-07-25 12:382048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-24 00:17 . 2012-07-25 19:17384400 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-07-25 12:05788232 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-25 19:44788232 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-25 19:44166464 c:\windows\system64\perfc009.dat
- 2009-07-14 02:36 . 2012-07-25 12:05166464 c:\windows\system64\perfc009.dat
+ 2010-09-24 00:17 . 2012-07-25 19:17384400 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-07-25 19:44788232 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-25 12:05788232 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-25 19:44166464 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-25 12:05166464 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-07-25 12:37396676 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-25 19:39396676 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-11-30 15:03155416----a-w-c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"null-4d8d0ec"="c:\windows\Sun\Java\bin\javaw.exe" [2012-05-05 189384]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"4d8d0ec"="c:\windows\Sun\Java\bin\javaw.exe" [2012-05-05 189384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-10-19 1439496]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-16 136176]
R2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2008-07-11 145448]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-16 136176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\DRIVERS\SNTUSB64.SYS [2008-07-11 58664]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-22 834544]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2010-11-30 321424]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 JungleDiskWorkgroupService;JungleDiskWorkgroupService;c:\program files\Jungle Disk Workgroup\JungleDiskWorkgroup.exe [2011-05-17 9769800]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [2007-11-28 1039872]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcsREG_MULTI_SZ w3svc was
apphostREG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 12:27]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-16 22:07]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-16 22:07]
.
2012-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1582047655-2410839964-2795636096-1001Core.job
- c:\users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-24 20:27]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1582047655-2410839964-2795636096-1001UA.job
- c:\users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-24 20:27]
.
2012-07-25 c:\windows\Tasks\Web Studio 5.0 Updates.job
- c:\windows\Installer\Web Studio 5.0 Updates for All Users.lnk [2011-03-07 00:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-11-30 15:03188696----a-w-c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\JungleDiskWorkgroup1_Complete]
@="{78061A12-1E91-4446-8B65-8ED2FF328D4A}"
[HKEY_CLASSES_ROOT\CLSID\{78061A12-1E91-4446-8B65-8ED2FF328D4A}]
2011-05-17 20:151089024----a-w-c:\program files\Jungle Disk Workgroup\monitor_shellext.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\JungleDiskWorkgroup2_InProgress]
@="{700AD13D-E86F-41C9-9A8F-39B4C438806F}"
[HKEY_CLASSES_ROOT\CLSID\{700AD13D-E86F-41C9-9A8F-39B4C438806F}]
2011-05-17 20:151089024----a-w-c:\program files\Jungle Disk Workgroup\monitor_shellext.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\JungleDiskWorkgroup3_Conflicted]
@="{48C7A606-0F84-4DC8-8AFD-A157BDF18A08}"
[HKEY_CLASSES_ROOT\CLSID\{48C7A606-0F84-4DC8-8AFD-A157BDF18A08}]
2011-05-17 20:151089024----a-w-c:\program files\Jungle Disk Workgroup\monitor_shellext.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-02-17 375808]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"combofix"="c:\combofix\CF14776.3XE" [2010-11-20 345088]
.
------- Supplementary Scan -------
.
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll
Toolbar-10 - (no file)
Toolbar-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll
Wow6432Node-HKLM-Run-DATAMNGR - c:\progra~2\SEARCH~1\Datamngr\DATAMN~1.EXE
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-iLivid - c:\program files (x86)\iLivid\uninstall.exe
AddRemove-Searchqu Toolbar - c:\program files (x86)\Searchqu Toolbar\uninstall.exe
AddRemove-Wincore MediaBar - c:\program files (x86)\BearShare Applications\MediaBar\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
.
**************************************************************************
.
Completion time: 2012-07-25 15:54:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-25 19:54
ComboFix2.txt 2012-07-25 12:50
.
Pre-Run: 96,639,787,008 bytes free
Post-Run: 96,178,401,280 bytes free
.
- - End Of File - - 5D017748043859ED35AC513B7EAF4EEF
 
More malware to delete...

ComboFix Script

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the codebox below into it:
    killall::

    Folder::
    c:\programdata\SpeedyPC Software

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "null-4d8d0ec"=-
    "Sidebar"=-
    "4d8d0ec"=-

    File::
    c:\windows\Sun\Java\bin\javaw.exe

    ClearJavaCache::

    Reboot::
    Click to expand...
  • Save this as CFScript.txt, in the same location as ComboFix.exe

    CFScriptB-4.gif

  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.
 
Good morning DragonMasterJay... the results of the scan are below. I should report that the machine seems to be doing sooo much better after the first ComboFix routine you had me run. No opinion on the second yet since I just got rebooted and am sending this note.

From the last time I had viral activity, it seemed like ComboFix was the tool that made the most impact. Is it a layman's tool or do you also need the custom scripts (after hours of digesting those other diagnostic logs) that makes the tool a specialty? I use MSE realt ime, and a weekly MBAM routine but evidently somethings are getting by them so I was really just curious on how to prevent this from happening again, if possible.

******** ComboFix results ****
ComboFix 12-07-27.01 - Tom 07/26/2012 7:00.5.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2003.1064 [GMT -4:00]
Running from: c:\users\Tom\Desktop\ComboFix.exe
Command switches used :: c:\users\Tom\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Sun\Java\bin\javaw.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SpeedyPC Software
c:\windows\Sun\Java\bin\javaw.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-26 to 2012-07-26 )))))))))))))))))))))))))))))))
.
.
2012-07-26 11:08 . 2012-07-26 11:08--------d-----w-c:\users\Public\AppData\Local\temp
2012-07-26 11:08 . 2012-07-26 11:08--------d-----w-c:\users\DefaultAppPool\AppData\Local\temp
2012-07-26 11:08 . 2012-07-26 11:08--------d-----w-c:\users\Default\AppData\Local\temp
2012-07-26 11:08 . 2012-07-26 11:08--------d-----w-c:\users\Classic .NET AppPool\AppData\Local\temp
2012-07-25 21:43 . 2012-07-25 21:43--------d-----w-c:\windows\Downloaded Program Files
2012-07-25 19:40 . 2012-07-26 11:1069000----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{67510547-6CC6-4EEE-AE69-2F02B99F7286}\offreg.dll
2012-07-25 12:51 . 2012-06-29 10:049133488----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{67510547-6CC6-4EEE-AE69-2F02B99F7286}\mpengine.dll
2012-07-25 12:02 . 2012-06-29 10:049133488----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-23 19:27 . 2012-07-23 19:27--------d-----w-c:\programdata\boost_interprocess
2012-07-18 12:13 . 2012-07-18 12:13--------d-----w-c:\program files (x86)\Common Files\Wise Installation Wizard
2012-07-18 01:46 . 2012-07-26 11:10--------d-----w-c:\users\Tom\AppData\Local\Temp
2012-07-18 01:10 . 2012-07-18 01:48--------d-----w-c:\users\Tom\AppData\Local\LogMeIn Rescue Applet
2012-07-16 14:28 . 2012-06-12 03:083148800----a-w-c:\windows\system32\win32k.sys
2012-07-16 13:37 . 2012-06-09 05:4314172672----a-w-c:\windows\system32\shell32.dll
2012-07-16 13:37 . 2012-04-28 03:55210944----a-w-c:\windows\system32\drivers\rdpwd.sys
2012-07-16 13:35 . 2012-04-20 05:42451072----a-w-c:\program files\Internet Explorer\ieproxy.dll
2012-07-16 13:34 . 2012-06-02 04:40225280----a-w-c:\windows\SysWow64\schannel.dll
2012-07-16 13:34 . 2012-06-02 05:4895600----a-w-c:\windows\system32\drivers\ksecdd.sys
2012-07-16 13:34 . 2012-06-02 04:4022016----a-w-c:\windows\SysWow64\secur32.dll
2012-07-16 13:34 . 2012-06-02 04:3496768----a-w-c:\windows\SysWow64\sspicli.dll
2012-07-16 13:32 . 2012-04-26 05:4177312----a-w-c:\windows\system32\rdpwsx.dll
2012-07-16 13:32 . 2012-04-26 05:41149504----a-w-c:\windows\system32\rdpcorekmts.dll
2012-07-16 13:32 . 2012-04-26 05:349216----a-w-c:\windows\system32\rdrmemptylst.exe
2012-07-16 13:32 . 2012-04-24 05:371462272----a-w-c:\windows\system32\crypt32.dll
2012-07-16 13:32 . 2012-04-24 04:361158656----a-w-c:\windows\SysWow64\crypt32.dll
2012-07-16 13:32 . 2012-04-24 05:37184320----a-w-c:\windows\system32\cryptsvc.dll
2012-07-16 13:32 . 2012-04-24 05:37140288----a-w-c:\windows\system32\cryptnet.dll
2012-07-16 13:32 . 2012-04-24 04:36140288----a-w-c:\windows\SysWow64\cryptsvc.dll
2012-07-16 13:32 . 2012-04-24 04:36103936----a-w-c:\windows\SysWow64\cryptnet.dll
2012-07-16 11:14 . 2012-07-16 11:14--------d-----w-c:\program files (x86)\Oracle
2012-07-12 12:26 . 2012-07-12 12:269226440----a-w-c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-04 19:06 . 2012-07-23 19:30--------d--h--w-c:\windows\SysWow64\{71.74.95.131}
2012-07-04 16:56 . 2012-05-03 12:38927800------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1ACA8E6C-DD25-4663-BBFF-C5297E44762B}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 12:27 . 2012-05-05 11:2570344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 12:27 . 2012-05-05 11:25426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-06 02:06 . 2012-05-09 10:38772544----a-w-c:\windows\SysWow64\npDeployJava1.dll
2012-07-06 02:06 . 2011-07-20 14:11687544----a-w-c:\windows\SysWow64\deployJava1.dll
2012-07-03 17:46 . 2010-12-12 13:3024904----a-w-c:\windows\system32\drivers\mbam.sys
2012-07-03 07:19 . 2010-09-22 23:1659701280----a-w-c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-19 10:1138424----a-w-c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 10:122428952----a-w-c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 10:1257880----a-w-c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 10:1244056----a-w-c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 10:11701976----a-w-c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 10:122622464----a-w-c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 10:1199840----a-w-c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-19 10:11186752----a-w-c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-19 10:1136864----a-w-c:\windows\system32\wuapp.exe
2012-05-31 16:25 . 2010-09-22 22:48279656------w-c:\windows\system32\MpSigStub.exe
2012-05-07 09:33 . 2012-05-07 09:3369000----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D5AB106-6E8F-4C25-9CF6-CF69C4B17EB7}\offreg.dll
2012-05-05 11:45 . 2012-05-05 11:45839112----a-w-c:\windows\system32\deployJava1.dll
2012-05-05 11:45 . 2012-05-05 11:45955848----a-w-c:\windows\system32\npDeployJava1.dll
2012-05-03 12:38 . 2012-06-13 17:35927800------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-25_12.39.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-24 19:44 . 2012-07-26 11:0910114 c:\windows\system64\wdi\ERCQueuedResolutions.dat
+ 2009-07-14 05:10 . 2012-07-26 11:1240166 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-22 22:56 . 2012-07-26 11:1216846 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1582047655-2410839964-2795636096-1001_UserData.bin
+ 2010-11-24 19:44 . 2012-07-26 11:0910114 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2009-07-14 05:10 . 2012-07-26 11:1240166 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-22 22:56 . 2012-07-26 11:1216846 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1582047655-2410839964-2795636096-1001_UserData.bin
- 2010-09-22 22:55 . 2012-07-25 12:0216384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-22 22:55 . 2012-07-26 11:0516384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-22 22:55 . 2012-07-25 12:0216384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-22 22:55 . 2012-07-26 11:0516384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-07-25 12:38 . 2012-07-25 12:382048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-26 11:10 . 2012-07-26 11:102048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-26 11:10 . 2012-07-26 11:102048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-25 12:38 . 2012-07-25 12:382048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-24 00:17 . 2012-07-26 10:49384848 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-07-25 21:25788232 c:\windows\system64\perfh009.dat
- 2009-07-14 02:36 . 2012-07-25 12:05788232 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-25 21:25166464 c:\windows\system64\perfc009.dat
- 2009-07-14 02:36 . 2012-07-25 12:05166464 c:\windows\system64\perfc009.dat
+ 2010-09-24 00:17 . 2012-07-26 10:49384848 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-07-25 12:05788232 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-25 21:25788232 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-25 12:05166464 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-25 21:25166464 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-07-26 11:09396676 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-25 12:37396676 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
c:\progra~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}"= "c:\progra~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-11-30 15:03155416----a-w-c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-10-19 1439496]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-16 136176]
R2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2008-07-11 145448]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-16 136176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\DRIVERS\SNTUSB64.SYS [2008-07-11 58664]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-22 834544]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2010-11-30 321424]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 JungleDiskWorkgroupService;JungleDiskWorkgroupService;c:\program files\Jungle Disk Workgroup\JungleDiskWorkgroup.exe [2011-05-17 9769800]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [2007-11-28 1039872]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcsREG_MULTI_SZ w3svc was
apphostREG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 12:27]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-16 22:07]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-16 22:07]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1582047655-2410839964-2795636096-1001Core.job
- c:\users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-24 20:27]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1582047655-2410839964-2795636096-1001UA.job
- c:\users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-24 20:27]
.
2012-07-25 c:\windows\Tasks\Web Studio 5.0 Updates.job
- c:\windows\Installer\Web Studio 5.0 Updates for All Users.lnk [2011-03-07 00:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-11-30 15:03188696----a-w-c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\JungleDiskWorkgroup1_Complete]
@="{78061A12-1E91-4446-8B65-8ED2FF328D4A}"
[HKEY_CLASSES_ROOT\CLSID\{78061A12-1E91-4446-8B65-8ED2FF328D4A}]
2011-05-17 20:151089024----a-w-c:\program files\Jungle Disk Workgroup\monitor_shellext.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\JungleDiskWorkgroup2_InProgress]
@="{700AD13D-E86F-41C9-9A8F-39B4C438806F}"
[HKEY_CLASSES_ROOT\CLSID\{700AD13D-E86F-41C9-9A8F-39B4C438806F}]
2011-05-17 20:151089024----a-w-c:\program files\Jungle Disk Workgroup\monitor_shellext.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\JungleDiskWorkgroup3_Conflicted]
@="{48C7A606-0F84-4DC8-8AFD-A157BDF18A08}"
[HKEY_CLASSES_ROOT\CLSID\{48C7A606-0F84-4DC8-8AFD-A157BDF18A08}]
2011-05-17 20:151089024----a-w-c:\program files\Jungle Disk Workgroup\monitor_shellext.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-02-17 375808]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
.
**************************************************************************
.
Completion time: 2012-07-26 07:20:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-26 11:20
ComboFix2.txt 2012-07-25 19:54
ComboFix3.txt 2012-07-25 12:50
.
Pre-Run: 96,220,569,600 bytes free
Post-Run: 95,971,823,616 bytes free
.
- - End Of File - - CE7BF816EB40D3A5EEB175B1CD0053B4
 
ComboFix Script

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the codebox below into it:
    Folder::
    c:\progra~2\BEARSH~1

    Registry::
    [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}"=-
    .
    [-HKEY_CLASSES_ROOT\clsid\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]

    Reboot::
    Click to expand...
  • Save this as CFScript.txt, in the same location as ComboFix.exe

    CFScriptB-4.gif
  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.
 
From the last time I had viral activity, it seemed like ComboFix was the tool that made the most impact. Is it a layman's tool or do you also need the custom scripts (after hours of digesting those other diagnostic logs) that makes the tool a specialty? I use MSE realt ime, and a weekly MBAM routine but evidently somethings are getting by them so I was really just curious on how to prevent this from happening again, if possible.
Click to expand...
The custom scripts are the hours of work we put in while training. ComboFix is actually quite dangerous, even though it's easy to run. If it deletes the wrong thing, or puts the computer in jeopardy, trained personnel like myself know how to get the computer back to running fashion again.

I will go over prevention tips later once clean.

For what it's worth, probably best to buy some good protection (Much more promising to help prevent malware). I can point you to that, if you like.
 
I had been led to believe that MSE was the best out there, but knowing it is free may cause me to invest in something better. Since you guys know, I defer to your judgement. Results below...

***** COMBOFIX *****
ComboFix 12-07-27.02 - Tom 07/26/2012 13:06:51.6.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2003.1151 [GMT -4:00]
Running from: c:\users\Tom\Desktop\ComboFix.exe
Command switches used :: c:\users\Tom\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\progra~2\BEARSH~1"
.
.
((((((((((((((((((((((((( Files Created from 2012-06-26 to 2012-07-26 )))))))))))))))))))))))))))))))
.
.
2012-07-26 17:28 . 2012-06-29 10:049133488----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A84CBE86-C13B-4318-A099-B5A527D29638}\mpengine.dll
2012-07-26 17:15 . 2012-07-26 17:15--------d-----w-c:\users\Public\AppData\Local\temp
2012-07-26 17:15 . 2012-07-26 17:15--------d-----w-c:\users\DefaultAppPool\AppData\Local\temp
2012-07-26 17:15 . 2012-07-26 17:15--------d-----w-c:\users\Default\AppData\Local\temp
2012-07-26 17:15 . 2012-07-26 17:15--------d-----w-c:\users\Classic .NET AppPool\AppData\Local\temp
2012-07-26 11:20 . 2012-06-29 10:049133488------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-25 21:43 . 2012-07-25 21:43--------d-----w-c:\windows\Downloaded Program Files
2012-07-23 19:27 . 2012-07-23 19:27--------d-----w-c:\programdata\boost_interprocess
2012-07-18 12:13 . 2012-07-18 12:13--------d-----w-c:\program files (x86)\Common Files\Wise Installation Wizard
2012-07-18 01:46 . 2012-07-26 18:02--------d-----w-c:\users\Tom\AppData\Local\Temp
2012-07-18 01:10 . 2012-07-18 01:48--------d-----w-c:\users\Tom\AppData\Local\LogMeIn Rescue Applet
2012-07-16 14:28 . 2012-06-12 03:083148800----a-w-c:\windows\system32\win32k.sys
2012-07-16 13:37 . 2012-06-09 05:4314172672----a-w-c:\windows\system32\shell32.dll
2012-07-16 13:37 . 2012-04-28 03:55210944----a-w-c:\windows\system32\drivers\rdpwd.sys
2012-07-16 13:35 . 2012-04-20 05:42451072----a-w-c:\program files\Internet Explorer\ieproxy.dll
2012-07-16 13:34 . 2012-06-02 04:40225280----a-w-c:\windows\SysWow64\schannel.dll
2012-07-16 13:34 . 2012-06-02 05:4895600----a-w-c:\windows\system32\drivers\ksecdd.sys
2012-07-16 13:34 . 2012-06-02 04:4022016----a-w-c:\windows\SysWow64\secur32.dll
2012-07-16 13:34 . 2012-06-02 04:3496768----a-w-c:\windows\SysWow64\sspicli.dll
2012-07-16 13:32 . 2012-04-26 05:4177312----a-w-c:\windows\system32\rdpwsx.dll
2012-07-16 13:32 . 2012-04-26 05:41149504----a-w-c:\windows\system32\rdpcorekmts.dll
2012-07-16 13:32 . 2012-04-26 05:349216----a-w-c:\windows\system32\rdrmemptylst.exe
2012-07-16 13:32 . 2012-04-24 05:371462272----a-w-c:\windows\system32\crypt32.dll
2012-07-16 13:32 . 2012-04-24 04:361158656----a-w-c:\windows\SysWow64\crypt32.dll
2012-07-16 13:32 . 2012-04-24 05:37184320----a-w-c:\windows\system32\cryptsvc.dll
2012-07-16 13:32 . 2012-04-24 05:37140288----a-w-c:\windows\system32\cryptnet.dll
2012-07-16 13:32 . 2012-04-24 04:36140288----a-w-c:\windows\SysWow64\cryptsvc.dll
2012-07-16 13:32 . 2012-04-24 04:36103936----a-w-c:\windows\SysWow64\cryptnet.dll
2012-07-16 11:14 . 2012-07-16 11:14--------d-----w-c:\program files (x86)\Oracle
2012-07-12 12:26 . 2012-07-12 12:269226440----a-w-c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-04 19:06 . 2012-07-23 19:30--------d--h--w-c:\windows\SysWow64\{71.74.95.131}
2012-07-04 16:56 . 2012-05-03 12:38927800------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1ACA8E6C-DD25-4663-BBFF-C5297E44762B}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 12:27 . 2012-05-05 11:2570344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 12:27 . 2012-05-05 11:25426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-06 02:06 . 2012-05-09 10:38772544----a-w-c:\windows\SysWow64\npDeployJava1.dll
2012-07-06 02:06 . 2011-07-20 14:11687544----a-w-c:\windows\SysWow64\deployJava1.dll
2012-07-03 17:46 . 2010-12-12 13:3024904----a-w-c:\windows\system32\drivers\mbam.sys
2012-07-03 07:19 . 2010-09-22 23:1659701280----a-w-c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-19 10:1138424----a-w-c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 10:122428952----a-w-c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 10:1257880----a-w-c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 10:1244056----a-w-c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 10:11701976----a-w-c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 10:122622464----a-w-c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 10:1199840----a-w-c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-19 10:11186752----a-w-c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-19 10:1136864----a-w-c:\windows\system32\wuapp.exe
2012-05-31 16:25 . 2010-09-22 22:48279656------w-c:\windows\system32\MpSigStub.exe
2012-05-07 09:33 . 2012-05-07 09:3369000----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D5AB106-6E8F-4C25-9CF6-CF69C4B17EB7}\offreg.dll
2012-05-05 11:45 . 2012-05-05 11:45839112----a-w-c:\windows\system32\deployJava1.dll
2012-05-05 11:45 . 2012-05-05 11:45955848----a-w-c:\windows\system32\npDeployJava1.dll
2012-05-03 12:38 . 2012-06-13 17:35927800------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-25_12.39.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-24 19:44 . 2012-07-26 17:1610114 c:\windows\system64\wdi\ERCQueuedResolutions.dat
+ 2009-07-14 05:10 . 2012-07-26 11:1240166 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-22 22:56 . 2012-07-26 11:1216846 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1582047655-2410839964-2795636096-1001_UserData.bin
+ 2010-11-24 19:44 . 2012-07-26 17:1610114 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2009-07-14 05:10 . 2012-07-26 11:1240166 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-22 22:56 . 2012-07-26 11:1216846 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1582047655-2410839964-2795636096-1001_UserData.bin
- 2010-09-22 22:55 . 2012-07-25 12:0216384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-22 22:55 . 2012-07-26 17:0516384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-22 22:55 . 2012-07-25 12:0216384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-22 22:55 . 2012-07-26 17:0516384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-07-25 12:38 . 2012-07-25 12:382048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-26 17:17 . 2012-07-26 17:172048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-26 17:17 . 2012-07-26 17:172048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-25 12:38 . 2012-07-25 12:382048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-24 00:17 . 2012-07-26 17:02385152 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-07-26 17:21788232 c:\windows\system64\perfh009.dat
- 2009-07-14 02:36 . 2012-07-25 12:05788232 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-26 17:21166464 c:\windows\system64\perfc009.dat
- 2009-07-14 02:36 . 2012-07-25 12:05166464 c:\windows\system64\perfc009.dat
+ 2010-09-24 00:17 . 2012-07-26 17:02385152 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-07-25 12:05788232 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-26 17:21788232 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-25 12:05166464 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-26 17:21166464 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-07-25 12:37396676 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-26 17:16396676 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-18 20:42 . 2012-07-18 20:427931392 c:\windows\Installer\1430547.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-11-30 15:03155416----a-w-c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-10-19 1439496]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-16 136176]
R2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2008-07-11 145448]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-16 136176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\DRIVERS\SNTUSB64.SYS [2008-07-11 58664]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-22 834544]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2010-11-30 321424]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 JungleDiskWorkgroupService;JungleDiskWorkgroupService;c:\program files\Jungle Disk Workgroup\JungleDiskWorkgroup.exe [2011-05-17 9769800]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [2007-11-28 1039872]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcsREG_MULTI_SZ w3svc was
apphostREG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 12:27]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-16 22:07]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-16 22:07]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1582047655-2410839964-2795636096-1001Core.job
- c:\users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-24 20:27]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1582047655-2410839964-2795636096-1001UA.job
- c:\users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-24 20:27]
.
2012-07-25 c:\windows\Tasks\Web Studio 5.0 Updates.job
- c:\windows\Installer\Web Studio 5.0 Updates for All Users.lnk [2011-03-07 00:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-11-30 15:03188696----a-w-c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\JungleDiskWorkgroup1_Complete]
@="{78061A12-1E91-4446-8B65-8ED2FF328D4A}"
[HKEY_CLASSES_ROOT\CLSID\{78061A12-1E91-4446-8B65-8ED2FF328D4A}]
2011-05-17 20:151089024----a-w-c:\program files\Jungle Disk Workgroup\monitor_shellext.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\JungleDiskWorkgroup2_InProgress]
@="{700AD13D-E86F-41C9-9A8F-39B4C438806F}"
[HKEY_CLASSES_ROOT\CLSID\{700AD13D-E86F-41C9-9A8F-39B4C438806F}]
2011-05-17 20:151089024----a-w-c:\program files\Jungle Disk Workgroup\monitor_shellext.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\JungleDiskWorkgroup3_Conflicted]
@="{48C7A606-0F84-4DC8-8AFD-A157BDF18A08}"
[HKEY_CLASSES_ROOT\CLSID\{48C7A606-0F84-4DC8-8AFD-A157BDF18A08}]
2011-05-17 20:151089024----a-w-c:\program files\Jungle Disk Workgroup\monitor_shellext.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-02-17 375808]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
.
**************************************************************************
.
Completion time: 2012-07-26 14:07:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-26 18:07
ComboFix2.txt 2012-07-26 11:20
ComboFix3.txt 2012-07-25 19:54
ComboFix4.txt 2012-07-25 12:50
.
Pre-Run: 96,042,897,408 bytes free
Post-Run: 96,568,528,896 bytes free
.
- - End Of File - - 7B558F35291424D1C2C7A81A41E41654
 
Please feel free to get a good review of antivirus software here: http://secureconnexion.wordpress.com/2012/06/14/antivirus-software-toplist-top-20-summer-2012/

We'll go with one more opinion scan, since a lot of this malware has been persistent...

Please run the F-Secure Online Scanner
  • Accept the License Agreement and check the box. Then click on Run Check.
  • fsecurescan.png
  • It will ask you to Run the Java plugin. Please confirm.
  • Once the download completes, the window for the scanner will launch.
  • Please confirm anymore prompts, and then select Full Scan.
  • The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
 
******Results of the F-Secure scan*********

[FONT=verdana][FONT=Arial]Scanning Report[/FONT][/FONT]

[FONT=verdana][FONT=Arial]Friday, July 27, 2012 06:41:36 - 08:16:03[/FONT][/FONT]

[FONT=verdana]Computer name: TOM-LAPTOP
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\[/FONT]
[FONT=verdana][/FONT]
[FONT=verdana][FONT=Arial]3 malware found[/FONT][/FONT]

[FONT=verdana]Trojan.Generic.KDV[/FONT][FONT=verdana] (spyware)[/FONT]
  • System (Disinfected)
[FONT=verdana]Trojan.Generic.KD.676710[/FONT][FONT=verdana] (virus)[/FONT]
  • C:\WINDOWS\SYSWOW64\{71.74.95.131}\4D8D0F6 (Renamed & Submitted)
[FONT=verdana]Trojan.Generic.KD.678191[/FONT][FONT=verdana] (virus)[/FONT]
  • C:\WINDOWS\SYSWOW64\{71.74.95.131}\4D8D0F9 (Renamed & Submitted)
[FONT=verdana][/FONT]
[FONT=verdana][FONT=Arial]Statistics[/FONT][/FONT]

[FONT=verdana]Scanned:[/FONT]
  • Files: 93349
  • System: 5575
  • Not scanned: 242
[FONT=verdana]Actions:[/FONT]
  • Disinfected: 1
  • Renamed: 2
  • Deleted: 0
  • Not cleaned: 0
  • Submitted: 2
[FONT=verdana]Files not scanned:[/FONT]
  • C:\HIBERFIL.SYS
  • C:\PAGEFILE.SYS
  • C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
  • C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
  • C:\WINDOWS\SYSTEM32\CONFIG\SAM
  • C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
  • C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
  • C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
  • C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
  • C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
  • C:\USERS\TOM\APPDATA\LOCAL\TEMP\ETILQS_49UTWGLW5LCDUBJ
  • C:\USERS\TOM\APPDATA\LOCAL\TEMP\ETILQS_GBVCM1OKKTALKMY
  • C:\USERS\TOM\APPDATA\LOCAL\TEMP\ETILQS_QHCKP0YY4JTHFZR
  • C:\USERS\TOM\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.WORD\~WRS{47B62BE1-4084-4C90-AE34-16806B576DB3}.TMP
  • C:\USERS\TOM\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.WORD\~WRS{79FCA292-F0D7-4598-BE22-72E4A6C4A243}.TMP
  • C:\USERS\TOM\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.WORD\~WRS{A4EC430C-9A46-4645-BA78-1C27076344CA}.TMP
  • C:\USERS\TOM\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.WORD\~WRS{95E77C47-00C1-4A73-A64B-CAD8EBD2415A}.TMP
  • C:\USERS\TOM\APPDATA\LOCAL\MICROSOFT\OUTLOOK\ARCHIVE.PST
  • C:\USERS\TOM\APPDATA\LOCAL\MICROSOFT\OUTLOOK\OUTLOOK.PST
  • C:\USERS\TOM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CURRENT SESSION
  • C:\USERS\TOM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CURRENT TABS
  • C:\USERS\TOM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\FILE SYSTEM\ORIGINS\LOCK
  • C:\USERS\TOM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\FILE SYSTEM\000\P\PATHS\LOCK
  • C:\USERS\TOM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_0
  • C:\USERS\TOM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_1
  • C:\USERS\TOM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_2
  • C:\USERS\TOM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_3
  • C:\USERS\TOM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\INDEX
  • C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{3A8BDDA0-D1D7-11E1-B13A-A4BADBBCE60E}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{4C205364-D1DA-11E1-ADCF-A4BADBBCE60E}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{613DBB08-D5F6-11E1-AB93-A4BADBBCE60E}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{6C2639E3-D3F8-11E1-ABC5-A4BADBBCE60E}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{A46F049F-D0E6-11E1-AC1D-A4BADBBCE60E}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{A46F04AC-D0E6-11E1-AC1D-A4BADBBCE60E}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{4C205360-D1DA-11E1-ADCF-A4BADBBCE60E}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{A46F047A-D0E6-11E1-AC1D-A4BADBBCE60E}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{A46F0488-D0E6-11E1-AC1D-A4BADBBCE60E}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{ADDCB7A2-D745-11E1-A3D5-A4BADBBCE60E}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{C02FFF98-D0EB-11E1-AE5E-A4BADBBCE60E}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{A46F04D7-D0E6-11E1-AC1D-A4BADBBCE60E}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{D2DD84B3-D0CC-11E1-A421-A4BADBBCE60E}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{A46F04B8-D0E6-11E1-AC1D-A4BADBBCE60E}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\SCANS\HISTORY\CACHEMANAGER\MPSFC.BIN
  • C:\PROGRAMDATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\MPDIAG.BIN
  • C:\PROGRAMDATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\HISTORY\CACHEMANAGER\MPSCANCACHE-1.BIN
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0324305BF1101668F975054086D4D115_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\05AF208C01A23BABD8BB7BD3BC0809AE_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\03811015632EA8EF535B8FDAA8D04458_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\03A0B77A400927AE2E0B7EA6E76E90B3_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0AC752CC9AA230B3D1EA236D49A2D124_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0916F67D5C9C9D2D2C19F9E6CC5FA4B8_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0B7F8529B7E05034AAA9890BBDB00CB2_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0CD654F162FBCE936A4F839960383535_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0DDAE5EE6C2A6F3A0D55900E71853079_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0AB2C70CF82359DCD2122264C184C7CA_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0E1B874CBE1BD564F52A3AC02C5D7364_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1158307717C44258D0DDFC9280D063B2_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1417F0B66CA63FAB993F725B15341782_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\131CFE8897458CE36EEEF018B7A772D6_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\188C08D69A765F127EBC157EAE5F1ECC_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1B6CA62A39E6CB75D9F4372E925A281C_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\14021AC97DA0881C320CB812FFD72E99_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1C514A2068A1448E3848A456CD24FC39_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1D425261065338F22FC898FB942933C3_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1CD3890066D0DE9C38D20ED9C00B80C6_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\20ED00732184F4D9762AB799B502007E_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1EF8CA227A3F590026B820548C06A8C3_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\25B1C3BE32680D6B6D5F7E44E2E3FEEF_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\26733DA1FA96A8C5CC62EF1D025966AC_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\25EE0A93A90CB476C2092A60116F85D8_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2ADEB8D736D4477A94949B7458D89E62_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2B41961834BB2FB24B7C2F63DDB648D6_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2B4C0B1557B00E74E3621F48BED896C8_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2BF42CE287541E9B70487035758F7966_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2D0C36AF438A9DD6AAB46CC9EF702314_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2A300CE14F13C52AE26935DAED75C4A6_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2D454F2E0E55F4C66DC678B05C5F0CB6_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1B8B1A59F8C7132406F44EA1F9CC7DE4_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2D3EB213B39BCAE091E2567BD830DCFE_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2F13FE74A38D41DC6C5C001C80683F66_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\311842EFE3FF2F534C25E03AB4B2155B_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\32F1F9A48B930FFE0393F01B1AD45784_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\345BB7129D655A7AA7848304867E4083_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\360DA444D7A9053FA2A622EDF032B840_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2E32ED185C3628000EBD4165B1140833_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3886B6282BEA3F1BBE7AF83D40C95A43_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\38C9907CBC0C423D76169AC45795CEF3_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3B0750D1254A2C6551472900383A3379_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3E4B91C207EAE8FC9955AD7A194946F3_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1D4FD8B41042E12D79163431C6EC032D_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2D9F02C9265FF029C8C05DCA5AF0C761_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\42E233071FBB642238B2571EE2B318C1_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\46675AAFB102AD885F3DC412475909D5_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\47A4DA9400EC16AF874DA6CB95B91614_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\440EBBA98E0352A53CB60967DC03A83F_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\487A717F6AAEB2F6DA699C07160CD36D_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\48BC85F4BF1AD893A62FD336DC723A84_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\490722000663F2E6F238474DFEF16536_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\36DE2A2A6264B50870B4F2B19AB2E758_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4C581512E740907711E0F58F5D49DEDB_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4DD03A4EA3CF18B6DFCB24FF0D1D196D_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4ECDDCF93AA4BAD86C18A1F289D72F25_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\51C52B15A6DA001D93A880AB31A16DE5_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\54B926412BDBB87AF54D6E4EFFBB63F6_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4B93F60DFD12B897D68DCFA6179DF5A5_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\554AA94A82E4C5BAD82799DE45ED3DE6_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\58EA978F934ACA5AB9B5B2B7320ABA34_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5912000905F2D8083A51ACAC39395216_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\59EAA4F040ACF873DF25D64D3DD3C5B2_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5B998AC247AEFD86E8641F294EEBB2E4_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\43AC1ED78A70431F600F08574B5F3DE9_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5519DAA21C7ABF23AA622BD563004535_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5C310EF90936C6BC42DC5E41AC6E7690_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5E5675AF2ABE8748F8A8A992FD633D2C_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\64C5B7212E48F08FC0CCA9FEB4714570_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\687D63A44512877F0B25EFD7A6DF8D4E_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\69972D4D2A7BDA66DE46456823F25C6B_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6A4BAD7FDCF66450740AD002D406988E_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6B24D8E9161AE05EE17E4787FC838BF1_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\55A0601FFC9D1225B6D7ECC047ED6640_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6BF302BFB106CB595110FD810BC0B1D1_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6E948B432EE4D3972DD193B86DD5A199_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6C9AF645A5F857CD6DCAAAE498DC9D47_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\714D1F25BF6CB03BF69F7BA7EBDB4F4E_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\714FA7B92E57D5659C9DADDB44F9F00B_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\712E301E1D715A3E6A01C4908BFD7025_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\72EA57E393BA3A3CB8B938815D339424_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\69A879D056BCD2D1048EFC6929D5EC06_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\731EFA16FC4A7E0A9D5B056EEB090134_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\717CA9BCF54DDA616E000761B28A549E_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\73B7F751EAA32E895CE987B8B8744567_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7641F0F96C9AB37C0F3AD46909192696_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7830E33362A852FE46863005536DCCF7_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\791D5B1C8B16602AFF5A1EA9D206A5EC_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7A9A5A1667FA39314395A9B2E8DC016F_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7BBA880EE86762206002F23D9E68D584_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7B3190601EE6258D683B8E0581B34D47_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7E3347EFE17AD0203CEEC690BFEBA74B_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7CAAC5BBB9208BC8A80C537933E47F32_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8078CD576DD9A136BAE82F1DE183EB1D_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7FA8540E5F40071AB3A376FA6FF91F2E_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8466491B68660B47C0C87CC7B6F170FE_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\839A343ADFBDD3CFEE24C3A699E8E0BB_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8409158C977C188E1857567155236479_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\864CC0B9017A0B51CE4BBE9807A22F5D_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8B116F2F1B4A3D91629086355AD42AC1_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8D98B64E3FA00DBD1615A9EA62CA07DD_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9069EEE3DC25A4BAB2F86376D34432C2_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\90CAA942A72B6A753827E6AEE7186E2C_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9305B5F54F75568CAFAF49998CB74D41_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\959FEFBEBA3F770699D22AECC959A7E6_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\92DC0F4B32203C79F3B92C78F4F85029_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\97EE3900C69FF0B806CFBB41B6B4E1F2_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9D1C3C83C0D565164E9D245053D812D4_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9E375760380CDCA7351EB49E07532325_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9EAC4E9316F221D61ED0B3F90D603508_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9FE924F0127B9F3D2338F35D851204E6_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\928207A8252A8A28EFF4F2F6BF04DD85_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\97A9B719DFA48455237556CE73DFE731_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8F2B3C82FD6503D7C716A1064672F03F_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9F5E514F7AD52C0029AB35F55DE7FFDA_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A005092DDAEC354E2F4B6D150BA35EE6_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A26EC2D52F0E141C929A8A481A3390AF_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A4D54B3B2A9EA965F32ECAD778160D76_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A51D12677AEA922956A7BA8CA0B49460_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A5389C1055FCB46FB8E88E80A78E39F8_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A655489F95647EA475997A9D78FFB9ED_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A8E3978010B169CE3CB808ED837B5C7F_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A887B5805534712252826A79EE195EF9_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A172347B4881DEAE82841004C489EF45_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AB09EA8E4776C462DEFE519D24B75F34_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A9AE105EBE2BA802CC452E1F529210DB_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AA89B1436975B01F519FCD33D5B1BCF5_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A9294832A9CF5C2EBBCCEB9E65782D3D_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AF1D208AC947F915772A3781B359FA0B_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AE2C9F19D3BF278073F7A0DE56E7CEEB_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B040A8E2460D768F1257C8215F1A60DB_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B6CDF0558CCFFE1DB1FF6771BA500F22_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AFDFE49EB702E212331BD73545876C11_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B8353587CA0B88850183D963F0BC0586_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B0649623CDC650CD15492DCD29B87759_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B8E143F2B7FC5DE5CF2D890A386849B8_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BA79ADDA9744C1BA40AED3C19D0CEBA5_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BD7D91FBA5AE11575AC4C10B569AD353_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BDE545B4ED8C175B61E94EBEDCFEAF9B_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BE3FB367982FB7A11D1F84E59FD3D2EC_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BB3C0E1B1D4F0A68B08B17B11C5D60D6_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BA138A2BCB1F6DC3EFBC22DF22F2C584_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BCDD0637726D55B987B9F46CFE3264C0_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C034FE364C0EC0C85F43C40B91448095_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BE9005547FF8DA3AF52F43B05E8E09D9_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C084085A18A8B089FA5236D50F734669_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C0B0BE3552F71467377E2547378A0DA5_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C4844F625B774D38CB2A7EA8605D8D65_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C510A2229203FD4E9DD126923B313C1B_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C65828673F3C81F8F99860F0241909EC_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C7A4A852B92CFB713F9D5FB568107CB9_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CDA5D39153EC2E07563909C71D16D33A_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CBAB762D0B26F6464296EB8987DEA791_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CF50AF0E21CFDBF938B4DA9816334F35_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CFA6C977001454ACDFD90547C074557B_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CC4EEF448404C39B27A8CE8A6CE87FA1_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D40EE68EAF87F386FB30FF95B8DB31B1_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D9CC9A624D0218975C5EA81575D22CDC_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D832B8AEC9C43AC11A589698328EC97B_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DE5B92F4A27FCA2CAD525C0AD06C430A_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D81A890B3ED7CEC8A0AF347DA96D09DC_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DFA2E460CC4B19C6BE9A0981279D0931_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E01FFB53B83B5CB3466783F9DA5FF206_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E09EF4985526BC8DEE743473C0499922_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E3560D3F041FE02C82F18A1756DC89C5_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E45A7498AEB1D92F1BAF405A942EF1B6_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E720A77453FEDCD61D1B7017A941279C_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E858D1D2DB8E03E5D14A0B024E274608_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EB5C9FD90DCE1E27BA11C3DB654814A3_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EC28CA12C4299B1895A9C2DF6880C969_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EE7CAFDED995DDF817F792044FD11BBB_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F418873837F12F808F78941F3E1D7D06_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F498B0CF488500AB25F36DFB0CCFD993_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F5807E540B8656D461791AE1C569ADF3_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EA58570F3A6FF2AB3B3B9ADCE0065D9D_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F620C3477DA2099CFB0DB6294902C297_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EFBCF3E262E2977BC9F790C25A518968_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F6FF4567EA31BC2D0796F1AA5F5DC274_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F725372487B79E52FE14D3305FB7AC25_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F952D6A043F10EA37B4FE11FC51547F8_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FA208B257178FB2808BA2803A2336632_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F597284878EF59F576E5A679F205645D_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F120EFC40DBD3A4083DBFF63F74923BA_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EFA64FFC6FAD5D18884DE7B5D169969F_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FBC5DCE0CE2EB0970CEF4FA22BF0C331_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FB055B93451794F0BCFDD0E1015B78B2_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EC90DCC3B2932EE0D467F7B5EEFBE533_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FCC6AC49FD80C1FAAA2288D00AC6CB7E_035D9EDB-107C-4A34-A2A1-D7109479B2A9
  • C:\PROGRAMDATA\JUNGLEDISK\WG-CACHE\TEMP\ETILQS_DF24SZXMIHBEZ0P
  • C:\PROGRAMDATA\JUNGLEDISK\WG-CACHE\TEMP\ETILQS_G7FVTFKLNFYPL4C
[FONT=verdana][/FONT]
[FONT=verdana][FONT=Arial]Options[/FONT][/FONT]

[FONT=verdana]Scanning engines:[/FONT][FONT=verdana]Scanning options:[/FONT]
  • Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR TMP
  • Use advanced heuristics
[FONT=verdana][/FONT]
Copyright © 1998-2009 Product support | Send virus sample to F-Secure

F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
 
DMJ,
Seems to be running great, no major issues noted at all. Your previous posts had talked about uninstalling and reinstalling MSE, and some general cleanup items. I assume since we are running well that those are the next steps?

Again, I can't really thank you and this forum enough !!!

Tom
 
Cool!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point
  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name I.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive I.e. C
  • For a few moments the system will make some calculations:
    diskcleanup1.png
  • Select the More Options tab
    moreoptions.png
  • In the System Restore and Shadow Backups select Clean up
    moreoptions2.png
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


Other than that. Topic marked solved. If any other issues arise, PM me.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back