« previous next »
Pages: [1] 2 3 ... 5   Go Down

Author Topic: Website links open in MS Word  (Read 4755 times)

0 Members and 1 Guest are viewing this topic.

Offline klhendrick

  • Jr. Member
  • **
  • Posts: 54
    • View Profile
Website links open in MS Word
« on: January 12, 2012, 01:49:19 PM »
A couple of weeks ago, when I would click on a website link, it started opening them in MS Word instead of either IE or MSN Explorer (my primary browser).  This is especially frustrating when I use my "Password Manager", which used to open the website in MSN Explorer and then insert my user name and password.  When it first started happening, it was opening  the website in IE.  However, I noticed that my Password Manager had Google Chrome icons next to each website.  Consequently, I uninstalled Google Chrome.  That solved the problem temporarily, and then it started opening links in Word.

About that same time, I started getting a message at boot up of my computer stating "Please check the missing file GB2312-unicode.dic!".  I don't know if there is any connection between the two.  I haven't found any solution for this doing a Google search.

I have run a couple of scans, one with Windows Defender and one with McAfee, but both scans came up clean.

Ken
Logged

Offline klhendrick

  • Jr. Member
  • **
  • Posts: 54
    • View Profile
Re: Website links open in MS Word
« Reply #1 on: January 12, 2012, 06:04:45 PM »
Attach Log

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/1/2010 5:36:44 PM
System Uptime: 1/12/2012 10:26:49 AM (4 hours ago)
.
Motherboard: MICRO-STAR INTERANTIONAL CO.,LTD |  | MS-7376
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | CPU 1 | 2600/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 128 GiB total, 24.871 GiB free.
D: is FIXED (NTFS) - 338 GiB total, 303.23 GiB free.
F: is FIXED (NTFS) - 187 GiB total, 99.075 GiB free.
G: is FIXED (NTFS) - 279 GiB total, 205.27 GiB free.
H: is Removable
X: is CDROM ()
Y: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP170: 1/11/2012 10:20:18 AM - Installed JavaFX 2.0.2 SDK
RP171: 1/11/2012 10:21:53 AM - Installed JavaFX 2.0.2
RP172: 1/11/2012 10:28:12 AM - Installed Garmin Lifetime Updater
RP173: 1/11/2012 4:02:09 PM - Windows Update
RP174: 1/11/2012 9:08:50 PM - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
Aiseesoft Blu-ray Ripper
Amazon MP3 Downloader 1.0.12
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 2010 Advanced
Ask Toolbar
Bing Bar
Bonjour
Brother HL-2170W
Canon Digital Camera Solution Disk 40-46 Software Starter Guide
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon Personal Printing Guide
Canon PowerShot SD1200 IS_IXUS 95 IS Camera User Guide
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
ClipGrab 3.1.0.1
Conduit Engine
Coupon Printer for Windows
D3DX10
DriveImage XML (Private Edition)
Dropbox
Fiesta Download Manager
FlashGet 3.7
Foxreal YouTube FLV Downloader Pro version: 1.0.2.0
Freecorder
Garmin City Navigator North America NT 2009
Garmin City Navigator North America NT 2012.30 Update
Garmin Communicator Plugin
Garmin Lifetime Updater
Garmin MapSource
Garmin USB Drivers
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
iCloud
ImageConverter Plus 8.0
iTunes
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) 7 Update 2
Java(TM) SE Development Kit 7 Update 2
JavaFX 2.0.2
JavaFX 2.0.2 SDK
Junk Mail filter update
jv16 PowerTools 2010
LargeSoftware Password Manager 1.0
McAfee SecurityCenter
mediAvatar PowerPoint to DVD Personal
mediAvatar YouTube Video Converter
MemberTies Professional 4.03
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Image Composite Editor
Microsoft Money 2000 Standard Edition
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Web Publishing Wizard 1.52
MobileMe Control Panel
Moyea YouTube FLV Downloader version: 3.1.2.26
Mozilla Firefox (3.6.13)
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Web Search (Popular Screensavers)
MyAshampoo Toolbar
Network Magic
NVIDIA Display Control Panel
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenOffice.org 3.3
Paragon System Backup 10.5 Special Edition
PCHand Screen Capture 1.8.0.2
PCHand Screen Recorder 1.8.5.4
Pdf995
PDFZilla V1.2.9
PrintMaster 16
Pure Networks Platform
PVSonyDll
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio Easy Media Creator 8 Content
Roxio Easy Media Creator 8 Suite
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Shockwave
Software Informer 1.0 BETA
StarWind Lite, v7.10.30 (Build 20071109, Win32)
SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49
U3Launcher
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WinClear v2.5
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip 14.0
Wondershare DVD Slideshow Builder Standard(Build 6.0.4.25)
Wondershare PPT2Video Pro 6.1.8
.
==== Event Viewer Messages From Past Week ========
.
1/7/2012 2:09:31 PM, Error: Service Control Manager [7023]  - The iPod Service service terminated with the following error:  %%-2147417831
1/12/2012 10:27:53 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  UimBus Uim_IM
.
==== End Of File ===========================


DDS Scan Log

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.2.1
Run by Ken at 14:28:30 on 2012-01-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2047.955 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\mfevtps.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Rocket Division Software\StarWind Lite\StarWindServiceLite.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Paragon Software\System Backup 10.5 Special Edition\program\dbhagent.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\PCHand Screen Capture\ScreenCapture.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\LargeSoftware Password Manager\lspass.exe
C:\ProgramData\U3\U3Launcher\LaunchU3.exe
C:\Users\Ken\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Paragon Software\System Backup 10.5 Special Edition\program\dbhservice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
uURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\prxtbMyA2.dll
mURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\prxtbMyA2.dll
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110702105202.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CatcherBHO Class: {9b4df450-dcc7-4b07-935d-0cd757a64583} - c:\program files\moyea\youtube flv downloader\MoyeaCatcher.dll
BHO: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\prxtbMyA2.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\users\ken\appdata\roaming\flashgetbho\FlashGetBHO3.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\prxtbMyA2.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: MP3Bar: {f6bd6330-76f8-44d9-b775-87614e2d8374} - c:\program files\fiesta download manager\mp3bar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [MoneyAgent] "c:\program files\microsoft money\system\Money Express.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
uRun: [Software Informer] "c:\program files\software informer\softinfo.exe" -autorun
uRun: [fsm]
uRun: [PCHand Screen Capture] c:\program files\pchand screen capture\ScreenCapture.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [FlashGet 3] "c:\program files\flashget network\flashget 3\FlashGet3.exe" -minimize
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [PasswordManager] c:\program files\largesoftware password manager\lspass.exe
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy media creator 8\drag to disc\DrgToDsc.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\sharedcom8\RoxWatchTray.exe"
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DBHAgent] c:\program files\paragon software\system backup 10.5 special edition\program\dbhagent.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\ken\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\ken\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\ken\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\eventr~1.lnk - c:\program files\printmaster 16\pmremind.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launch~1.lnk - c:\windows\installer\{d8e363a7-88b7-446d-b2c0-e26ce4dc8e54}\_294823.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &MP3Bar - c:\program files\fiesta download manager\mp3bar.dll/MENUSEARCH.HTM
IE: Download all by FlashGet3 - c:\users\ken\appdata\roaming\flashgetbho\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\ken\appdata\roaming\flashgetbho\GetUrl.htm
IE: Download with mediAvatar YouTube Video Converter - c:\program files\mediavatar\youtube video converter\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: msn.com\my
Trusted Zone: myvirtualmerchant.com\www
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/PopularScreenSaversInitialSetup1.0.1.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9B008CBD-EC3F-4270-989E-3648B556113B} : DhcpNameServer = 192.168.1.1
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ken\appdata\roaming\mozilla\firefox\profiles\ueq4lf82.default\
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZRxdm4793FUS&ptb=rISZOONDaBjOOGOAGSihhg&ind=2010080510&ptnrS=ZRxdm4793FUS&si=21786&n=77cf64fe&psa=&st=kwd&searchfor=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\largesoftware password manager\lsautofill\components\SPAutofill.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\users\ken\appdata\roaming\mozilla\firefox\profiles\ueq4lf82.default\extensions\{db9127a2-3381-41ec-82b3-1b6ed4c6f29a}\components\FlashGetXPI.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mywebsearch\bar\1.bin\NPMYWEBS.DLL
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: My Web Search: m3ffxtbr@mywebsearch.com - c:\program files\mywebsearch\bar\1.bin
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - %profile%\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
FF - Ext: Password Manager Autofill Engine: {54affe52-8223-453b-be1e-2fe2e250045c} - c:\program files\largesoftware password manager\lsautofill
.
============= SERVICES / DRIVERS ===============
.
R0 FTT3s;FTT3s;c:\windows\system32\drivers\FTT3s.sys [2009-8-21 184912]
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2010-9-29 58568]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-1-12 387480]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-1-12 64584]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-1-12 165032]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-12 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-12 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-12 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-12 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-12 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-12 141792]
R2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2010-8-5 28762]
R2 StarWindServiceLite;StarWind Service Lite;c:\program files\rocket division software\starwind lite\StarWindServicelite.exe [2010-7-5 297984]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-12 56064]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-12 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-12 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-12 314088]
R3 Paragon System Backup Service;Paragon System Backup Service;c:\program files\paragon software\system backup 10.5 special edition\program\dbhservice.exe [2011-10-6 160048]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-11-5 230912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-22 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-10 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-22 136176]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-12 84488]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-7 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-1 1343400]
.
=============== Created Last 30 ================
.
2012-01-12 15:30:08   --------   d-----w-   c:\users\ken\appdata\local\{40886ED5-FDFD-4B87-8647-B2A27FCB6703}
2012-01-12 15:29:52   --------   d-----w-   c:\users\ken\appdata\local\{196879D8-3FBF-4A8E-9312-3B24B9122F43}
2012-01-12 01:19:33   --------   d-----w-   c:\users\ken\appdata\local\{F9E75613-76EC-4FE4-AEF3-ED941E2BE593}
2012-01-12 01:19:20   --------   d-----w-   c:\users\ken\appdata\local\{1A56F0D9-4B53-4F8D-8ACE-589D1B3DD847}
2012-01-11 21:02:34   56200   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\{b1e4d521-9857-4a88-906d-e6ca72368fd6}\offreg.dll
2012-01-11 21:02:32   6823496   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\{b1e4d521-9857-4a88-906d-e6ca72368fd6}\mpengine.dll
2012-01-11 16:09:38   1288472   ----a-w-   c:\windows\system32\ntdll.dll
2012-01-11 16:09:36   67072   ----a-w-   c:\windows\system32\packager.dll
2012-01-11 16:09:33   514560   ----a-w-   c:\windows\system32\qdvd.dll
2012-01-11 16:09:33   1328128   ----a-w-   c:\windows\system32\quartz.dll
2012-01-11 15:20:36   --------   d-----w-   c:\program files\Oracle
2012-01-11 15:18:48   637848   ----a-w-   c:\windows\system32\npdeployJava1.dll
2012-01-11 13:31:59   --------   d-----w-   c:\users\ken\appdata\roaming\FixCleaner
2012-01-11 13:31:53   --------   d-----w-   c:\program files\FixCleaner
2012-01-11 13:18:47   --------   d-----w-   c:\users\ken\appdata\local\{DBF7C065-A5EE-419A-8A2C-29563F661D10}
2012-01-11 13:18:31   --------   d-----w-   c:\users\ken\appdata\local\{458494D5-F8BD-4C7A-BA14-B2F513A37E1D}
2012-01-10 23:00:50   --------   d-----w-   c:\program files\CCleaner
2012-01-10 15:19:05   --------   d-----w-   c:\users\ken\appdata\local\{3FF432B2-2A5E-45CE-A59F-6B87BAEE19E0}
2012-01-10 15:18:46   --------   d-----w-   c:\users\ken\appdata\local\{820B2FF8-6A84-43EC-B028-A6D31E6B9ACC}
2012-01-10 00:21:43   --------   d-----w-   c:\users\ken\appdata\local\{AE284FD6-2A5A-401A-8752-C133B52E46AE}
2012-01-10 00:21:29   --------   d-----w-   c:\users\ken\appdata\local\{B6CB4B9A-ED02-4099-BD4A-37D6BD4CE7A9}
2012-01-09 12:21:08   --------   d-----w-   c:\users\ken\appdata\local\{400E01CB-2270-4D97-94CF-A49DF1E522B9}
2012-01-09 12:20:47   --------   d-----w-   c:\users\ken\appdata\local\{66F886CD-C287-494F-A3AF-E87C2F97CDBA}
2012-01-07 19:10:35   --------   d-----w-   c:\users\ken\appdata\local\{EE1DB9CD-DAA8-4B4F-B4AB-C204B550EE21}
2012-01-07 19:10:19   --------   d-----w-   c:\users\ken\appdata\local\{95364676-9212-4B98-AB87-02089EFD6285}
2012-01-06 14:54:59   --------   d-----w-   c:\users\ken\appdata\local\{3C783FC7-3FEF-4989-81EA-F8D2E86E26E6}
2012-01-06 14:54:46   --------   d-----w-   c:\users\ken\appdata\local\{40C310B4-475A-4FB6-8D3D-CFB1B6EC58B1}
2012-01-06 02:54:16   --------   d-----w-   c:\users\ken\appdata\local\{4161222F-1823-4518-A833-102A3AAD0478}
2012-01-06 02:54:03   --------   d-----w-   c:\users\ken\appdata\local\{9F309579-26BD-4CCF-9FD4-AC2489249510}
2012-01-05 14:53:38   --------   d-----w-   c:\users\ken\appdata\local\{BBB28780-1B13-46A1-BB68-4B8FBC8A42D4}
2012-01-05 14:53:19   --------   d-----w-   c:\users\ken\appdata\local\{6F3C4C99-1769-4C16-AAEF-BFFD36F5FB6F}
2012-01-04 16:34:10   --------   d-----w-   c:\users\ken\appdata\local\{9A616A2E-D83D-437C-8A3A-DF2D91E1F40B}
2012-01-04 16:33:55   --------   d-----w-   c:\users\ken\appdata\local\{567C8FF9-39D6-45DE-84CE-D7C20D27281D}
2012-01-04 15:55:38   --------   d-----w-   c:\users\ken\appdata\local\{28164AC6-4179-4717-A6C8-48570ABE5F2A}
2012-01-04 15:55:24   --------   d-----w-   c:\users\ken\appdata\local\{71047F4C-7459-4318-BE76-1224E7D6E00D}
2012-01-03 20:53:22   --------   d-----w-   c:\users\ken\appdata\roaming\BUFFALO
2012-01-03 20:43:21   --------   d-----w-   c:\program files\BUFFALO
2012-01-03 17:03:44   --------   d-----w-   c:\users\ken\appdata\local\{75E465C9-FE8F-479F-B202-5E8173B2D063}
2012-01-03 17:03:31   --------   d-----w-   c:\users\ken\appdata\local\{93D5864E-EE32-431A-825E-00C0FC54ADF7}
2012-01-03 13:10:44   182672   ----a-w-   c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-01-03 13:10:44   182672   ----a-w-   c:\program files\internet explorer\plugins\nppdf32.dll
2012-01-03 05:03:17   --------   d-----w-   c:\users\ken\appdata\local\{E03853F6-410F-44E0-B7FD-D75E736B0035}
2012-01-03 05:03:04   --------   d-----w-   c:\users\ken\appdata\local\{538A73FF-3DAB-4802-8BBB-87A3B47D1E29}
2012-01-02 17:02:29   --------   d-----w-   c:\users\ken\appdata\local\{1D3D8FF5-ADAC-4E2C-90EA-C9E49D7D7064}
2012-01-02 17:02:13   --------   d-----w-   c:\users\ken\appdata\local\{F77F14FD-D8D6-4C42-8514-E418E125048C}
2012-01-02 15:06:36   --------   d-----w-   c:\users\ken\appdata\local\{212460E1-5916-4328-AEC8-4D02DC69F873}
2012-01-02 15:06:03   --------   d-----w-   c:\users\ken\appdata\local\{2E4E70E6-5C3F-4528-858B-3015456A6ABE}
2012-01-01 20:01:12   --------   d-----w-   c:\users\ken\appdata\local\{3AEF0461-875D-4481-A135-A27A0A2FEE79}
2012-01-01 20:00:58   --------   d-----w-   c:\users\ken\appdata\local\{F5A04F3C-D957-4127-9D1C-771F942F4D67}
2011-12-31 15:48:49   --------   d-----w-   c:\users\ken\appdata\local\{34BF400F-2F8B-4D93-A2D6-4A860D831EA7}
2011-12-31 15:48:13   --------   d-----w-   c:\users\ken\appdata\local\{B092E3A4-210F-4ACF-AFEE-36848D70230A}
2011-12-31 02:10:33   --------   d-----w-   c:\users\ken\appdata\local\{1E2E141F-CAAD-4B50-9702-9EDE101E2B32}
2011-12-31 02:10:20   --------   d-----w-   c:\users\ken\appdata\local\{4801CE5F-B415-48AE-B240-0B017FD11020}
2011-12-30 14:10:00   --------   d-----w-   c:\users\ken\appdata\local\{EC6CC763-EB5E-4A06-A99B-90AB7CFE8A96}
2011-12-30 14:09:16   --------   d-----w-   c:\users\ken\appdata\local\{72C87C87-C701-4AC9-AE4D-34E070BF5098}
2011-12-29 15:10:35   --------   d-----w-   c:\users\ken\appdata\local\{CB307791-7055-4B28-90FB-200BD8B2C1BB}
2011-12-29 15:10:09   --------   d-----w-   c:\users\ken\appdata\local\{ABAC685A-B038-4EA8-B6AD-0C125DBC0B74}
2011-12-28 20:07:38   --------   d-----w-   c:\users\ken\appdata\local\{026BE230-E087-4829-8252-8A169AB297BA}
2011-12-28 20:07:15   --------   d-----w-   c:\users\ken\appdata\local\{D2916132-8072-4DB8-93DD-DB38EDB2949F}
2011-12-27 16:31:52   --------   d-----w-   c:\program files\Garmin GPS Plugin
2011-12-27 15:50:53   --------   d-----w-   c:\users\ken\appdata\local\{8D9363E4-78FD-4890-8852-444FA144B45C}
2011-12-27 15:50:30   --------   d-----w-   c:\users\ken\appdata\local\{62B339F5-1351-4477-9277-5E361C92F156}
2011-12-26 13:55:52   --------   d-----w-   c:\users\ken\appdata\local\{ACE17C44-AB56-47FF-95D2-36C9B8C31962}
2011-12-26 13:55:33   --------   d-----w-   c:\users\ken\appdata\local\{FEBBF2EA-C4D0-4F79-9D7F-07ACE8338F50}
2011-12-26 00:22:34   --------   d-----w-   c:\users\ken\appdata\local\{ABEA3346-AD7C-46D8-B89F-2319B0114479}
2011-12-26 00:21:46   --------   d-----w-   c:\users\ken\appdata\local\{51D945CD-DF2C-4380-8EFB-27B036CA3FCC}
2011-12-24 16:06:04   --------   d-----w-   c:\users\ken\appdata\local\{200296A5-1089-4619-8606-1018348D327E}
2011-12-24 16:05:47   --------   d-----w-   c:\users\ken\appdata\local\{4898F101-134A-4F28-847B-BC2D07F6AB02}
2011-12-23 15:51:03   --------   d-----w-   c:\users\ken\appdata\local\{A6ADF43E-B0D2-4BC5-9B9E-ABAC7824E093}
2011-12-23 15:50:51   --------   d-----w-   c:\users\ken\appdata\local\{5F666A49-FC24-4BBB-9126-0E5F3BEDCEE6}
2011-12-23 03:50:21   --------   d-----w-   c:\users\ken\appdata\local\{E3054565-07A3-4AB4-A612-1AFD12339B99}
2011-12-23 03:50:08   --------   d-----w-   c:\users\ken\appdata\local\{288C77AC-37CB-4189-B51B-60BD3B8ACD8D}
2011-12-22 15:49:29   --------   d-----w-   c:\users\ken\appdata\local\{49A92244-D7A7-4DF4-AE80-4D6BD7EF760C}
2011-12-22 15:49:08   --------   d-----w-   c:\users\ken\appdata\local\{A2F72546-C5E9-4512-BD76-E3C066FC838F}
2011-12-21 17:58:29   --------   d-----w-   C:\archdb
2011-12-21 16:27:14   --------   d-----w-   c:\programdata\Paragon
2011-12-21 15:10:38   --------   d-----w-   c:\users\ken\appdata\local\{53434E2E-A6F9-4B3E-BBE0-D2C7BFEDF737}
2011-12-21 15:10:24   --------   d-----w-   c:\users\ken\appdata\local\{00AEAA8A-81CD-45FB-94E5-85C24191B487}
2011-12-20 13:46:22   --------   d-----w-   c:\users\ken\appdata\local\{0D0FC7BB-03AA-450E-9D66-35EE7776A06C}
2011-12-20 13:46:09   --------   d-----w-   c:\users\ken\appdata\local\{52626446-5032-414F-AA60-A53DCF16CD45}
2011-12-20 01:45:37   --------   d-----w-   c:\users\ken\appdata\local\{F776EE43-670D-4A37-905C-D988B22FACF1}
2011-12-20 01:45:24   --------   d-----w-   c:\users\ken\appdata\local\{D58550AB-9384-4ACD-8935-BD865A25E745}
2011-12-19 13:44:58   --------   d-----w-   c:\users\ken\appdata\local\{F0A5396F-5A5B-410E-B7AA-568E30FC4E61}
2011-12-19 13:44:39   --------   d-----w-   c:\users\ken\appdata\local\{D8BB1851-8578-4CB8-A94B-F242B25B1001}
2011-12-18 16:19:41   --------   d-----w-   c:\users\ken\appdata\local\{8567E75A-2C9B-4FEA-89FE-A4CDC3FCAD3C}
2011-12-18 16:19:29   --------   d-----w-   c:\users\ken\appdata\local\{7B276CAA-4E4D-45BB-896D-AADD7CEAA147}
2011-12-18 04:19:14   --------   d-----w-   c:\users\ken\appdata\local\{7AB6696E-AAC8-413A-BC64-9FB205C62C04}
2011-12-18 04:19:01   --------   d-----w-   c:\users\ken\appdata\local\{81489A53-1DD6-4606-A9FE-108E79578CF7}
2011-12-17 16:18:34   --------   d-----w-   c:\users\ken\appdata\local\{C29E3570-DDB0-4A09-BFC4-9F82B0760B8E}
2011-12-17 16:18:15   --------   d-----w-   c:\users\ken\appdata\local\{1DB110DB-CE73-4366-810A-F6C822060EED}
2011-12-16 19:57:39   --------   d-----w-   c:\program files\iPod
2011-12-16 19:57:37   --------   d-----w-   c:\program files\iTunes
2011-12-16 14:48:01   --------   d-----w-   c:\users\ken\appdata\local\{0D703442-0119-4178-81A5-1005EDC9999C}
2011-12-16 14:47:48   --------   d-----w-   c:\users\ken\appdata\local\{8800FC76-0901-4D91-879C-65F4E9548200}
2011-12-16 02:47:17   --------   d-----w-   c:\users\ken\appdata\local\{17D5DBAC-C2F2-487C-9530-7CDFFC88D505}
2011-12-16 02:47:04   --------   d-----w-   c:\users\ken\appdata\local\{722F7B9E-C630-4C5E-812B-ABA17775DAE7}
2011-12-15 20:14:46   2342912   ----a-w-   c:\windows\system32\win32k.sys
2011-12-15 20:14:40   2048   ----a-w-   c:\windows\system32\tzres.dll
2011-12-15 20:14:10   38912   ----a-w-   c:\windows\system32\csrsrv.dll
2011-12-15 20:14:08   534528   ----a-w-   c:\windows\system32\EncDec.dll
2011-12-15 20:14:05   3912560   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-12-15 20:14:04   3967856   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2011-12-15 14:46:49   --------   d-----w-   c:\users\ken\appdata\local\{F92D45FC-0219-4C19-96E8-585840315763}
2011-12-15 14:46:36   --------   d-----w-   c:\users\ken\appdata\local\{245FC452-A186-45A2-AD3D-670F288CCCEF}
2011-12-15 02:46:20   --------   d-----w-   c:\users\ken\appdata\local\{C35D6852-B780-4D75-A83D-CFBAD63E22C3}
2011-12-15 02:46:07   --------   d-----w-   c:\users\ken\appdata\local\{DB262C8E-E797-4444-A053-3E73497D3810}
2011-12-14 14:45:39   --------   d-----w-   c:\users\ken\appdata\local\{667551AC-5CE0-4BDF-A104-F366E94FB793}
2011-12-14 14:45:17   --------   d-----w-   c:\users\ken\appdata\local\{DE13C126-19BD-40CA-8C2A-DC543DB5CB0E}
2011-12-14 02:06:38   --------   d-----w-   c:\programdata\MSNDynFiles
.
==================== Find3M  ====================
.
2011-12-02 20:28:01   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-15 19:29:56   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-11-09 00:56:06   567184   ----a-w-   c:\windows\system32\deployJava1.dll
2011-11-03 22:47:42   1798144   ----a-w-   c:\windows\system32\jscript9.dll
2011-11-03 22:40:21   1427456   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47   1127424   ----a-w-   c:\windows\system32\wininet.dll
2011-11-03 22:31:57   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2011-10-24 18:29:02   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29:02   69632   ----a-w-   c:\windows\system32\QuickTime.qts
2010-01-01 20:38:18   47799280   ----a-w-   c:\program files\AVSVideoConverter.exe
2006-05-03 16:06:54   163328   --sha-r-   c:\windows\system32\flvDX.dll
2007-02-21 17:47:16   31232   --sha-r-   c:\windows\system32\msfDX.dll
2008-03-16 19:30:52   216064   --sha-r-   c:\windows\system32\nbDX.dll
2010-01-07 04:00:00   107520   --sha-r-   c:\windows\system32\TAKDSDecoder.dll
.
============= FINISH: 14:29:54.09 ===============


Checkup Log

 Results of screen317's Security Check version 0.99.30 
 Windows 7 Service Pack 1 x86 (UAC is disabled!) 
 Internet Explorer 9 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Enabled! 
 McAfee SecurityCenter     
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
 CCleaner     
 JavaFX 2.0.2   
 JavaFX 2.0.2 SDK   
 Java(TM) 6 Update 29 
 Java(TM) 7 Update 2 
 Java(TM) SE Development Kit 7 Update 2
 Adobe Reader X (10.1.2)
 Mozilla Firefox (3.6.13) Firefox out of Date! 
````````````````````````````````
Process Check: 
objlist.exe by Laurent
``````````End of Log````````````
Logged

Offline klhendrick

  • Jr. Member
  • **
  • Posts: 54
    • View Profile
Re: Website links open in MS Word
« Reply #2 on: January 12, 2012, 06:12:46 PM »
Forgot to mention that "Ghost" suggested I try this forum.
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 12797
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Website links open in MS Word
« Reply #3 on: January 12, 2012, 10:53:21 PM »
Hi, klhendrick.

You almost left out the most important information -- Ghost is a long-time friend.

First things first, I strongly advise you to uninstall FixCleaner.  Since I had never heard of it before, I attempted to research the product, hoping that it isn't a registry cleaner (I'll get to that in shortly).  My attempts to learn more about the program were blocked by my antivirus software, ESET Smart Security:

Quote
Access to the web page was blocked by ESET Smart Security. The web page is on the list of websites with potentially dangerous contents.

Even moving the mouse over the search results caused ESET to block the IP address. 

It is possible that FixCleaner or some other program changed your file associations (It appears that Buffalo was installed around the time frame the problem seems to have started).  Does FixCleaner create a registry backup?

So, now on to my "lecture" about registry cleaners. ;) 

Windows is a closed source system. Developers of registry cleaners do not have the core code of Windows 7 and are not working on definitive information, but rather they are going on past knowledge and experience. Automatic cleaners will usually have to do some guesswork.

Modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. No registry cleaner is completely safe and the potential is ever present to cause more problems than they claim to fix.

Registry cleaners cannot distinguish between good and bad. If you run a registry cleaner, it will delete all those keys which are obsolete and sitting idle; but in reality, those keys may well be needed by some programs or windows at a later time.

Windows 7 is much more efficient at managing the registry than previous Windows versions.  Removing any leftover keys from uninstalling programs will not make 1 millisecond's difference in performance.  If you run a registry cleaner and do not know precisely what you are doing, you will have problems down the road. There are no gains to be had from using a registry cleaner and the risk is great.

Forget all the "wisdom" you learned about XP. Windows 7 is not XP and does not manage the registry the same as XP.

From Microsoft at Increase PC speed: Optimize your computer, help your PC run faster:

Quote
Note: This article does not address or recommend tinkering with the registry files. Such activities can be detrimental to your computer and should only be attempted by properly trained professionals.

Also see Are registry cleaners necessary?

Should you at any time tinker with the registry, first create a backup.  See Back up the registry.

End "lecture" :)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Now, about the two entries in the Trusted Zone:

Trusted Zone: msn.com\my
Trusted Zone: myvirtualmerchant.com\www

Personally, I would not allow any programs in the Trusted Zone.  After all, even well known sites can be the victim of an SQL injection, hidden scripts, and more.  If you elect to remove the entries from the Trusted Zone, please do the following:
  • Launch Internet Explorer, click Internet Options on the Tools  menu, and then click the Security tab.
  • Click Trusted Sites, and then click Sites.
  • Click the site you want to delete, and then click Remove.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Questions:

1.  Are you an application developer?  If not, why do you need Java FX?

2.  Did you intentionally install all of those toolbars or did some come with third-party installs? 
  • Bing Bar
  • Ask Toolbar
  • My Web Search
  • MyAshampoo Toolbar
  • Conduit Engine
  • MP3Bar
  • Google Toolbar
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please follow these instructions carefully.

Download ComboFix from one of the following locations:

Link 1
Link 2

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray. 

Note:  If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum:  How to disable your security applications.

Now, please run ComboFix:
  • Note:  If infections are found, ComboFix will automatically reboot the machine to complete the removal process.  Please ensure all opened windows are closed before proceeding.
  • Double-click ComboFix.exe on your desktop and follow the prompts.
  • As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

  • After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

  • Click "Yes" to continue scanning for malware.
  • When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply along with the answers to my questions above.
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline klhendrick

  • Jr. Member
  • **
  • Posts: 54
    • View Profile
Re: Website links open in MS Word
« Reply #4 on: January 13, 2012, 03:52:18 PM »
Corrine,

Thanks for helping me out.

Before answering your questions or including the Combofix log, I will tell you about the process of running Combofix and the results after running it.  Before running it, I disconnected  my Internet cable, closed all open windows and programs, including disabling McAfee.  However, I forgot Windows Defender because there was no open icon for it.  I then ran Combofix.  After it ran and rebooted my computer, I was UNABLE to open most programs, including MSN Explorer, IE or Firefox.  Therefore, I am doing this on my laptop.  I saved the log to a hard  drive and marked it to share so I could access it from my laptop.  Fortunately, I was able to open Windows Explorer on my desktop (the problem computer).  The message I got when trying to open MSN Explorer (other programs gave similar messages) was:  "c:\ProgramFiles\MSN\MSNCoreFiles\msn.exe"  "Illegal operation attempted on a registry key that has been marked for deletion."

Now to answer your questions:

Uninstall "FixCleaner":  FixCleaner was not listed in programs available to uninstall with Programs and Features in Control Panel.  I found it under Program Files on my "C" drive.  It had only six 1 KB files, 5 were HTML and one text file.  Should I delete that folder???  I have no idea where this came from.

Buffalo is a new external hard drive I just bought to backup my desktop.  However, because of the problems I was having, I did not do a backup.  However, I did install the backup software located on that hard drive.  Subsequent to that, I  did a system restore to  try and correct my problems.  The problems were occurring before installing the external hard drive.  After doing the system restore, I was not able to open the external hard drive software, so I returned it.

I HAVE MADE NOTE OF YOUR COMMENTS REGARDING REGISTRY CLEANERS AND WILL NOT MAKE ANY ATTEMPT TO  DO SO IN THE FUTURE.

I did not attempt to remove the two entries in my Trusted  Zone.  The first entry  "msn.com|my" is for my MSN Internet Service.  The second is for a credit card processing company that I used to use as Treasurer of  an organization I belong  to.  I  will be using it again later this year when I fill in for the new Treasurer.  IS THERE ANY PROBLEM THAT WOULD  BE CREATED BY REMOVING THEM?

I installed Java FX as part of reinstalling Java.  I thought that might be the source of my problem.  No, I am NOT an application developer!  Should I uninstall the Java FX?

I DID NOT intentionally install any of the toolbars you listed.  Should I go ahead and uninstall  them?  I am still  able to open Control Panel.

I think that answers your questions.

Here is the Combofix Log:

ComboFix 12-01-13.03 - Ken 01/13/2012  11:03:25.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2047.1273 [GMT -5:00]
Running from: c:\users\Ken\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\CHROME.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTactl.dll
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTmlmu.dll
c:\program files\MyWebSearch\bar\1.bin\F3HTtpct.dll
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCrctr.dll
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\INSTALL.RDF
c:\program files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\1.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3FFTBPR.DLL
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTml.dll
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSg.dll
c:\program files\MyWebSearch\bar\1.bin\M3OUtlcn.dll
c:\program files\MyWebSearch\bar\1.bin\M3PATCH.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3UNPAT.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSMLBTN.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSUABTN.DLL
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\Windows Searchqu Toolbar
c:\program files\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\datamngr.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
c:\program files\Windows Searchqu Toolbar\Datamngr\DnsBHO.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest.alt
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF8.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\DataMngr.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\DnsBHO.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\Error404BHO.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\NewTabBHO.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\RelatedSearch.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\SearchBHO.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\SettingManager.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\Settings.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\Settings.xml.alt
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\install.rdf
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\install.rdf.alt
c:\program files\Windows Searchqu Toolbar\Datamngr\IEBHO.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\as_guid.dat
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\imeshcode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\template.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\tb_icon.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget_version
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ca.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\divider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\games.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_amazon.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_games.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\images.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search-go.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\mail.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\music.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\news.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\settings.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\translate.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\weather.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\web.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\components\windowmediator.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\manifest.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstall.exe
c:\program files\Windows Searchqu Toolbar\sysid.ini
c:\program files\Windows Searchqu Toolbar\uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk
c:\users\Ken\AppData\Local\Microsoft\Windows\Temporary Internet Files\Sys5889.Data Repository.sys
c:\users\Ken\AppData\Roaming\PriceGong
c:\users\Ken\AppData\Roaming\PriceGong\Data\1.xml
c:\users\Ken\AppData\Roaming\PriceGong\Data\a.xml
c:\users\Ken\AppData\Roaming\PriceGong\Data\b.xml
c:\users\Ken\AppData\Roaming\PriceGong\Data\c.xml
c:\users\Ken\AppData\Roaming\PriceGong\Data\d.xml
c:\users\Ken\AppData\Roaming\PriceGong\Data\e.xml
c:\users\Ken\AppData\Roaming\PriceGong\Data\f.xml
c:\users\Ken\AppData\Roaming\PriceGong\Data\g.xml
c:\users\Ken\AppData\Roaming\PriceGong\Data\h.xml
c:\users\Ken\AppData\Roaming\PriceGong\Data\i.xml
c:\users\Ken\AppData\Roaming\PriceGong\Data\J.xml
c:\users\Ken\AppData\Roaming\PriceGong\Data\k.xml
c:\users\Ken\AppData\Roaming\PriceGong\Data\l.xml
c:\users\Ken\AppData\Roaming\PriceGong\Data\m.xml
c:\users\Ken\AppData\Roaming\PriceGong\Data\mru.xml
c:\users\Ken\AppData\Roaming\PriceGong\Data\n.xml
c:\users\Ken\AppData\Roaming\PriceGong\Data\o.xml
c:\users\Ken\AppData\Roaming\PriceGong\Data\p.xml
c:\users\Ken\AppData\Roaming\PriceGong\Data\q.xml
c:\users\Ken\AppData\Roaming\PriceGong\Data\r.xml
c:\users\Ken\AppData\Roaming\PriceGong\Data\s.xml
c:\users\Ken\AppData\Roaming\PriceGong\Data\t.xml
c:\users\Ken\AppData\Roaming\PriceGong\Data\u.xml
c:\users\Ken\AppData\Roaming\PriceGong\Data\v.xml
c:\users\Ken\AppData\Roaming\PriceGong\Data\w.xml
c:\users\Ken\AppData\Roaming\PriceGong\Data\x.xml
c:\users\Ken\AppData\Roaming\PriceGong\Data\y.xml
c:\users\Ken\AppData\Roaming\PriceGong\Data\z.xml
c:\users\Ken\GoToAssistDownloadHelper.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\MailBee.dll
c:\windows\system32\msnphoto.scr
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MyWebSearchService
.
.
(((((((((((((((((((((((((   Files Created from 2011-12-13 to 2012-01-13  )))))))))))))))))))))))))))))))
.
.
2012-01-13 16:16 . 2012-01-13 16:23   --------   d-----w-   c:\users\Ken\AppData\Local\temp
2012-01-13 16:16 . 2012-01-13 16:16   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-01-13 16:16 . 2012-01-13 16:16   --------   d-----w-   c:\users\TEST\AppData\Local\temp
2012-01-13 12:33 . 2012-01-13 12:33   56200   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D7EB2B9-858B-469C-8208-02A5E5216663}\offreg.dll
2012-01-13 12:33 . 2011-11-30 07:21   6823496   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D7EB2B9-858B-469C-8208-02A5E5216663}\mpengine.dll
2012-01-12 19:52 . 2012-01-12 19:52   --------   d-----w-   c:\users\Ken\AppData\Local\jZip
2012-01-12 19:52 . 2012-01-12 19:52   --------   d-----w-   c:\programdata\boost_interprocess
2012-01-12 19:51 . 2012-01-12 19:52   --------   d-----w-   c:\program files\jZip
2012-01-11 16:09 . 2011-11-17 05:38   1288472   ----a-w-   c:\windows\system32\ntdll.dll
2012-01-11 16:09 . 2011-11-19 14:01   67072   ----a-w-   c:\windows\system32\packager.dll
2012-01-11 16:09 . 2011-10-26 04:32   514560   ----a-w-   c:\windows\system32\qdvd.dll
2012-01-11 16:09 . 2011-10-26 04:32   1328128   ----a-w-   c:\windows\system32\quartz.dll
2012-01-11 15:20 . 2012-01-11 15:22   --------   d-----w-   c:\program files\Oracle
2012-01-11 15:20 . 2012-01-11 15:20   --------   d-----w-   c:\program files\Common Files\Java
2012-01-11 15:18 . 2011-11-09 00:56   637848   ----a-w-   c:\windows\system32\npdeployJava1.dll
2012-01-11 13:31 . 2012-01-11 13:47   --------   d-----w-   c:\users\Ken\AppData\Roaming\FixCleaner
2012-01-11 13:31 . 2012-01-11 13:56   --------   d-----w-   c:\program files\FixCleaner
2012-01-10 23:00 . 2012-01-10 23:00   --------   d-----w-   c:\program files\CCleaner
2012-01-03 20:53 . 2012-01-03 20:53   --------   d-----w-   c:\users\Ken\AppData\Roaming\BUFFALO
2012-01-03 20:43 . 2012-01-04 16:29   --------   d-----w-   c:\program files\BUFFALO
2012-01-03 13:10 . 2012-01-03 13:10   182672   ----a-w-   c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:10 . 2012-01-03 13:10   182672   ----a-w-   c:\program files\Internet Explorer\plugins\nppdf32.dll
2011-12-27 16:31 . 2011-12-27 16:31   --------   d-----w-   c:\program files\Garmin GPS Plugin
2011-12-21 17:58 . 2011-12-21 18:12   --------   d-----w-   C:\archdb
2011-12-21 16:27 . 2011-12-21 16:27   --------   d-----w-   c:\programdata\Paragon
2011-12-16 19:57 . 2011-12-16 19:57   --------   d-----w-   c:\program files\iPod
2011-12-16 19:57 . 2011-12-16 19:58   --------   d-----w-   c:\program files\iTunes
2011-12-15 20:14 . 2011-11-24 04:25   2342912   ----a-w-   c:\windows\system32\win32k.sys
2011-12-15 20:14 . 2011-11-05 04:26   2048   ----a-w-   c:\windows\system32\tzres.dll
2011-12-15 20:14 . 2011-10-26 04:28   38912   ----a-w-   c:\windows\system32\csrsrv.dll
2011-12-15 20:14 . 2011-10-15 05:38   534528   ----a-w-   c:\windows\system32\EncDec.dll
2011-12-15 20:14 . 2011-10-26 04:47   3912560   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-12-15 20:14 . 2011-10-26 04:47   3967856   ----a-w-   c:\windows\system32\ntkrnlpa.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-02 20:28 . 2011-06-23 00:35   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-15 19:29 . 2010-07-01 22:16   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-11-09 00:56 . 2011-08-22 12:38   567184   ----a-w-   c:\windows\system32\deployJava1.dll
2011-10-24 18:29 . 2011-10-24 18:29   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29   69632   ----a-w-   c:\windows\system32\QuickTime.qts
2010-01-01 20:38 . 2010-01-01 20:37   47799280   ----a-w-   c:\program files\AVSVideoConverter.exe
2011-04-14 18:01 . 2011-01-24 19:32   24376   ----a-w-   c:\program files\mozilla firefox\components\Scriptff.dll
2006-05-03 16:06   163328   --sha-r-   c:\windows\System32\flvDX.dll
2007-02-21 17:47   31232   --sha-r-   c:\windows\System32\msfDX.dll
2008-03-16 19:30   216064   --sha-r-   c:\windows\System32\nbDX.dll
2010-01-07 04:00   107520   --sha-r-   c:\windows\System32\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54   175912   ----a-w-   c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2011-01-17 14:54   175912   ----a-w-   c:\program files\MyAshampoo\prxtbMyA2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-02 00:17   1487240   ----a-w-   c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA2.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{F6BD6330-76F8-44d9-B775-87614E2D8374}"= "c:\program files\Fiesta Download Manager\mp3bar.dll" [2010-10-27 221696]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{d
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 12797
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Website links open in MS Word
« Reply #5 on: January 13, 2012, 04:47:20 PM »
Hi, klhendrick.

Yes, uninstall any of the toolbars that you do not wish to keep.  ComboFix took care of a couple of them.  In addition, you can remove the following Java programs (keeping Java 7 Update 2):

Java(TM) 6 Update 29
Java(TM) SE Development Kit 7 Update 2
JavaFX 2.0.2
JavaFX 2.0.2 SDK

Due to the length of the log, the end got cut off by the forum software.  Please go to C:\Qoobox\ComboFix.txt and scroll down to the "Reg Loading Points" section.  Copy/paste from there to the end.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

Thank you!
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline klhendrick

  • Jr. Member
  • **
  • Posts: 54
    • View Profile
Re: Website links open in MS Word
« Reply #6 on: January 13, 2012, 06:07:48 PM »
Here's the rest of the log:

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54   175912   ----a-w-   c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2011-01-17 14:54   175912   ----a-w-   c:\program files\MyAshampoo\prxtbMyA2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-02 00:17   1487240   ----a-w-   c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA2.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{F6BD6330-76F8-44d9-B775-87614E2D8374}"= "c:\program files\Fiesta Download Manager\mp3bar.dll" [2010-10-27 221696]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{f6bd6330-76f8-44d9-b775-87614e2d8374}]
[HKEY_CLASSES_ROOT\ToolBand.MP3Bar.1]
[HKEY_CLASSES_ROOT\TypeLib\{09082C8C-70CA-4077-AFBB-C2F85AFC7438}]
[HKEY_CLASSES_ROOT\ToolBand.MP3Bar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\prxtbMyA2.dll" [2011-01-17 175912]
"{F6BD6330-76F8-44D9-B775-87614E2D8374}"= "c:\program files\Fiesta Download Manager\mp3bar.dll" [2010-10-27 221696]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{f6bd6330-76f8-44d9-b775-87614e2d8374}]
[HKEY_CLASSES_ROOT\ToolBand.MP3Bar.1]
[HKEY_CLASSES_ROOT\TypeLib\{09082C8C-70CA-4077-AFBB-C2F85AFC7438}]
[HKEY_CLASSES_ROOT\ToolBand.MP3Bar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [1999-08-04 122940]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-11-25 2011205]
"PCHand Screen Capture"="c:\program files\PCHand Screen Capture\ScreenCapture.exe" [2010-12-23 4009472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-23 39408]
"FlashGet 3"="c:\program files\FlashGet Network\FlashGet 3\FlashGet3.exe" [2010-12-16 2840112]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"PasswordManager"="c:\program files\LargeSoftware Password Manager\lspass.exe" [2008-09-18 1566720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2004-09-07 679936]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-09-19 1687552]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-09-19 163840]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1195408]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-12-12 296056]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"DBHAgent"="c:\program files\Paragon Software\System Backup 10.5 Special Edition\program\dbhagent.exe" [2011-10-06 78128]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
.
c:\users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ken\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-8-22 24182896]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-23 136176]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-23 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-14 84488]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-02 1343400]
S0 FTT3s;FTT3s;c:\windows\system32\DRIVERS\FTT3s.sys [2009-08-21 184912]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2011-10-06 58568]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-04-14 64584]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-04-14 165032]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-04-14 141792]
S2 StarWindServiceLite;StarWind Service Lite;c:\program files\Rocket Division Software\StarWind Lite\StarWindServiceLite.exe [2007-11-19 297984]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-04-14 56064]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-04-14 314088]
S3 Paragon System Backup Service;Paragon System Backup Service;c:\program files\Paragon Software\System Backup 10.5 Special Edition\program\dbhservice.exe [2011-10-06 160048]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-23 00:36]
.
2012-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-23 00:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.searchqu.com/102
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &MP3Bar - c:\program files\Fiesta Download Manager\mp3bar.dll/MENUSEARCH.HTM
IE: Download all by FlashGet3 - c:\users\Ken\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\Ken\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: Download with mediAvatar YouTube Video Converter - c:\program files\mediAvatar\YouTube Video Converter\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: msn.com\my
Trusted Zone: myvirtualmerchant.com\www
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
FF - ProfilePath - c:\users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\ueq4lf82.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/102
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=100&systemid=102&sr=0&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - %profile%\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
FF - Ext: Password Manager Autofill Engine: {54affe52-8223-453b-be1e-2fe2e250045c} - c:\program files\LargeSoftware Password Manager\lsautofill
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKCU-Run-fsm - (no file)
HKLM-Run-DATAMNGR - c:\progra~1\WIA6EB~1\Datamngr\DATAMN~1.EXE
AddRemove-conduitEngine - c:\program files\ConduitEngine\ConduitEngineUninstall.exe
AddRemove-Pdf995 - c:\program files\MemberTies\pdf995\setup.exe
AddRemove-RealPlayer 15.0 - c:\program files\real\realplayer\Update\r1puninst.exe
AddRemove-Searchqu Toolbar - c:\program files\Windows Searchqu Toolbar\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1880)
c:\users\Ken\AppData\Local\FLVService\lib\FLVSrvLib.dll
c:\program files\LargeSoftware Password Manager\lscapbtn.dll
c:\users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\Shellex.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-01-13  11:31:06 - machine was rebooted
ComboFix-quarantined-files.txt  2012-01-13 16:31
.
Pre-Run: 31,144,382,464 bytes free
Post-Run: 35,718,557,696 bytes free
.
- - End Of File - - 6B4376E54BBB3BDB2796799ECB4BAB8C
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 12797
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Website links open in MS Word
« Reply #7 on: January 13, 2012, 10:42:50 PM »
Hi, klhendrick.

Regarding IE, please double-check that the cable was properly connected when you returned it.   You may also need to recycle the modem.  In fact, please do the following:

Let's flush your DNS cache and restore the HOSTS file:

Please copy/paste the lines in bold below to Notepad:

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop.
Double-click flush.bat file to run it. Your computer will reboot.

Note:  For Windows Vista or Windows 7, right-click flush.bat and select "Run as Administrator".


Regarding the sites in the Trusted Zone, as I said above, even well known sites can be the victim of an SQL injection, hidden scripts, and more.  Since Trusted Zone is more permissive, i.e., to allow file downloads, that is the reason trojan downloaders add its own download site to the Trusted Zone!


Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    Update Malwarebytes' Anti-Malware and
    Launch Malwarebytes' Anti-Malware
  • Click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, be sure Quick scan is selected, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
  • Click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Please post contents of that file in your next reply.

** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Please also provide a fresh DDS log and let me know which toolbars you removed so I'll know what leftovers to look for.
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline klhendrick

  • Jr. Member
  • **
  • Posts: 54
    • View Profile
Re: Website links open in MS Word
« Reply #8 on: January 14, 2012, 12:16:36 AM »
Corrine,

I think the toolbars I removed were:  Bing Bar, Ask Toolbar, MyAshampoo Toolbar and Google Toolbar.  The others weren't listed to be able to be removed.  I didn't make a specific note, so I am not sure, but my intent was to remove all that you listed.

Here are the two logs:

MBAM Log

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.13.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Ken :: MAIN [administrator]

1/13/2012 8:33:59 PM
mbam-log-2012-01-13 (20-33-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201592
Time elapsed: 6 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Program Files\Windows Live\Messenger\msimg32.dll (PUP.FunWebProducts) -> Delete on reboot.

Registry Keys Detected: 9
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (Adware.MyWebSearch) -> Data: C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files\Windows Live\Messenger\msimg32.dll (PUP.FunWebProducts) -> Delete on reboot.

(end)


Fresh DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.2.0
Run by Ken at 21:03:44 on 2012-01-13
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2047.913 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\Rocket Division Software\StarWind Lite\StarWindServiceLite.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Paragon Software\System Backup 10.5 Special Edition\program\dbhagent.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\LargeSoftware Password Manager\lspass.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Users\Ken\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Paragon Software\System Backup 10.5 Special Edition\program\dbhservice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchqu.com/102
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110702105202.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CatcherBHO Class: {9b4df450-dcc7-4b07-935d-0cd757a64583} - c:\program files\moyea\youtube flv downloader\MoyeaCatcher.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\users\ken\appdata\roaming\flashgetbho\FlashGetBHO3.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: MP3Bar: {f6bd6330-76f8-44d9-b775-87614e2d8374} - c:\program files\fiesta download manager\mp3bar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [MoneyAgent] "c:\program files\microsoft money\system\Money Express.exe"
uRun: [Software Informer] "c:\program files\software informer\softinfo.exe" -autorun
uRun: [PCHand Screen Capture] c:\program files\pchand screen capture\ScreenCapture.exe
uRun: [FlashGet 3] "c:\program files\flashget network\flashget 3\FlashGet3.exe" -minimize
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [PasswordManager] c:\program files\largesoftware password manager\lspass.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy media creator 8\drag to disc\DrgToDsc.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\sharedcom8\RoxWatchTray.exe"
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DBHAgent] c:\program files\paragon software\system backup 10.5 special edition\program\dbhagent.exe
StartupFolder: c:\users\ken\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\ken\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\ken\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\eventr~1.lnk - c:\program files\printmaster 16\pmremind.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &MP3Bar - c:\program files\fiesta download manager\mp3bar.dll/MENUSEARCH.HTM
IE: Download all by FlashGet3 - c:\users\ken\appdata\roaming\flashgetbho\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\ken\appdata\roaming\flashgetbho\GetUrl.htm
IE: Download with mediAvatar YouTube Video Converter - c:\program files\mediavatar\youtube video converter\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9B008CBD-EC3F-4270-989E-3648B556113B} : DhcpNameServer = 192.168.1.1
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ken\appdata\roaming\mozilla\firefox\profiles\ueq4lf82.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/102
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=100&systemid=102&sr=0&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\largesoftware password manager\lsautofill\components\SPAutofill.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\users\ken\appdata\roaming\mozilla\firefox\profiles\ueq4lf82.default\extensions\{db9127a2-3381-41ec-82b3-1b6ed4c6f29a}\components\FlashGetXPI.dll
.
============= SERVICES / DRIVERS ===============
.
R0 FTT3s;FTT3s;c:\windows\system32\drivers\FTT3s.sys [2009-8-21 184912]
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2010-9-29 58568]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-1-12 387480]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-1-12 64584]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-1-12 165032]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-12 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-12 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-1-12 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-12 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-12 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-12 141792]
R2 StarWindServiceLite;StarWind Service Lite;c:\program files\rocket division software\starwind lite\StarWindServicelite.exe [2010-7-5 297984]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-12 56064]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-12 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-12 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-12 314088]
R3 Paragon System Backup Service;Paragon System Backup Service;c:\program files\paragon software\system backup 10.5 special edition\program\dbhservice.exe [2011-10-6 160048]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-11-5 230912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-22 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-10 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-22 136176]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-12 84488]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-7 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-1 1343400]
.
=============== Created Last 30 ================
.
2012-01-14 01:32:54   --------   d-----w-   c:\users\ken\appdata\roaming\Malwarebytes
2012-01-14 01:32:33   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-01-14 01:32:33   --------   d-----w-   c:\programdata\Malwarebytes
2012-01-14 01:32:32   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-01-14 01:08:13   --------   d-----w-   c:\users\ken\appdata\local\{4648E3C0-175C-4A36-87DA-23D72C15AED9}
2012-01-14 01:07:59   --------   d-----w-   c:\users\ken\appdata\local\{ACA7FA61-2E55-4C6F-AFD9-B0FCB953DC14}
2012-01-14 01:05:37   56200   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\{8d7eb2b9-858b-469c-8208-02a5e5216663}\offreg.dll
2012-01-13 16:22:47   --------   d-sh--w-   C:\$RECYCLE.BIN
2012-01-13 16:16:16   --------   d-----w-   c:\users\ken\appdata\local\temp
2012-01-13 16:00:38   98816   ----a-w-   c:\windows\sed.exe
2012-01-13 16:00:38   518144   ----a-w-   c:\windows\SWREG.exe
2012-01-13 16:00:38   256000   ----a-w-   c:\windows\PEV.exe
2012-01-13 16:00:38   208896   ----a-w-   c:\windows\MBR.exe
2012-01-13 16:00:30   --------   d-----w-   C:\ComboFix
2012-01-13 12:33:09   6823496   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\{8d7eb2b9-858b-469c-8208-02a5e5216663}\mpengine.dll
2012-01-13 11:32:25   --------   d-----w-   c:\users\ken\appdata\local\{68B2C0DC-635D-44ED-8449-CA0D9A8AB292}
2012-01-13 11:32:07   --------   d-----w-   c:\users\ken\appdata\local\{3B03F8E3-639E-424F-9343-1EC00B185ACD}
2012-01-12 19:52:23   --------   d-----w-   c:\users\ken\appdata\local\jZip
2012-01-12 19:52:01   --------   d-----w-   c:\programdata\boost_interprocess
2012-01-12 19:51:53   --------   d-----w-   c:\program files\jZip
2012-01-12 15:30:08   --------   d-----w-   c:\users\ken\appdata\local\{40886ED5-FDFD-4B87-8647-B2A27FCB6703}
2012-01-12 15:29:52   --------   d-----w-   c:\users\ken\appdata\local\{196879D8-3FBF-4A8E-9312-3B24B9122F43}
2012-01-12 01:19:33   --------   d-----w-   c:\users\ken\appdata\local\{F9E75613-76EC-4FE4-AEF3-ED941E2BE593}
2012-01-12 01:19:20   --------   d-----w-   c:\users\ken\appdata\local\{1A56F0D9-4B53-4F8D-8ACE-589D1B3DD847}
2012-01-11 16:09:38   1288472   ----a-w-   c:\windows\system32\ntdll.dll
2012-01-11 16:09:36   67072   ----a-w-   c:\windows\system32\packager.dll
2012-01-11 16:09:33   514560   ----a-w-   c:\windows\system32\qdvd.dll
2012-01-11 16:09:33   1328128   ----a-w-   c:\windows\system32\quartz.dll
2012-01-11 15:18:48   637848   ----a-w-   c:\windows\system32\npdeployJava1.dll
2012-01-11 13:31:59   --------   d-----w-   c:\users\ken\appdata\roaming\FixCleaner
2012-01-11 13:31:53   --------   d-----w-   c:\program files\FixCleaner
2012-01-11 13:18:47   --------   d-----w-   c:\users\ken\appdata\local\{DBF7C065-A5EE-419A-8A2C-29563F661D10}
2012-01-11 13:18:31   --------   d-----w-   c:\users\ken\appdata\local\{458494D5-F8BD-4C7A-BA14-B2F513A37E1D}
2012-01-10 23:00:50   --------   d-----w-   c:\program files\CCleaner
2012-01-10 15:19:05   --------   d-----w-   c:\users\ken\appdata\local\{3FF432B2-2A5E-45CE-A59F-6B87BAEE19E0}
2012-01-10 15:18:46   --------   d-----w-   c:\users\ken\appdata\local\{820B2FF8-6A84-43EC-B028-A6D31E6B9ACC}
2012-01-10 00:21:43   --------   d-----w-   c:\users\ken\appdata\local\{AE284FD6-2A5A-401A-8752-C133B52E46AE}
2012-01-10 00:21:29   --------   d-----w-   c:\users\ken\appdata\local\{B6CB4B9A-ED02-4099-BD4A-37D6BD4CE7A9}
2012-01-09 12:21:08   --------   d-----w-   c:\users\ken\appdata\local\{400E01CB-2270-4D97-94CF-A49DF1E522B9}
2012-01-09 12:20:47   --------   d-----w-   c:\users\ken\appdata\local\{66F886CD-C287-494F-A3AF-E87C2F97CDBA}
2012-01-07 19:10:35   --------   d-----w-   c:\users\ken\appdata\local\{EE1DB9CD-DAA8-4B4F-B4AB-C204B550EE21}
2012-01-07 19:10:19   --------   d-----w-   c:\users\ken\appdata\local\{95364676-9212-4B98-AB87-02089EFD6285}
2012-01-06 14:54:59   --------   d-----w-   c:\users\ken\appdata\local\{3C783FC7-3FEF-4989-81EA-F8D2E86E26E6}
2012-01-06 14:54:46   --------   d-----w-   c:\users\ken\appdata\local\{40C310B4-475A-4FB6-8D3D-CFB1B6EC58B1}
2012-01-06 02:54:16   --------   d-----w-   c:\users\ken\appdata\local\{4161222F-1823-4518-A833-102A3AAD0478}
2012-01-06 02:54:03   --------   d-----w-   c:\users\ken\appdata\local\{9F309579-26BD-4CCF-9FD4-AC2489249510}
2012-01-05 14:53:38   --------   d-----w-   c:\users\ken\appdata\local\{BBB28780-1B13-46A1-BB68-4B8FBC8A42D4}
2012-01-05 14:53:19   --------   d-----w-   c:\users\ken\appdata\local\{6F3C4C99-1769-4C16-AAEF-BFFD36F5FB6F}
2012-01-04 16:34:10   --------   d-----w-   c:\users\ken\appdata\local\{9A616A2E-D83D-437C-8A3A-DF2D91E1F40B}
2012-01-04 16:33:55   --------   d-----w-   c:\users\ken\appdata\local\{567C8FF9-39D6-45DE-84CE-D7C20D27281D}
2012-01-04 15:55:38   --------   d-----w-   c:\users\ken\appdata\local\{28164AC6-4179-4717-A6C8-48570ABE5F2A}
2012-01-04 15:55:24   --------   d-----w-   c:\users\ken\appdata\local\{71047F4C-7459-4318-BE76-1224E7D6E00D}
2012-01-03 20:53:22   --------   d-----w-   c:\users\ken\appdata\roaming\BUFFALO
2012-01-03 20:43:21   --------   d-----w-   c:\program files\BUFFALO
2012-01-03 17:03:44   --------   d-----w-   c:\users\ken\appdata\local\{75E465C9-FE8F-479F-B202-5E8173B2D063}
2012-01-03 17:03:31   --------   d-----w-   c:\users\ken\appdata\local\{93D5864E-EE32-431A-825E-00C0FC54ADF7}
2012-01-03 13:10:44   182672   ----a-w-   c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-01-03 13:10:44   182672   ----a-w-   c:\program files\internet explorer\plugins\nppdf32.dll
2012-01-03 05:03:17   --------   d-----w-   c:\users\ken\appdata\local\{E03853F6-410F-44E0-B7FD-D75E736B0035}
2012-01-03 05:03:04   --------   d-----w-   c:\users\ken\appdata\local\{538A73FF-3DAB-4802-8BBB-87A3B47D1E29}
2012-01-02 17:02:29   --------   d-----w-   c:\users\ken\appdata\local\{1D3D8FF5-ADAC-4E2C-90EA-C9E49D7D7064}
2012-01-02 17:02:13   --------   d-----w-   c:\users\ken\appdata\local\{F77F14FD-D8D6-4C42-8514-E418E125048C}
2012-01-02 15:06:36   --------   d-----w-   c:\users\ken\appdata\local\{212460E1-5916-4328-AEC8-4D02DC69F873}
2012-01-02 15:06:03   --------   d-----w-   c:\users\ken\appdata\local\{2E4E70E6-5C3F-4528-858B-3015456A6ABE}
2012-01-01 20:01:12   --------   d-----w-   c:\users\ken\appdata\local\{3AEF0461-875D-4481-A135-A27A0A2FEE79}
2012-01-01 20:00:58   --------   d-----w-   c:\users\ken\appdata\local\{F5A04F3C-D957-4127-9D1C-771F942F4D67}
2011-12-31 15:48:49   --------   d-----w-   c:\users\ken\appdata\local\{34BF400F-2F8B-4D93-A2D6-4A860D831EA7}
2011-12-31 15:48:13   --------   d-----w-   c:\users\ken\appdata\local\{B092E3A4-210F-4ACF-AFEE-36848D70230A}
2011-12-31 02:10:33   --------   d-----w-   c:\users\ken\appdata\local\{1E2E141F-CAAD-4B50-9702-9EDE101E2B32}
2011-12-31 02:10:20   --------   d-----w-   c:\users\ken\appdata\local\{4801CE5F-B415-48AE-B240-0B017FD11020}
2011-12-30 14:10:00   --------   d-----w-   c:\users\ken\appdata\local\{EC6CC763-EB5E-4A06-A99B-90AB7CFE8A96}
2011-12-30 14:09:16   --------   d-----w-   c:\users\ken\appdata\local\{72C87C87-C701-4AC9-AE4D-34E070BF5098}
2011-12-29 15:10:35   --------   d-----w-   c:\users\ken\appdata\local\{CB307791-7055-4B28-90FB-200BD8B2C1BB}
2011-12-29 15:10:09   --------   d-----w-   c:\users\ken\appdata\local\{ABAC685A-B038-4EA8-B6AD-0C125DBC0B74}
2011-12-28 20:07:38   --------   d-----w-   c:\users\ken\appdata\local\{026BE230-E087-4829-8252-8A169AB297BA}
2011-12-28 20:07:15   --------   d-----w-   c:\users\ken\appdata\local\{D2916132-8072-4DB8-93DD-DB38EDB2949F}
2011-12-27 16:31:52   --------   d-----w-   c:\program files\Garmin GPS Plugin
2011-12-27 15:50:53   --------   d-----w-   c:\users\ken\appdata\local\{8D9363E4-78FD-4890-8852-444FA144B45C}
2011-12-27 15:50:30   --------   d-----w-   c:\users\ken\appdata\local\{62B339F5-1351-4477-9277-5E361C92F156}
2011-12-26 13:55:52   --------   d-----w-   c:\users\ken\appdata\local\{ACE17C44-AB56-47FF-95D2-36C9B8C31962}
2011-12-26 13:55:33   --------   d-----w-   c:\users\ken\appdata\local\{FEBBF2EA-C4D0-4F79-9D7F-07ACE8338F50}
2011-12-26 00:22:34   --------   d-----w-   c:\users\ken\appdata\local\{ABEA3346-AD7C-46D8-B89F-2319B0114479}
2011-12-26 00:21:46   --------   d-----w-   c:\users\ken\appdata\local\{51D945CD-DF2C-4380-8EFB-27B036CA3FCC}
2011-12-24 16:06:04   --------   d-----w-   c:\users\ken\appdata\local\{200296A5-1089-4619-8606-1018348D327E}
2011-12-24 16:05:47   --------   d-----w-   c:\users\ken\appdata\local\{4898F101-134A-4F28-847B-BC2D07F6AB02}
2011-12-23 15:51:03   --------   d-----w-   c:\users\ken\appdata\local\{A6ADF43E-B0D2-4BC5-9B9E-ABAC7824E093}
2011-12-23 15:50:51   --------   d-----w-   c:\users\ken\appdata\local\{5F666A49-FC24-4BBB-9126-0E5F3BEDCEE6}
2011-12-23 03:50:21   --------   d-----w-   c:\users\ken\appdata\local\{E3054565-07A3-4AB4-A612-1AFD12339B99}
2011-12-23 03:50:08   --------   d-----w-   c:\users\ken\appdata\local\{288C77AC-37CB-4189-B51B-60BD3B8ACD8D}
2011-12-22 15:49:29   --------   d-----w-   c:\users\ken\appdata\local\{49A92244-D7A7-4DF4-AE80-4D6BD7EF760C}
2011-12-22 15:49:08   --------   d-----w-   c:\users\ken\appdata\local\{A2F72546-C5E9-4512-BD76-E3C066FC838F}
2011-12-21 17:58:29   --------   d-----w-   C:\archdb
2011-12-21 16:27:14   --------   d-----w-   c:\programdata\Paragon
2011-12-21 15:10:38   --------   d-----w-   c:\users\ken\appdata\local\{53434E2E-A6F9-4B3E-BBE0-D2C7BFEDF737}
2011-12-21 15:10:24   --------   d-----w-   c:\users\ken\appdata\local\{00AEAA8A-81CD-45FB-94E5-85C24191B487}
2011-12-20 13:46:22   --------   d-----w-   c:\users\ken\appdata\local\{0D0FC7BB-03AA-450E-9D66-35EE7776A06C}
2011-12-20 13:46:09   --------   d-----w-   c:\users\ken\appdata\local\{52626446-5032-414F-AA60-A53DCF16CD45}
2011-12-20 01:45:37   --------   d-----w-   c:\users\ken\appdata\local\{F776EE43-670D-4A37-905C-D988B22FACF1}
2011-12-20 01:45:24   --------   d-----w-   c:\users\ken\appdata\local\{D58550AB-9384-4ACD-8935-BD865A25E745}
2011-12-19 13:44:58   --------   d-----w-   c:\users\ken\appdata\local\{F0A5396F-5A5B-410E-B7AA-568E30FC4E61}
2011-12-19 13:44:39   --------   d-----w-   c:\users\ken\appdata\local\{D8BB1851-8578-4CB8-A94B-F242B25B1001}
2011-12-18 16:19:41   --------   d-----w-   c:\users\ken\appdata\local\{8567E75A-2C9B-4FEA-89FE-A4CDC3FCAD3C}
2011-12-18 16:19:29   --------   d-----w-   c:\users\ken\appdata\local\{7B276CAA-4E4D-45BB-896D-AADD7CEAA147}
2011-12-18 04:19:14   --------   d-----w-   c:\users\ken\appdata\local\{7AB6696E-AAC8-413A-BC64-9FB205C62C04}
2011-12-18 04:19:01   --------   d-----w-   c:\users\ken\appdata\local\{81489A53-1DD6-4606-A9FE-108E79578CF7}
2011-12-17 16:18:34   --------   d-----w-   c:\users\ken\appdata\local\{C29E3570-DDB0-4A09-BFC4-9F82B0760B8E}
2011-12-17 16:18:15   --------   d-----w-   c:\users\ken\appdata\local\{1DB110DB-CE73-4366-810A-F6C822060EED}
2011-12-16 19:57:39   --------   d-----w-   c:\program files\iPod
2011-12-16 19:57:37   --------   d-----w-   c:\program files\iTunes
2011-12-16 14:48:01   --------   d-----w-   c:\users\ken\appdata\local\{0D703442-0119-4178-81A5-1005EDC9999C}
2011-12-16 14:47:48   --------   d-----w-   c:\users\ken\appdata\local\{8800FC76-0901-4D91-879C-65F4E9548200}
2011-12-16 02:47:17   --------   d-----w-   c:\users\ken\appdata\local\{17D5DBAC-C2F2-487C-9530-7CDFFC88D505}
2011-12-16 02:47:04   --------   d-----w-   c:\users\ken\appdata\local\{722F7B9E-C630-4C5E-812B-ABA17775DAE7}
2011-12-15 20:14:46   2342912   ----a-w-   c:\windows\system32\win32k.sys
2011-12-15 20:14:40   2048   ----a-w-   c:\windows\system32\tzres.dll
2011-12-15 20:14:10   38912   ----a-w-   c:\windows\system32\csrsrv.dll
2011-12-15 20:14:08   534528   ----a-w-   c:\windows\system32\EncDec.dll
2011-12-15 20:14:05   3912560   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-12-15 20:14:04   3967856   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2011-12-15 14:46:49   --------   d-----w-   c:\users\ken\appdata\local\{F92D45FC-0219-4C19-96E8-585840315763}
2011-12-15 14:46:36   --------   d-----w-   c:\users\ken\appdata\local\{245FC452-A186-45A2-AD3D-670F288CCCEF}
2011-12-15 02:46:20   --------   d-----w-   c:\users\ken\appdata\local\{C35D6852-B780-4D75-A83D-CFBAD63E22C3}
2011-12-15 02:46:07   --------   d-----w-   c:\users\ken\appdata\local\{DB262C8E-E797-4444-A053-3E73497D3810}
.
==================== Find3M  ====================
.
2011-12-02 20:28:01   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-15 19:29:56   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-11-09 00:56:06   567184   ----a-w-   c:\windows\system32\deployJava1.dll
2011-11-03 22:47:42   1798144   ----a-w-   c:\windows\system32\jscript9.dll
2011-11-03 22:40:21   1427456   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47   1127424   ----a-w-   c:\windows\system32\wininet.dll
2011-11-03 22:31:57   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2011-10-24 18:29:02   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29:02   69632   ----a-w-   c:\windows\system32\QuickTime.qts
2010-01-01 20:38:18   47799280   ----a-w-   c:\program files\AVSVideoConverter.exe
2006-05-03 16:06:54   163328   --sha-r-   c:\windows\system32\flvDX.dll
2007-02-21 17:47:16   31232   --sha-r-   c:\windows\system32\msfDX.dll
2008-03-16 19:30:52   216064   --sha-r-   c:\windows\system32\nbDX.dll
2010-01-07 04:00:00   107520   --sha-r-   c:\windows\system32\TAKDSDecoder.dll
.
============= FINISH: 21:05:44.06 ===============
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 12797
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Website links open in MS Word
« Reply #9 on: January 14, 2012, 10:33:14 PM »
Hi, klhendrick.

Thank you.  Let's clean up the leftovers.  Note:  Since you returned the Buffalo external hard drive, I included those files as well since there is no uninstaller showing. 

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

  • Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK).  Copy/Paste all of the text present inside the code box below:
Code: [Select]
DDS::
TB: MP3Bar: {f6bd6330-76f8-44d9-b775-87614e2d8374} - c:\program files\fiesta download manager\mp3bar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun

Firefox::
FF - ProfilePath - c:\users\ken\appdata\roaming\mozilla\firefox\profiles\ueq4lf82.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/102

Folder:
c:\program files\FixCleaner
c:\program files\brownie

Files:
c:\users\ken\appdata\roaming\FixCleaner
  • Save this as CFScript.txt and place it on your desktop.
  • Close any open browsers.
  • Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.




  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline klhendrick

  • Jr. Member
  • **
  • Posts: 54
    • View Profile
Re: Website links open in MS Word
« Reply #10 on: January 15, 2012, 01:13:43 AM »
Corrine,

I have a new problem that is preventing me from completing your latest instructions.  "Ghost" suggested I stop using McAfee and download Avira Free and start using that.  My McAfee is provided free with my MSN Premium  Internet service.  Anyway, I followed his suggestion and downloaded Avira and uninstalled McAfee.  However, apparently McAfee didn't completely uninstall.  When I ran ComboFix with the CFScript, I received a message warning me to  disable the McAfee before proceeding.  It is no longer listed as one of my programs and is NOT listed as a program that I can any longer uninstall.  However, there are still several McAfee folders in my Program Files on my  "C" Drive.  Any suggestion on how to finish uninstalling or at least disabling the McAfee?  It occurred to me after making this change that it was not a good idea while I was in the middle of your process of fixing my computer.

I  HAVE NOT clicked on "OK" on the ComboFix warning so I am just sitting tight until I hear further from you.
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 12797
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Website links open in MS Word
« Reply #11 on: January 15, 2012, 01:51:52 AM »
Hi, klhendrick.

Yes, you should have waited but that's ok.  Please follow the instructions in item 2 "Download and run MCPR.exe " at http://service.mcafee.com/FAQDocument.aspx?id=TS100507

Be sure to restart after running the tool and then run ComboFix if you haven't yet.  If you did run ComboFix, just post that log and we'll look for McAfee leftovers.  (Personally, with Windows 7, I would have suggested Microsoft Security Essentials. ;) )
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline klhendrick

  • Jr. Member
  • **
  • Posts: 54
    • View Profile
Re: Website links open in MS Word
« Reply #12 on: January 15, 2012, 05:23:13 PM »
Hi Corrine,

Thanks for your continued and diligent help.

The MCPR.exe appear to have fixed my McAfee problem.  Thanks for that.

You suggested Microsoft Security Essentials in lieu of Avira.  Should I uninstall the Avira now and load the Microsoft Security Essentials????

After running the ComboFix this time and rebooting, I had another problem.  MSN Explorer is my normal browser.  When I tried to open it, I received the following:

"msn.exe - System Error

"The program can't start because WLDCore.dll is missing from your computer.  Try reinstalling the program to fix this problem"

I am using IE to prepare this reply.

Here is the latest ComboFix log

ComboFix 12-01-15.01 - Ken 01/15/2012  13:52:43.2.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2047.1157 [GMT -5:00]
Running from: c:\users\Ken\Desktop\ComboFix.exe
Command switches used :: c:\users\Ken\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\fiesta download manager\mp3bar.dll
.
.
(((((((((((((((((((((((((   Files Created from 2011-12-15 to 2012-01-15  )))))))))))))))))))))))))))))))
.
.
2012-01-15 19:01 . 2012-01-15 19:01   --------   d-----w-   c:\users\TEST\AppData\Local\temp
2012-01-15 19:01 . 2012-01-15 19:01   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-01-14 17:46 . 2012-01-14 17:46   --------   d-----w-   c:\users\Ken\AppData\Roaming\Avira
2012-01-14 17:41 . 2011-12-15 20:00   74640   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2012-01-14 17:41 . 2011-12-15 20:00   36000   ----a-w-   c:\windows\system32\drivers\avkmgr.sys
2012-01-14 17:41 . 2011-12-15 20:00   134856   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2012-01-14 17:41 . 2012-01-14 17:41   --------   d-----w-   c:\programdata\Avira
2012-01-14 17:41 . 2012-01-14 17:41   --------   d-----w-   c:\program files\Avira
2012-01-14 01:32 . 2012-01-14 01:32   --------   d-----w-   c:\users\Ken\AppData\Roaming\Malwarebytes
2012-01-14 01:32 . 2012-01-14 01:32   --------   d-----w-   c:\programdata\Malwarebytes
2012-01-14 01:32 . 2011-12-10 20:24   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-01-14 01:32 . 2012-01-14 01:32   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-01-13 16:16 . 2012-01-15 19:01   --------   d-----w-   c:\users\Ken\AppData\Local\temp
2012-01-13 12:33 . 2011-11-30 07:21   6823496   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D7EB2B9-858B-469C-8208-02A5E5216663}\mpengine.dll
2012-01-12 19:52 . 2012-01-12 19:52   --------   d-----w-   c:\users\Ken\AppData\Local\jZip
2012-01-12 19:52 . 2012-01-12 19:52   --------   d-----w-   c:\programdata\boost_interprocess
2012-01-12 19:51 . 2012-01-12 19:52   --------   d-----w-   c:\program files\jZip
2012-01-11 16:09 . 2011-11-17 05:38   1288472   ----a-w-   c:\windows\system32\ntdll.dll
2012-01-11 16:09 . 2011-11-19 14:01   67072   ----a-w-   c:\windows\system32\packager.dll
2012-01-11 16:09 . 2011-10-26 04:32   514560   ----a-w-   c:\windows\system32\qdvd.dll
2012-01-11 16:09 . 2011-10-26 04:32   1328128   ----a-w-   c:\windows\system32\quartz.dll
2012-01-11 15:20 . 2012-01-11 15:20   --------   d-----w-   c:\program files\Common Files\Java
2012-01-11 15:18 . 2011-11-09 00:56   637848   ----a-w-   c:\windows\system32\npdeployJava1.dll
2012-01-11 13:31 . 2012-01-11 13:47   --------   d-----w-   c:\users\Ken\AppData\Roaming\FixCleaner
2012-01-11 13:31 . 2012-01-11 13:56   --------   d-----w-   c:\program files\FixCleaner
2012-01-10 23:00 . 2012-01-10 23:00   --------   d-----w-   c:\program files\CCleaner
2012-01-03 20:53 . 2012-01-03 20:53   --------   d-----w-   c:\users\Ken\AppData\Roaming\BUFFALO
2012-01-03 20:43 . 2012-01-04 16:29   --------   d-----w-   c:\program files\BUFFALO
2012-01-03 13:10 . 2012-01-03 13:10   182672   ----a-w-   c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:10 . 2012-01-03 13:10   182672   ----a-w-   c:\program files\Internet Explorer\plugins\nppdf32.dll
2011-12-27 16:31 . 2011-12-27 16:31   --------   d-----w-   c:\program files\Garmin GPS Plugin
2011-12-21 17:58 . 2011-12-21 18:12   --------   d-----w-   C:\archdb
2011-12-21 16:27 . 2011-12-21 16:27   --------   d-----w-   c:\programdata\Paragon
2011-12-16 19:57 . 2011-12-16 19:57   --------   d-----w-   c:\program files\iPod
2011-12-16 19:57 . 2011-12-16 19:58   --------   d-----w-   c:\program files\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-02 20:28 . 2011-06-23 00:35   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-24 04:25 . 2011-12-15 20:14   2342912   ----a-w-   c:\windows\system32\win32k.sys
2011-11-15 19:29 . 2010-07-01 22:16   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-11-09 00:56 . 2011-08-22 12:38   567184   ----a-w-   c:\windows\system32\deployJava1.dll
2011-11-05 04:26 . 2011-12-15 20:14   2048   ----a-w-   c:\windows\system32\tzres.dll
2011-11-03 22:47 . 2011-12-16 04:02   1798144   ----a-w-   c:\windows\system32\jscript9.dll
2011-11-03 22:40 . 2011-12-16 04:02   1427456   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-11-03 22:39 . 2011-12-16 04:02   1127424   ----a-w-   c:\windows\system32\wininet.dll
2011-11-03 22:31 . 2011-12-16 04:02   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2011-10-26 04:47 . 2011-12-15 20:14   3912560   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-10-26 04:47 . 2011-12-15 20:14   3967856   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2011-10-26 04:28 . 2011-12-15 20:14   38912   ----a-w-   c:\windows\system32\csrsrv.dll
2011-10-24 18:29 . 2011-10-24 18:29   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29   69632   ----a-w-   c:\windows\system32\QuickTime.qts
2010-01-01 20:38 . 2010-01-01 20:37   47799280   ----a-w-   c:\program files\AVSVideoConverter.exe
2006-05-03 16:06   163328   --sha-r-   c:\windows\System32\flvDX.dll
2007-02-21 17:47   31232   --sha-r-   c:\windows\System32\msfDX.dll
2008-03-16 19:30   216064   --sha-r-   c:\windows\System32\nbDX.dll
2010-01-07 04:00   107520   --sha-r-   c:\windows\System32\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Ken\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [1999-08-04 122940]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-11-25 2011205]
"PCHand Screen Capture"="c:\program files\PCHand Screen Capture\ScreenCapture.exe" [2010-12-23 4009472]"FlashGet 3"="c:\program files\FlashGet Network\FlashGet 3\FlashGet3.exe" [2010-12-16 2840112]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"PasswordManager"="c:\program files\LargeSoftware Password Manager\lspass.exe" [2008-09-18 1566720]
"LargeSoftPasswordManager"="c:\program files\LargeSoftware Password Manager\lspass.exe" [2008-09-18 1566720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-09-19 1687552]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-09-19 163840]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-12-12 296056]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"DBHAgent"="c:\program files\Paragon Software\System Backup 10.5 Special Edition\program\dbhagent.exe" [2011-10-06 78128]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
.
c:\users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ken\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-8-22 24182896]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\program files\PrintMaster 16\pmremind.exe [2004-1-20 339968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-23 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-23 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-02 1343400]
S0 FTT3s;FTT3s;c:\windows\system32\DRIVERS\FTT3s.sys [2009-08-21 184912]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2011-10-06 58568]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 36000]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-12-15 86224]
S2 StarWindServiceLite;StarWind Service Lite;c:\program files\Rocket Division Software\StarWind Lite\StarWindServiceLite.exe [2007-11-19 297984]
S3 Paragon System Backup Service;Paragon System Backup Service;c:\program files\Paragon Software\System Backup 10.5 Special Edition\program\dbhservice.exe [2011-10-06 160048]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SSMDRV
*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-23 00:36]
.
2012-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-23 00:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.searchqu.com/102
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &MP3Bar - c:\program files\Fiesta Download Manager\mp3bar.dll/MENUSEARCH.HTM
IE: Download all by FlashGet3 - c:\users\Ken\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\Ken\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: Download with mediAvatar YouTube Video Converter - c:\program files\mediAvatar\YouTube Video Converter\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
FF - ProfilePath - c:\users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\ueq4lf82.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=100&systemid=102&sr=0&q=
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mchInjDrv]
"ImagePath"="\??\c:\users\Ken\AppData\Local\Temp\mc2BA87.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-15  14:03:32
ComboFix-quarantined-files.txt  2012-01-15 19:03
ComboFix2.txt  2012-01-13 16:31
.
Pre-Run: 39,352,291,328 bytes free
Post-Run: 39,249,625,088 bytes free
.
- - End Of File - - B3D9995939360C2FD2AB9BDF041AC1A7
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 12797
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Website links open in MS Word
« Reply #13 on: January 15, 2012, 09:33:09 PM »
Hi, Hi, klhendrick.

No, no, don't go changing antivirus programs again. :) 

I can't see any reason why ComboFix would have removed that file, but let's double check.  Please go to C:\Qoobox\ComboFix-quarantined-files.txt and copy the contents here as a reply.
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline klhendrick

  • Jr. Member
  • **
  • Posts: 54
    • View Profile
Re: Website links open in MS Word
« Reply #14 on: January 16, 2012, 01:08:41 AM »
It appears you are right.  That's strange.  Anyway, here is the log:

2012-01-15 18:52:21 . 2012-01-15 18:52:21                0 ----a-w-  C:\Qoobox\Quarantine\catchme.txt
2012-01-13 16:29:50 . 2012-01-13 16:29:50            1,262 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-Searchqu Toolbar.reg.dat
2012-01-13 16:29:50 . 2012-01-13 16:29:50            1,230 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-RealPlayer 15.0.reg.dat
2012-01-13 16:29:50 . 2012-01-13 16:29:50              588 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-Pdf995.reg.dat
2012-01-13 16:29:49 . 2012-01-13 16:29:49              886 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-conduitEngine.reg.dat
2012-01-13 16:29:12 . 2012-01-13 16:29:13              141 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-DATAMNGR.reg.dat
2012-01-13 16:29:07 . 2012-01-13 16:29:07               89 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-fsm.reg.dat
2012-01-13 16:28:59 . 2012-01-13 16:28:59              127 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Toolbar-10.reg.dat
2012-01-13 16:11:51 . 2012-01-13 16:11:51            1,092 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Service_MyWebSearchService.reg.dat
2012-01-13 16:11:29 . 2012-01-15 18:58:50            3,635 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-01-13 16:00:32 . 2012-01-15 18:52:20              266 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2012-01-12 19:52:15 . 2012-01-12 19:52:15               21 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\sysid.ini.vir
2012-01-12 19:52:15 . 2012-01-12 19:52:15           54,332 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\uninstall.exe.vir
2012-01-12 19:52:13 . 2011-08-12 16:37:29              342 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\Settings.xml.alt.vir
2012-01-12 19:52:13 . 2012-01-12 19:52:12              867 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\Settings.xml.vir
2012-01-12 19:52:13 . 2011-08-19 15:58:39            4,688 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\SettingManager.js.vir
2012-01-12 19:52:13 . 2011-10-30 08:28:44            8,684 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\SearchBHO.js.vir
2012-01-12 19:52:13 . 2011-03-31 10:12:11              195 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.xul.vir
2012-01-12 19:52:13 . 2011-08-17 12:54:20            3,987 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\RelatedSearch.js.vir
2012-01-12 19:52:13 . 2011-08-19 15:58:39            2,390 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.js.vir
2012-01-12 19:52:13 . 2011-08-24 06:16:53            3,642 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\NewTabBHO.js.vir
2012-01-12 19:52:13 . 2011-08-17 12:54:20            5,686 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\Error404BHO.js.vir
2012-01-12 19:52:13 . 2011-08-17 12:54:20            6,274 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\DnsBHO.js.vir
2012-01-12 19:52:13 . 2011-10-25 06:50:14           16,184 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\DataMngr.js.vir
2012-01-12 19:52:13 . 2011-12-12 14:41:54          351,744 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF8.dll.vir
2012-01-12 19:52:13 . 2011-12-12 14:41:39          351,744 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll.vir
2012-01-12 19:52:13 . 2011-12-12 14:41:24          351,744 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll.vir
2012-01-12 19:52:13 . 2011-12-12 14:41:09          351,744 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll.vir
2012-01-12 19:52:13 . 2011-12-12 14:40:42          351,744 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll.vir
2012-01-12 19:52:13 . 2011-12-12 14:40:10          355,840 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll.vir
2012-01-12 19:52:13 . 2011-12-12 14:41:46              978 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt.vir
2012-01-12 19:52:13 . 2011-08-02 14:38:17          351,232 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll.vir
2012-01-12 19:52:12 . 2011-05-23 13:46:24              731 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\install.rdf.alt.vir
2012-01-12 19:52:12 . 2012-01-12 19:52:12              752 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\install.rdf.vir
2012-01-12 19:52:12 . 2011-05-09 07:38:37              116 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest.alt.vir
2012-01-12 19:52:12 . 2011-11-09 15:12:37              491 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest.vir
2012-01-12 19:52:12 . 2011-12-12 14:41:56        1,694,608 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe.vir
2012-01-12 19:52:11 . 2011-12-12 14:42:00        1,236,368 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\datamngr.dll.vir
2012-01-12 19:52:11 . 2011-12-12 14:42:09          262,552 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\DnsBHO.dll.vir
2012-01-12 19:52:11 . 2011-12-12 14:42:05          101,272 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll.vir
2012-01-12 19:52:11 . 2011-12-12 14:42:03        1,233,816 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\IEBHO.dll.vir
2012-01-12 19:52:11 . 2012-01-12 19:52:11           96,517 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstall.exe.vir
2012-01-12 19:52:11 . 2012-01-12 19:52:11               38 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\as_guid.dat.vir
2011-10-31 13:37:34 . 2011-10-31 13:37:34            9,422 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\manifest.xml.vir
2011-10-31 13:37:34 . 2011-10-31 13:37:34              802 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm.vir
2011-10-31 13:37:34 . 2011-10-31 13:37:34          702,780 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul.vir
2011-10-31 13:37:34 . 2011-10-31 13:37:34           33,963 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js.vir
2011-10-31 13:37:34 . 2011-10-31 13:37:34              653 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul.vir
2011-10-31 13:37:34 . 2011-10-31 13:37:34              657 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul.vir
2011-10-31 13:37:34 . 2011-10-31 13:37:34          701,987 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js.vir
2011-10-31 13:37:34 . 2011-10-31 13:37:34            6,373 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js.vir
2011-10-31 13:37:34 . 2011-10-31 13:37:34           22,187 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js.vir
2011-10-31 13:37:34 . 2011-10-31 13:37:34           23,527 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32           27,324 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            1,112 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              663 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32               33 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\template.xml.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            6,107 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            2,520 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            1,152 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            5,008 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              535 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              407 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              307 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              387 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            1,639 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              344 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            1,087 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            3,820 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            3,555 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\tb_icon.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            4,334 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.js.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              612 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.xml.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32               32 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget_version.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            3,577 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            8,308 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              153 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              153 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            2,583 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            2,691 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            1,324 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            1,368 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            1,487 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            1,486 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            1,391 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              763 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ca.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              746 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              134 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\divider.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              972 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              867 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            3,229 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            3,447 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            3,303 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              235 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            1,457 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\games.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            3,065 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            3,117 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            3,180 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            3,222 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            3,219 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            3,260 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            3,222 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            3,255 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            3,200 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            3,237 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            3,194 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            3,229 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              152 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              740 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              660 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\images.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            8,308 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              637 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            3,310 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32               46 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32               46 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              136 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32               46 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              205 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              296 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              189 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              203 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              326 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              240 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              284 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              193 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            2,862 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              335 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32               55 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            1,638 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            1,631 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              191 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              191 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              294 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              293 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              274 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              297 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              763 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              245 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              248 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              293 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              175 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              248 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            3,115 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              209 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              205 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              287 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              886 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            3,376 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              795 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              293 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              283 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              284 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              286 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              293 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            2,961 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            2,923 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            2,952 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            1,895 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            7,823 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              300 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              566 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            3,656 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32               55 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              186 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              191 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              270 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              293 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              235 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              297 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            2,945 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            2,827 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            2,816 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              708 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32               58 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              491 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            5,466 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              696 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            7,211 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            6,260 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            9,674 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            3,162 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            8,005 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32            1,615 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              873 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              857 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              867 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              205 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              312 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              167 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              278 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32               49 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              266 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              146 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              286 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              204 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              118 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              214 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              205 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              114 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png.vir
2011-10-31 13:37:32 . 2011-10-31 13:37:32              114 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30           94,168 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30          449,424 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30           88,976 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30               37 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30            9,873 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js.vir
2011-10-31 13:37:30 . 2012-01-12 19:52:10            5,487 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30           11,104 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\imeshcode.js.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              976 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_amazon.gif.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30            1,734 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_games.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30            1,251 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              153 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              797 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              544 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              153 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30            3,410 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30            1,906 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              566 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30            4,097 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              543 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\mail.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              678 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              165 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30            1,415 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              708 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              149 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              570 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\music.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30            3,442 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\news.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              153 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              690 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              737 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              642 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30            1,676 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              854 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30            1,530 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30           34,494 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              691 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              187 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              511 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              196 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              498 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              540 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              621 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              630 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              677 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              384 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30            2,890 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              772 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              469 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30            1,876 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30            1,445 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30            2,438 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30            1,888 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30            1,908 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              902 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\settings.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              784 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              792 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30            3,198 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30            3,561 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30            3,166 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30            3,116 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30            3,683 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30            3,156 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30            3,253 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              493 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              825 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              763 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              633 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\translate.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              678 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30            8,730 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30            3,038 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30            3,435 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\weather.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30            3,373 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\web.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30            3,407 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              586 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30            7,856 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              153 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              608 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              732 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30            3,202 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              323 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              642 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30            1,676 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              854 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30            1,530 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30           34,494 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              889 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30            1,021 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              223 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30               92 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              816 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30            3,271 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30            7,264 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30               85 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              236 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png.vir
2011-10-31 13:37:30 . 2011-10-31 13:37:30              235 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\s
Logged
Pages: [1] 2 3 ... 5   Go Up
« previous next »