ashleykate7

Everything is up and running smoothly. Thank you so much for your help. Have a great day! Ashley

Computer seems to be running normally. No lag and seems to be acting ok. Here is the log info... ComboFix 11-02-23.01 - INNEROFFICE 02/23/2011 13:37:13.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.260 [GMT -5:00] Running from: c:\documents and settings\INNEROFFICE\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\INNEROFFICE\Desktop\CFScript.txt AV: Total Protection for Small Business *Disabled/Updated* {8C354827-2F54-4E28-90DC-AD391E77808C} FILE :: "c:\program files\Drop Down Deals\YontooIEClient.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Drop Down Deals\YontooIEClient.dll . ((((((((((((((((((((((((( Files Created from 2011-01-23 to 2011-02-23 ))))))))))))))))))))))))))))))) . 2011-02-23 06:59 . 2011-02-23 06:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer 2011-02-22 17:57 . 2011-02-22 17:57 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2011-02-22 15:55 . 2011-02-23 18:45 -------- d-----w- c:\program files\Drop Down Deals 2011-02-22 15:55 . 2011-02-22 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer 2011-02-22 15:55 . 2011-02-22 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-02-22 15:55 . 2011-02-22 15:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2011-02-22 15:53 . 2011-02-22 15:53 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2011-02-21 11:56 . 2011-02-21 11:56 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2011-02-21 04:36 . 2011-02-21 04:36 1409 ----a-w- c:\windows\QTFont.for 2011-02-21 00:09 . 2011-02-21 11:40 0 ----a-w- c:\windows\Rjugedawevev.bin 2011-02-20 04:38 . 2011-02-20 04:38 -------- d-sh--w- c:\documents and settings\NetworkService\UserData 2011-02-19 13:14 . 2011-02-19 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\kAcIcOk05200 2011-02-19 13:14 . 2011-02-19 13:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-02-18 21:08 . 2011-02-21 17:07 -------- d-----w- c:\program files\Yontoo Layers Client 2011-02-15 19:15 . 2011-02-15 19:15 -------- d-----w- c:\documents and settings\All Users\eBay 2011-02-09 19:40 . 2011-02-09 19:40 49152 ----a-r- c:\windows\system32\inetwh32.dll 2011-02-09 19:40 . 2011-02-09 19:40 1044480 ----a-r- c:\windows\system32\roboex32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-21 14:44 . 2004-08-11 23:00 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2004-08-11 23:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10 . 2004-08-11 23:00 1854976 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:34 . 2004-08-11 23:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:59 . 2004-08-11 23:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:59 . 2004-08-11 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-20 23:59 . 2004-08-11 23:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-12-20 23:09 . 2009-09-04 13:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-20 23:08 . 2009-09-04 13:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-20 17:26 . 2004-08-11 23:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55 . 2004-08-11 23:00 385024 ----a-w- c:\windows\system32\html.iec 2010-12-09 15:15 . 2004-08-11 23:00 718336 ----a-w- c:\windows\system32\ntdll.dll 2010-12-09 14:30 . 2004-08-11 23:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2010-12-09 13:38 . 2004-08-11 23:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-12-09 13:07 . 2004-08-04 04:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-12-03 15:06 . 2010-12-03 15:06 685913 ----a-w- c:\windows\unins000.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-12-14 176128] "DLPSP"="c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2005-01-13 126976] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696] c:\documents and settings\INNEROFFICE\Start Menu\Programs\Startup\ Eagle Listener.lnk - c:\3apps\Catapult\3listen.exe [2006-4-27 573440] Eagle Scheduler.lnk - c:\3apps\Catapult\Sched.exe [2006-4-27 745472] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk backup=c:\windows\pss\HotSync Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk backup=c:\windows\pss\ymetray.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^INNEROFFICE^Start Menu^Programs^Startup^Gear Player.lnk] path=c:\documents and settings\INNEROFFICE\Start Menu\Programs\Startup\Gear Player.lnk backup=c:\windows\pss\Gear Player.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2007-09-11 04:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MVS Splash] 2010-10-14 20:25 476480 ----a-w- c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "59152:UDP"= 59152:UDP:SonicWALL Anti-Virus Compliance Port 59152 "59153:UDP"= 59153:UDP:SonicWALL Anti-Virus Compliance Port 59153 R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [5/1/2006 1:37 PM 135168] R2 EngineServer;EngineServer;c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [8/18/2010 10:33 AM 14144] R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [1/13/2011 10:54 PM 282824] R2 SWAGENT;SonicWALL Agent Service;c:\program files\McAfee\Managed VirusScan\Agent\swAgent.exe [8/18/2010 10:35 AM 202048] S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\superas\SASDIFSV.SYS --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\superas\SASDIFSV.SYS [?] S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\superas\SASKUTIL.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\superas\SASKUTIL.sys [?] S3 QtsDongle;USB Software Key;c:\windows\system32\qtsusk.sys [2/18/2005 3:47 PM 10752] S3 SASENUM;SASENUM;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\superas\SASENUM.SYS --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\superas\SASENUM.SYS [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html Trusted Zone: acehardware-acenet.com\ww1 Trusted Zone: acehardware-acenet.com\ww2 Trusted Zone: acehardware-aceonline.com Trusted Zone: acehardware-eaglevision.com Trusted Zone: acehardware-vendors.com Trusted Zone: aceservices.com Trusted Zone: //about.htm/ Trusted Zone: //Exclude.htm/ Trusted Zone: //LanguageSelection.htm/ Trusted Zone: //Message.htm/ Trusted Zone: //MyAgttryCmd.htm/ Trusted Zone: //MyAgttryNag.htm/ Trusted Zone: //MyNotification.htm/ Trusted Zone: //NOCLessUpdate.htm/ Trusted Zone: //quarantine.htm/ Trusted Zone: //ScanNow.htm/ Trusted Zone: //strings.vbs/ Trusted Zone: //Template.htm/ Trusted Zone: //Update.htm/ Trusted Zone: //VirFound.htm/ Trusted Zone: acehardware-acenet.com Trusted Zone: acehardware-aceonline.com Trusted Zone: acehardware-eaglevision.com Trusted Zone: acehardware-vendors.com Trusted Zone: aceservices.com Trusted Zone: mcafee.com\* Trusted Zone: mcafeeasap.com\betavscan Trusted Zone: mcafeeasap.com\vs Trusted Zone: mcafeeasap.com\www TCP: {033975BD-A3EA-4715-B867-D0B7553AABC9} = 166.102.165.11,166.102.165.13 DPF: AceIESecuritySettings - hxxp://ww2.acehardware-acenet.com/Controls/AceIESecuritySettings.CAB DPF: {238EC5B8-0BF5-11D5-826E-00010239321B} - hxxp://imagemax.aceservices.com/aspweb/Applets/OBXViewer.cab DPF: {24B8CB65-C0D2-11D0-A523-444553540000} - hxxp://ww1.acehardware-acenet.com/ACENET/Controls/AceExpl/AceExpl.cab DPF: {275E2FE0-7486-11D0-89D6-00A0C90C9B67} - hxxp://ww2.acehardware-acenet.com/ACENET/Controls/MCSi/McsiMenu.cab DPF: {41F841C0-AE16-11D5-8817-0050DA6EF5E5} - hxxp://ww2.acehardware-acenet.com/ACENET/controls/FarPoint60/fpspr60.cab DPF: {8BF1A503-001F-11D0-A296-00A0246497B9} - hxxp://ww1.acehardware-acenet.com/ACENET/Controls/ACENET/ACECTL.CAB DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} - hxxp://stores.homestead.com/storeadmin/utilities/pssbedit.cab DPF: {FB40C15D-4A00-4B22-BA87-B046910FB09D} - hxxp://76.92.232.9:8080/activex/WebViewer.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-23 13:49 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid] @DACL=(02 0000) @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32] @DACL=(02 0000) @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib] @DACL=(02 0000) @="{4509D3CC-B642-4745-B030-645B79522C6D}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3912) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe c:\program files\Java\jre6\bin\jqs.exe c:\progra~1\McAfee\MANAGE~1\VScan\McShield.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\HPZipm12.exe c:\windows\system32\PSIService.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE c:\3apps\Catapult\APPIPC.exe . ************************************************************************** . Completion time: 2011-02-23 13:57:51 - machine was rebooted ComboFix-quarantined-files.txt 2011-02-23 18:57 ComboFix2.txt 2011-02-23 16:53 Pre-Run: 45,903,241,216 bytes free Post-Run: 45,892,612,096 bytes free - - End Of File - - 9BD55D4549AFF39E372F9294E6DF9E6C

Here is the logfile for the last process... ComboFix 11-02-22.06 - INNEROFFICE 02/23/2011 11:17:28.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.227 [GMT -5:00] Running from: c:\documents and settings\INNEROFFICE\Desktop\ComboFix.exe AV: Total Protection for Small Business *Disabled/Updated* {8C354827-2F54-4E28-90DC-AD391E77808C} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\147.tmp C:\14C.tmp C:\6F6.tmp C:\6FA.tmp C:\709.tmp C:\72A.tmp c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar\dtx.ini c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar\guid.dat c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar\preferences.dat c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar\stat.log c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar\stats.dat c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar\uninstallIE.dat c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar\uninstallStatIE.dat c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar\weather\98974c8e27f23cafbda8e5d0b926b2b2 c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar\weather\cd2494248b6964056c3e699bb313f70b c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar\weather\forecasts_cache.xml c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar\weather\observations_cache.xml c:\documents and settings\INNEROFFICE\Application Data\whitesmoketoolbar\weatherbutton_prefs.xml c:\documents and settings\NetworkService\Application Data\whitesmoketoolbar c:\documents and settings\NetworkService\Application Data\whitesmoketoolbar\dtx.ini c:\documents and settings\NetworkService\Application Data\whitesmoketoolbar\exeArgs.xml c:\documents and settings\NetworkService\Application Data\whitesmoketoolbar\guid.dat c:\documents and settings\NetworkService\Application Data\whitesmoketoolbar\setupCfg.xml c:\program files\Search Toolbar c:\program files\Search Toolbar\icon.ico c:\program files\Search Toolbar\SearchToolbar.dll c:\program files\Search Toolbar\SearchToolbarUninstall.exe c:\program files\Search Toolbar\SearchToolbarUpdater.exe c:\program files\whitesmoketoolbar c:\program files\whitesmoketoolbar\chrome\content\lib\about.xml c:\program files\whitesmoketoolbar\chrome\content\lib\dtxpanel.xul c:\program files\whitesmoketoolbar\chrome\content\lib\dtxpanelwin.xul c:\program files\whitesmoketoolbar\chrome\content\lib\dtxprefwin.xul c:\program files\whitesmoketoolbar\chrome\content\lib\dtxwin.xul c:\program files\whitesmoketoolbar\chrome\content\lib\emailnotifierproviders.xml c:\program files\whitesmoketoolbar\chrome\content\lib\external.js c:\program files\whitesmoketoolbar\chrome\content\lib\neterror.xhtml c:\program files\whitesmoketoolbar\chrome\content\lib\rsspreview.html c:\program files\whitesmoketoolbar\chrome\content\lib\rsswin.xml c:\program files\whitesmoketoolbar\chrome\content\lib\rsswin.xsl c:\program files\whitesmoketoolbar\chrome\content\lib\vmncode.js c:\program files\whitesmoketoolbar\chrome\content\lib\wmpstreamer.html c:\program files\whitesmoketoolbar\chrome\content\modules\datastore.jsm c:\program files\whitesmoketoolbar\chrome\content\neterror.xhtml c:\program files\whitesmoketoolbar\chrome\content\newtab\images\btn_search.gif c:\program files\whitesmoketoolbar\chrome\content\newtab\images\bullet.gif c:\program files\whitesmoketoolbar\chrome\content\newtab\images\field_bg.gif c:\program files\whitesmoketoolbar\chrome\content\newtab\images\powered_by_yahoo.gif c:\program files\whitesmoketoolbar\chrome\content\newtab\newtab.html c:\program files\whitesmoketoolbar\chrome\content\preferences.xml c:\program files\whitesmoketoolbar\chrome\content\toolbar.htm c:\program files\whitesmoketoolbar\chrome\content\toolbar.xul c:\program files\whitesmoketoolbar\chrome\content\vmncode.js c:\program files\whitesmoketoolbar\chrome\content\vmnrsswin.xml c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\css\dialog.css c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\bg.gif c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\btn-wide-close-over.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\btn-wide-close.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\default.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\transparent.gif c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\win-btm-left.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\win-btm-mdl.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\win-btm-right-resize.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images\win-btm-right.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\main.html c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\scripts\defscript.js c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\tb_icon.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\widget.jsw c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\widget.xml c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\widget_version.txt c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\css\twitter.css c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login-over.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\btn-submit.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\loginbg.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\refresh-over.gif c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\refresh.gif c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-disable.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-down.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-over.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-disable.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-down.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-over.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-l.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-r.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-l.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-r.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\throbber.gif c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\Thumbs.db c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\twitter-logo48.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images\twitter_top.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\js\jquery.js c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\js\scripts.js c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\css\dialog.css c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\bg.gif c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close-over.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\default.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\transparent.gif c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-left.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-mdl.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right-resize.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\main.html c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts\defscript.js c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\tb_icon.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\Thumbs.db c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\widget.jsw c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\widget.xml c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\widget_version.txt c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\css\dialog.css c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\bg.gif c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-search.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-wide-close-over.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-wide-close.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\default.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\Thumbs.db c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\transparent.gif c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-left.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-mdl.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-right-resize.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-right.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\main.html c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\scripts\defscript.js c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\tb_icon.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget.jsw c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget.xml c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget_version.txt c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\css\dialog.css c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\arrow-grey.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\arrows_grey-left.gif c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\arrows_grey-right.gif c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\btn-search-over.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\btn-search.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\powered-by-youtube.gif c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb-disable.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb-down.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollb.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt-disable.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt-down.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\scrollt.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-off-l.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-off-r.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-on-l.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-on-r.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-over-l.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-over-r.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-left.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-mdl.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-red-right.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-left.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-mdl.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\tab-white-right.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\throbber.gif c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\Thumbs.db c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\vid-bg.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images\youtube.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\index.html c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery-1.3.2.min.js c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\js\jquery.autocomplete.min.js c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\css\dialog.css c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\bg.gif c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-search.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-wide-close-over.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\btn-wide-close.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\default.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\Thumbs.db c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\transparent.gif c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-left.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-mdl.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-right-resize.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images\win-btm-right.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\main.html c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\scripts\defscript.js c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\tb_icon.png c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\widget.jsw c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\widget.xml c:\program files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\widget_version.txt c:\program files\whitesmoketoolbar\chrome\data\dynamicElements\vmntoolbar.xsl c:\program files\whitesmoketoolbar\chrome\data\rss\rss.xml c:\program files\whitesmoketoolbar\chrome\data\search\engines.xml c:\program files\whitesmoketoolbar\chrome\data\search\search.xsl c:\program files\whitesmoketoolbar\chrome\data\weather\icons.xml c:\program files\whitesmoketoolbar\chrome\skin\634017460871087500_png c:\program files\whitesmoketoolbar\chrome\skin\about.gif c:\program files\whitesmoketoolbar\chrome\skin\babylon_logo.png c:\program files\whitesmoketoolbar\chrome\skin\bing_16x16.png c:\program files\whitesmoketoolbar\chrome\skin\bing_searchicon_20x22_spaced_hover_png c:\program files\whitesmoketoolbar\chrome\skin\bing_searchicon_20x22_spaced_png c:\program files\whitesmoketoolbar\chrome\skin\blank_png c:\program files\whitesmoketoolbar\chrome\skin\bluelite.gif c:\program files\whitesmoketoolbar\chrome\skin\bluesky.gif c:\program files\whitesmoketoolbar\chrome\skin\btn-search-over.png c:\program files\whitesmoketoolbar\chrome\skin\btn-search.png c:\program files\whitesmoketoolbar\chrome\skin\btn-settings-over.png c:\program files\whitesmoketoolbar\chrome\skin\btn-settings.png c:\program files\whitesmoketoolbar\chrome\skin\btn-widgets-over.png c:\program files\whitesmoketoolbar\chrome\skin\btn-widgets.png c:\program files\whitesmoketoolbar\chrome\skin\btn_settings.png c:\program files\whitesmoketoolbar\chrome\skin\ca.png c:\program files\whitesmoketoolbar\chrome\skin\checkMyText_png c:\program files\whitesmoketoolbar\chrome\skin\checkMyText_png_png c:\program files\whitesmoketoolbar\chrome\skin\dictionary.png c:\program files\whitesmoketoolbar\chrome\skin\Dictionary_png c:\program files\whitesmoketoolbar\chrome\skin\Dictionary_png_png c:\program files\whitesmoketoolbar\chrome\skin\divider.png c:\program files\whitesmoketoolbar\chrome\skin\downloadcom.png c:\program files\whitesmoketoolbar\chrome\skin\dtxlogo.png c:\program files\whitesmoketoolbar\chrome\skin\DTXWizard\skin\icon_library\Basics\folder.png c:\program files\whitesmoketoolbar\chrome\skin\email.png c:\program files\whitesmoketoolbar\chrome\skin\email_on.png c:\program files\whitesmoketoolbar\chrome\skin\eteacher_png c:\program files\whitesmoketoolbar\chrome\skin\facebook.png c:\program files\whitesmoketoolbar\chrome\skin\feed_icon_png c:\program files\whitesmoketoolbar\chrome\skin\feed_icon2_png c:\program files\whitesmoketoolbar\chrome\skin\france_png c:\program files\whitesmoketoolbar\chrome\skin\games.png c:\program files\whitesmoketoolbar\chrome\skin\games_png c:\program files\whitesmoketoolbar\chrome\skin\gamesIcon_png c:\program files\whitesmoketoolbar\chrome\skin\graphred0.png c:\program files\whitesmoketoolbar\chrome\skin\graphred0_5.png c:\program files\whitesmoketoolbar\chrome\skin\graphred1.png c:\program files\whitesmoketoolbar\chrome\skin\graphred1_5.png c:\program files\whitesmoketoolbar\chrome\skin\graphred2.png c:\program files\whitesmoketoolbar\chrome\skin\graphred2_5.png c:\program files\whitesmoketoolbar\chrome\skin\graphred3.png c:\program files\whitesmoketoolbar\chrome\skin\graphred3_5.png c:\program files\whitesmoketoolbar\chrome\skin\graphred4.png c:\program files\whitesmoketoolbar\chrome\skin\graphred4_5.png c:\program files\whitesmoketoolbar\chrome\skin\graphred5.png c:\program files\whitesmoketoolbar\chrome\skin\graphredna.png c:\program files\whitesmoketoolbar\chrome\skin\grey.gif c:\program files\whitesmoketoolbar\chrome\skin\ico-shield.png c:\program files\whitesmoketoolbar\chrome\skin\images.png c:\program files\whitesmoketoolbar\chrome\skin\italy_png c:\program files\whitesmoketoolbar\chrome\skin\lib\add.png c:\program files\whitesmoketoolbar\chrome\skin\lib\aol.png c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-dn.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-right-disabled.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-right.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\arrow-up.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-divider.png c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-end.png c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-mdl.png c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-mdl_ff.png c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btn-start.png c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-divider.png c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-end.png c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-mdl.png c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-mdl_ff.png c:\program files\whitesmoketoolbar\chrome\skin\lib\bg-btnover-start.png c:\program files\whitesmoketoolbar\chrome\skin\lib\blank.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\btn-widgets-over.png c:\program files\whitesmoketoolbar\chrome\skin\lib\btn-widgets.png c:\program files\whitesmoketoolbar\chrome\skin\lib\btn_slider.png c:\program files\whitesmoketoolbar\chrome\skin\lib\btnback-down-vista.png c:\program files\whitesmoketoolbar\chrome\skin\lib\btnback-vista.png c:\program files\whitesmoketoolbar\chrome\skin\lib\btnleft-down-vista.png c:\program files\whitesmoketoolbar\chrome\skin\lib\btnleft-vista.png c:\program files\whitesmoketoolbar\chrome\skin\lib\btnright-down-vista.png c:\program files\whitesmoketoolbar\chrome\skin\lib\btnright-vista.png c:\program files\whitesmoketoolbar\chrome\skin\lib\button-splitter-down-vista.png c:\program files\whitesmoketoolbar\chrome\skin\lib\button-splitter-vista.png c:\program files\whitesmoketoolbar\chrome\skin\lib\checkmark.png c:\program files\whitesmoketoolbar\chrome\skin\lib\chevron.png c:\program files\whitesmoketoolbar\chrome\skin\lib\collapse.png c:\program files\whitesmoketoolbar\chrome\skin\lib\comcast.png c:\program files\whitesmoketoolbar\chrome\skin\lib\dtx.css c:\program files\whitesmoketoolbar\chrome\skin\lib\edit-back-hot.png c:\program files\whitesmoketoolbar\chrome\skin\lib\edit-back.png c:\program files\whitesmoketoolbar\chrome\skin\lib\expand.png c:\program files\whitesmoketoolbar\chrome\skin\lib\found.png c:\program files\whitesmoketoolbar\chrome\skin\lib\gmail.png c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight.png c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_blue.png c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_cyan.png c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_lime.png c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_magenta.png c:\program files\whitesmoketoolbar\chrome\skin\lib\highlight_yellow.png c:\program files\whitesmoketoolbar\chrome\skin\lib\hotmail.png c:\program files\whitesmoketoolbar\chrome\skin\lib\ico-check.png c:\program files\whitesmoketoolbar\chrome\skin\lib\imap.png c:\program files\whitesmoketoolbar\chrome\skin\lib\lastsearch-thumb-back.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\loadingMid.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\lock.png c:\program files\whitesmoketoolbar\chrome\skin\lib\logo-separator.png c:\program files\whitesmoketoolbar\chrome\skin\lib\mailcom.png c:\program files\whitesmoketoolbar\chrome\skin\lib\menu_bg-basic.png c:\program files\whitesmoketoolbar\chrome\skin\lib\menu_separator_bar.png c:\program files\whitesmoketoolbar\chrome\skin\lib\menu_separator_white.png c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitem-splitter.png c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemback-down-vista.png c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemback-vista.png c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemleft-down-vista.png c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemleft-vista.png c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemright-down-vista.png c:\program files\whitesmoketoolbar\chrome\skin\lib\menuitemright-vista.png c:\program files\whitesmoketoolbar\chrome\skin\lib\modify.png c:\program files\whitesmoketoolbar\chrome\skin\lib\move.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\movetarget.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\panels.css c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupAbout.css c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupGames.css c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupRSS.css c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\css\popupWidgets.css c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\css\dialog.css c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\bg.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-search.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\btn-wide-close.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\default.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-off-l.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-off-r.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-on-l.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\tab-on-r.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\transparent.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-left.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\ttlbar-right.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-left.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-mdl.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-btm-right.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-left.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\images\win-right.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\main.html c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\default\scripts\defscript.js c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\footer.htm c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gamecategory.xsl c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gameData.js c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gameList.xsl c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\games.xsl c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\gametype.xsl c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-dn.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-sml-drop.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-sml.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrow-up.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\arrowr-bluew5.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-aboutbox.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-btnover.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bg-pnl520x390.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-back.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-close-grey.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-close-greyover.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-drag.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-moredetails.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-next-over.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-next.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-previous-over.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-previous.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\bullet-orange.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\gamethumb-on.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\gamethumb2-over.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-calendar.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-download.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-joystick24.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-news24.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-play.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\ico-tags.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-Add.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-download.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-Info.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-play.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\icon-shop.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\menul-bgon.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\menul-bgover.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\panel-botm-noscroll.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-bg-206.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-bg.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scroll-topwin.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-disable.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-down.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb-over.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollb.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-disable.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-down.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt-over.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\scrollt.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\star_x_grey.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\star_x_orange.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\TRUSTe_about.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-detailed-on.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-detailed-over.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-thumb-on.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\view-thumb-over.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets-square-16px.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets-square-24px.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\images\widgets.png c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\initHTML.html c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popupGames.html c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popupHTML.html c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popupRSS.html c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\popupWidgets.html c:\program files\whitesmoketoolbar\chrome\skin\lib\panels\scroll.png c:\program files\whitesmoketoolbar\chrome\skin\lib\pop.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\css\manager.css c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\css\slider.css c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\bg-pnl.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\btn-close-grey.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\btn-close-greyover.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\collapsed_button.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\expanded_button.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation-down.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation-over.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-playstation.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\ico-radio.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\music-note.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-pause-on.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-pause.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-play-on.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-btn-play.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-bg.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-buffer.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-busy.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-off.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-on.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-eq-warning.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-design-on.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-design.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options-on.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-options.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-0.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-1.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-2.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-3.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\radio-volume-mute.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\scrollbar-handle.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\scrollbar-track.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\slider.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\slideron.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\images\track.png c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\managerpanel.html c:\program files\whitesmoketoolbar\chrome\skin\lib\radio\volumeslider.html c:\program files\whitesmoketoolbar\chrome\skin\lib\reload.png c:\program files\whitesmoketoolbar\chrome\skin\lib\remove.png c:\program files\whitesmoketoolbar\chrome\skin\lib\rename.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\resize-box.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\rss.png c:\program files\whitesmoketoolbar\chrome\skin\lib\rsschannelback.png c:\program files\whitesmoketoolbar\chrome\skin\lib\RSSLogo.png c:\program files\whitesmoketoolbar\chrome\skin\lib\rsstabdivider.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\scroll-left.png c:\program files\whitesmoketoolbar\chrome\skin\lib\scroll-right.png c:\program files\whitesmoketoolbar\chrome\skin\lib\search-go.png c:\program files\whitesmoketoolbar\chrome\skin\lib\search.png c:\program files\whitesmoketoolbar\chrome\skin\lib\text-ellipsis.xml c:\program files\whitesmoketoolbar\chrome\skin\lib\throbber.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\toolbarsplitter.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\transparent_1px.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_02.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_03.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_04.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_06.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_07.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_08.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_09.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_10.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_11.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_12.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_13.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_14.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_15.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_16.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_18.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_19.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_20.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\border_21.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\btn-close-grey.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\btn-close-greyover.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\close-hot.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\close-normal.png c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\loadingMid.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\proxy.html c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\template.html c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\template.xml c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\templateFF.html c:\program files\whitesmoketoolbar\chrome\skin\lib\uwa\throbber.gif c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\cond999.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\icons.xml c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na-s.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na-t.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\na.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons\weather.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\add.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\box-check.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.css c:\program files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.html c:\program files\whitesmoketoolbar\chrome\skin\lib\yahoo.png c:\program files\whitesmoketoolbar\chrome\skin\lichen.gif c:\program files\whitesmoketoolbar\chrome\skin\logo-about.png c:\program files\whitesmoketoolbar\chrome\skin\logo-over.png c:\program files\whitesmoketoolbar\chrome\skin\logo-separator.png c:\program files\whitesmoketoolbar\chrome\skin\logo.png c:\program files\whitesmoketoolbar\chrome\skin\mail.png c:\program files\whitesmoketoolbar\chrome\skin\menuseparatorback.gif c:\program files\whitesmoketoolbar\chrome\skin\modify-save.png c:\program files\whitesmoketoolbar\chrome\skin\modify.png c:\program files\whitesmoketoolbar\chrome\skin\modifyhot.png c:\program files\whitesmoketoolbar\chrome\skin\music.png c:\program files\whitesmoketoolbar\chrome\skin\namespacetoolbar.css c:\program files\whitesmoketoolbar\chrome\skin\networkIcons_png c:\program files\whitesmoketoolbar\chrome\skin\news.png c:\program files\whitesmoketoolbar\chrome\skin\options\options-main.png c:\program files\whitesmoketoolbar\chrome\skin\options\options-search.png c:\program files\whitesmoketoolbar\chrome\skin\options\options-weather.png c:\program files\whitesmoketoolbar\chrome\skin\options\options-widgets.png c:\program files\whitesmoketoolbar\chrome\skin\orange.gif c:\program files\whitesmoketoolbar\chrome\skin\pixsy.png c:\program files\whitesmoketoolbar\chrome\skin\protect-id.png c:\program files\whitesmoketoolbar\chrome\skin\relatedlinks.png c:\program files\whitesmoketoolbar\chrome\skin\rss-collapse.png c:\program files\whitesmoketoolbar\chrome\skin\rss-delete.png c:\program files\whitesmoketoolbar\chrome\skin\rss-expand.png c:\program files\whitesmoketoolbar\chrome\skin\rss-feed.png c:\program files\whitesmoketoolbar\chrome\skin\rss-folder-remove.png c:\program files\whitesmoketoolbar\chrome\skin\rss-folder-rename.png c:\program files\whitesmoketoolbar\chrome\skin\rss-folder.png c:\program files\whitesmoketoolbar\chrome\skin\rss-found.png c:\program files\whitesmoketoolbar\chrome\skin\rss-reload.png c:\program files\whitesmoketoolbar\chrome\skin\rss-subscribe.png c:\program files\whitesmoketoolbar\chrome\skin\rss.png c:\program files\whitesmoketoolbar\chrome\skin\rss_feed_icon_png c:\program files\whitesmoketoolbar\chrome\skin\rssback.gif c:\program files\whitesmoketoolbar\chrome\skin\rsstopback.gif c:\program files\whitesmoketoolbar\chrome\skin\search-over.png c:\program files\whitesmoketoolbar\chrome\skin\search.png c:\program files\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-left.png c:\program files\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-middle.png c:\program files\whitesmoketoolbar\chrome\skin\searchbar\searchbar-background-right.png c:\program files\whitesmoketoolbar\chrome\skin\settings.png c:\program files\whitesmoketoolbar\chrome\skin\shopping.png c:\program files\whitesmoketoolbar\chrome\skin\siteinfo.png c:\program files\whitesmoketoolbar\chrome\skin\skin-bluelite.png c:\program files\whitesmoketoolbar\chrome\skin\skin-bluesky.png c:\program files\whitesmoketoolbar\chrome\skin\skin-grey.png c:\program files\whitesmoketoolbar\chrome\skin\skin-lichen.png c:\program files\whitesmoketoolbar\chrome\skin\skin-orange.png c:\program files\whitesmoketoolbar\chrome\skin\skin-yellow.png c:\program files\whitesmoketoolbar\chrome\skin\skin.xml c:\program files\whitesmoketoolbar\chrome\skin\spain_png c:\program files\whitesmoketoolbar\chrome\skin\technorati.png c:\program files\whitesmoketoolbar\chrome\skin\throbber.gif c:\program files\whitesmoketoolbar\chrome\skin\toolbarsplitter.png c:\program files\whitesmoketoolbar\chrome\skin\translate.png c:\program files\whitesmoketoolbar\chrome\skin\Translate_png c:\program files\whitesmoketoolbar\chrome\skin\Translate_png_png c:\program files\whitesmoketoolbar\chrome\skin\TRUSTe_about.png c:\program files\whitesmoketoolbar\chrome\skin\TV_icon3_png c:\program files\whitesmoketoolbar\chrome\skin\tvicon_png c:\program files\whitesmoketoolbar\chrome\skin\tvIcons_png c:\program files\whitesmoketoolbar\chrome\skin\usa_png c:\program files\whitesmoketoolbar\chrome\skin\vmn.css c:\program files\whitesmoketoolbar\chrome\skin\vmn.png c:\program files\whitesmoketoolbar\chrome\skin\web.png c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png_png c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png2_png c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png3_png c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png4_png c:\program files\whitesmoketoolbar\chrome\skin\whtsmke_logo_png5_png c:\program files\whitesmoketoolbar\chrome\skin\wikipedia.png c:\program files\whitesmoketoolbar\chrome\skin\yahoosearch.png c:\program files\whitesmoketoolbar\chrome\skin\yellow.gif c:\program files\whitesmoketoolbar\chrome\skin\youtube.png c:\program files\whitesmoketoolbar\chrome\skin\zoom.png c:\program files\whitesmoketoolbar\components\windowmediator.js c:\program files\whitesmoketoolbar\manifest.xml c:\program files\whitesmoketoolbar\toolbar.xml c:\program files\whitesmoketoolbar\uninstall.exe c:\program files\whitesmoketoolbar\whitesmoketoolbar.dll c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll c:\windows\system32\bszip.dll c:\windows\system32\twunk_32.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_6TO4 -------\Service_6to4 ((((((((((((((((((((((((( Files Created from 2011-01-23 to 2011-02-23 ))))))))))))))))))))))))))))))) . 2011-02-23 06:59 . 2011-02-23 06:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer 2011-02-22 17:57 . 2011-02-22 17:57 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2011-02-22 15:55 . 2011-02-22 15:55 -------- d-----w- c:\program files\Drop Down Deals 2011-02-22 15:55 . 2011-02-22 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer 2011-02-22 15:55 . 2011-02-22 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-02-22 15:55 . 2011-02-22 15:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2011-02-22 15:53 . 2011-02-22 15:53 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2011-02-21 11:56 . 2011-02-21 11:56 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2011-02-21 04:36 . 2011-02-21 04:36 1409 ----a-w- c:\windows\QTFont.for 2011-02-21 00:09 . 2011-02-21 11:40 0 ----a-w- c:\windows\Rjugedawevev.bin 2011-02-20 04:38 . 2011-02-20 04:38 -------- d-sh--w- c:\documents and settings\NetworkService\UserData 2011-02-19 13:14 . 2011-02-19 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\kAcIcOk05200 2011-02-19 13:14 . 2011-02-19 13:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-02-18 21:08 . 2011-02-21 17:07 -------- d-----w- c:\program files\Yontoo Layers Client 2011-02-15 19:15 . 2011-02-15 19:15 -------- d-----w- c:\documents and settings\All Users\eBay 2011-02-09 19:40 . 2011-02-09 19:40 49152 ----a-r- c:\windows\system32\inetwh32.dll 2011-02-09 19:40 . 2011-02-09 19:40 1044480 ----a-r- c:\windows\system32\roboex32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-21 14:44 . 2004-08-11 23:00 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2004-08-11 23:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10 . 2004-08-11 23:00 1854976 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:34 . 2004-08-11 23:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:59 . 2004-08-11 23:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:59 . 2004-08-11 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-20 23:59 . 2004-08-11 23:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-12-20 23:09 . 2009-09-04 13:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-20 23:08 . 2009-09-04 13:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-20 17:26 . 2004-08-11 23:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55 . 2004-08-11 23:00 385024 ----a-w- c:\windows\system32\html.iec 2010-12-09 15:15 . 2004-08-11 23:00 718336 ----a-w- c:\windows\system32\ntdll.dll 2010-12-09 14:30 . 2004-08-11 23:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2010-12-09 13:38 . 2004-08-11 23:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-12-09 13:07 . 2004-08-04 04:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-12-03 15:06 . 2010-12-03 15:06 685913 ----a-w- c:\windows\unins000.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] 2011-02-17 20:49 191488 ------w- c:\program files\Drop Down Deals\YontooIEClient.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-12-14 176128] "DLPSP"="c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2005-01-13 126976] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696] c:\documents and settings\INNEROFFICE\Start Menu\Programs\Startup\ Eagle Listener.lnk - c:\3apps\Catapult\3listen.exe [2006-4-27 573440] Eagle Scheduler.lnk - c:\3apps\Catapult\Sched.exe [2006-4-27 745472] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk backup=c:\windows\pss\HotSync Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk backup=c:\windows\pss\ymetray.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^INNEROFFICE^Start Menu^Programs^Startup^Gear Player.lnk] path=c:\documents and settings\INNEROFFICE\Start Menu\Programs\Startup\Gear Player.lnk backup=c:\windows\pss\Gear Player.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2007-09-11 04:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MVS Splash] 2010-10-14 20:25 476480 ----a-w- c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "59152:UDP"= 59152:UDP:SonicWALL Anti-Virus Compliance Port 59152 "59153:UDP"= 59153:UDP:SonicWALL Anti-Virus Compliance Port 59153 R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [5/1/2006 1:37 PM 135168] R2 EngineServer;EngineServer;c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [8/18/2010 10:33 AM 14144] R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [1/13/2011 10:54 PM 282824] R2 SWAGENT;SonicWALL Agent Service;c:\program files\McAfee\Managed VirusScan\Agent\swAgent.exe [8/18/2010 10:35 AM 202048] S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\superas\SASDIFSV.SYS --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\superas\SASDIFSV.SYS [?] S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\superas\SASKUTIL.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\superas\SASKUTIL.sys [?] S3 QtsDongle;USB Software Key;c:\windows\system32\qtsusk.sys [2/18/2005 3:47 PM 10752] S3 SASENUM;SASENUM;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\superas\SASENUM.SYS --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\superas\SASENUM.SYS [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html Trusted Zone: acehardware-acenet.com\ww1 Trusted Zone: acehardware-acenet.com\ww2 Trusted Zone: acehardware-aceonline.com Trusted Zone: acehardware-eaglevision.com Trusted Zone: acehardware-vendors.com Trusted Zone: aceservices.com Trusted Zone: //about.htm/ Trusted Zone: //Exclude.htm/ Trusted Zone: //LanguageSelection.htm/ Trusted Zone: //Message.htm/ Trusted Zone: //MyAgttryCmd.htm/ Trusted Zone: //MyAgttryNag.htm/ Trusted Zone: //MyNotification.htm/ Trusted Zone: //NOCLessUpdate.htm/ Trusted Zone: //quarantine.htm/ Trusted Zone: //ScanNow.htm/ Trusted Zone: //strings.vbs/ Trusted Zone: //Template.htm/ Trusted Zone: //Update.htm/ Trusted Zone: //VirFound.htm/ Trusted Zone: acehardware-acenet.com Trusted Zone: acehardware-aceonline.com Trusted Zone: acehardware-eaglevision.com Trusted Zone: acehardware-vendors.com Trusted Zone: aceservices.com Trusted Zone: mcafee.com\* Trusted Zone: mcafeeasap.com\betavscan Trusted Zone: mcafeeasap.com\vs Trusted Zone: mcafeeasap.com\www TCP: {033975BD-A3EA-4715-B867-D0B7553AABC9} = 166.102.165.11,166.102.165.13 DPF: AceIESecuritySettings - hxxp://ww2.acehardware-acenet.com/Controls/AceIESecuritySettings.CAB DPF: {238EC5B8-0BF5-11D5-826E-00010239321B} - hxxp://imagemax.aceservices.com/aspweb/Applets/OBXViewer.cab DPF: {24B8CB65-C0D2-11D0-A523-444553540000} - hxxp://ww1.acehardware-acenet.com/ACENET/Controls/AceExpl/AceExpl.cab DPF: {275E2FE0-7486-11D0-89D6-00A0C90C9B67} - hxxp://ww2.acehardware-acenet.com/ACENET/Controls/MCSi/McsiMenu.cab DPF: {41F841C0-AE16-11D5-8817-0050DA6EF5E5} - hxxp://ww2.acehardware-acenet.com/ACENET/controls/FarPoint60/fpspr60.cab DPF: {8BF1A503-001F-11D0-A296-00A0246497B9} - hxxp://ww1.acehardware-acenet.com/ACENET/Controls/ACENET/ACECTL.CAB DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} - hxxp://stores.homestead.com/storeadmin/utilities/pssbedit.cab DPF: {FB40C15D-4A00-4B22-BA87-B046910FB09D} - hxxp://76.92.232.9:8080/activex/WebViewer.cab . - - - - ORPHANS REMOVED - - - - Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe MSConfigStartUp-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe MSConfigStartUp-YSearchProtection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe MSConfigStartUp-{0228e555-4f9c-4e35-a3ec-b109a192b4c2} - c:\program files\Google\Gmail Notifier\gnotify.exe AddRemove-MVS - c:\progra~1\McAfee\MANAGE~1\Agent\myinx ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-23 11:42 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid] @DACL=(02 0000) @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32] @DACL=(02 0000) @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib] @DACL=(02 0000) @="{4509D3CC-B642-4745-B030-645B79522C6D}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1172) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe c:\program files\Java\jre6\bin\jqs.exe c:\progra~1\McAfee\MANAGE~1\VScan\McShield.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\HPZipm12.exe c:\windows\system32\PSIService.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE c:\3apps\Catapult\APPIPC.exe . ************************************************************************** . Completion time: 2011-02-23 11:53:22 - machine was rebooted ComboFix-quarantined-files.txt 2011-02-23 16:53 Pre-Run: 45,519,265,792 bytes free Post-Run: 45,888,000,000 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 9C19368DBF50321C1C131BE356E3F306

Please bear with me....we had some trouble turning off the sonic wall, but we did get it taken care of. Combo fix is currently running and deleting folders....will be back with you as soon as it finishes. Thanks for your help so far! Ashley

Here is the second log... 2011/02/23 10:00:39.0296 2936 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08 2011/02/23 10:00:39.0531 2936 ================================================================================ 2011/02/23 10:00:39.0531 2936 SystemInfo: 2011/02/23 10:00:39.0531 2936 2011/02/23 10:00:39.0531 2936 OS Version: 5.1.2600 ServicePack: 3.0 2011/02/23 10:00:39.0546 2936 Product type: Workstation 2011/02/23 10:00:39.0546 2936 ComputerName: SECRETARY 2011/02/23 10:00:39.0546 2936 UserName: INNEROFFICE 2011/02/23 10:00:39.0546 2936 Windows directory: C:\WINDOWS 2011/02/23 10:00:39.0546 2936 System windows directory: C:\WINDOWS 2011/02/23 10:00:39.0546 2936 Processor architecture: Intel x86 2011/02/23 10:00:39.0546 2936 Number of processors: 1 2011/02/23 10:00:39.0546 2936 Page size: 0x1000 2011/02/23 10:00:39.0546 2936 Boot type: Normal boot 2011/02/23 10:00:39.0546 2936 ================================================================================ 2011/02/23 10:00:40.0281 2936 Initialize success 2011/02/23 10:00:43.0281 3052 ================================================================================ 2011/02/23 10:00:43.0281 3052 Scan started 2011/02/23 10:00:43.0281 3052 Mode: Manual; 2011/02/23 10:00:43.0281 3052 ================================================================================ 2011/02/23 10:00:45.0718 3052 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2011/02/23 10:00:45.0906 3052 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/02/23 10:00:45.0953 3052 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/02/23 10:00:46.0046 3052 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2011/02/23 10:00:46.0187 3052 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/02/23 10:00:46.0281 3052 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/02/23 10:00:46.0328 3052 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/02/23 10:00:46.0359 3052 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2011/02/23 10:00:46.0390 3052 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2011/02/23 10:00:46.0531 3052 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2011/02/23 10:00:46.0656 3052 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2011/02/23 10:00:46.0781 3052 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2011/02/23 10:00:46.0890 3052 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2011/02/23 10:00:46.0953 3052 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2011/02/23 10:00:47.0015 3052 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2011/02/23 10:00:47.0171 3052 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2011/02/23 10:00:47.0296 3052 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2011/02/23 10:00:47.0406 3052 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2011/02/23 10:00:47.0562 3052 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/02/23 10:00:47.0640 3052 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/02/23 10:00:47.0703 3052 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/02/23 10:00:47.0765 3052 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/02/23 10:00:47.0812 3052 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 2011/02/23 10:00:47.0937 3052 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/02/23 10:00:47.0984 3052 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2011/02/23 10:00:48.0015 3052 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/02/23 10:00:48.0078 3052 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2011/02/23 10:00:48.0218 3052 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/02/23 10:00:48.0296 3052 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/02/23 10:00:48.0343 3052 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/02/23 10:00:48.0437 3052 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2011/02/23 10:00:48.0531 3052 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2011/02/23 10:00:48.0593 3052 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2011/02/23 10:00:48.0671 3052 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2011/02/23 10:00:48.0843 3052 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/02/23 10:00:49.0015 3052 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/02/23 10:00:49.0078 3052 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/02/23 10:00:49.0109 3052 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/02/23 10:00:49.0203 3052 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/02/23 10:00:49.0281 3052 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2011/02/23 10:00:49.0328 3052 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/02/23 10:00:49.0375 3052 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/02/23 10:00:49.0609 3052 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/02/23 10:00:49.0687 3052 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/02/23 10:00:49.0734 3052 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/02/23 10:00:49.0796 3052 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/02/23 10:00:49.0859 3052 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/02/23 10:00:49.0921 3052 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/02/23 10:00:50.0000 3052 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/02/23 10:00:50.0078 3052 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/02/23 10:00:50.0125 3052 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/02/23 10:00:50.0250 3052 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2011/02/23 10:00:50.0421 3052 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2011/02/23 10:00:50.0531 3052 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2011/02/23 10:00:50.0656 3052 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2011/02/23 10:00:50.0796 3052 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/02/23 10:00:50.0843 3052 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2011/02/23 10:00:50.0890 3052 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2011/02/23 10:00:50.0937 3052 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/02/23 10:00:51.0015 3052 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 2011/02/23 10:00:51.0359 3052 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/02/23 10:00:51.0500 3052 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2011/02/23 10:00:51.0640 3052 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/02/23 10:00:51.0734 3052 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/02/23 10:00:51.0750 3052 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/02/23 10:00:51.0812 3052 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/02/23 10:00:51.0875 3052 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/02/23 10:00:51.0921 3052 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/02/23 10:00:51.0968 3052 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/02/23 10:00:52.0015 3052 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/02/23 10:00:52.0093 3052 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/02/23 10:00:52.0140 3052 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/02/23 10:00:52.0156 3052 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/02/23 10:00:52.0187 3052 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/02/23 10:00:52.0234 3052 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/02/23 10:00:52.0390 3052 MfeAVFK (32bcd2aec12cee766b2488731a78127c) C:\WINDOWS\system32\drivers\MfeAVFK.sys 2011/02/23 10:00:52.0546 3052 MfeBOPK (963abf1a4d3a19206f7b059e5a1a190b) C:\WINDOWS\system32\drivers\MfeBOPK.sys 2011/02/23 10:00:52.0703 3052 mfehidk (586a07b1fa933c340d990419d6894d7a) C:\WINDOWS\system32\drivers\mfehidk.sys 2011/02/23 10:00:52.0843 3052 MfeRKDK (820d6aa3f7f0cfa8a1fa8f63d3f1df04) C:\WINDOWS\system32\drivers\MfeRKDK.sys 2011/02/23 10:00:53.0062 3052 mfetdik (3812e49fa67a3f604895f0d0c2e1ef90) C:\WINDOWS\system32\drivers\mfetdik.sys 2011/02/23 10:00:53.0156 3052 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/02/23 10:00:53.0250 3052 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/02/23 10:00:53.0296 3052 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/02/23 10:00:53.0359 3052 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/02/23 10:00:53.0406 3052 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/02/23 10:00:53.0468 3052 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2011/02/23 10:00:53.0578 3052 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/02/23 10:00:53.0640 3052 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/02/23 10:00:53.0718 3052 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/02/23 10:00:53.0781 3052 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/02/23 10:00:53.0812 3052 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/02/23 10:00:53.0890 3052 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/02/23 10:00:53.0968 3052 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/02/23 10:00:53.0984 3052 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/02/23 10:00:54.0031 3052 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/02/23 10:00:54.0078 3052 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/02/23 10:00:54.0156 3052 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/02/23 10:00:54.0203 3052 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/02/23 10:00:54.0234 3052 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/02/23 10:00:54.0359 3052 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/02/23 10:00:54.0437 3052 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/02/23 10:00:54.0546 3052 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/02/23 10:00:54.0640 3052 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/02/23 10:00:54.0687 3052 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/02/23 10:00:54.0796 3052 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/02/23 10:00:54.0937 3052 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/02/23 10:00:54.0968 3052 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/02/23 10:00:55.0031 3052 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\WINDOWS\system32\drivers\PalmUSBD.sys 2011/02/23 10:00:55.0187 3052 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/02/23 10:00:55.0234 3052 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/02/23 10:00:55.0281 3052 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/02/23 10:00:55.0343 3052 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/02/23 10:00:55.0390 3052 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/02/23 10:00:55.0437 3052 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/02/23 10:00:55.0578 3052 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2011/02/23 10:00:55.0734 3052 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2011/02/23 10:00:55.0875 3052 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/02/23 10:00:55.0937 3052 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/02/23 10:00:55.0968 3052 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/02/23 10:00:56.0015 3052 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/02/23 10:00:56.0109 3052 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2011/02/23 10:00:56.0156 3052 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2011/02/23 10:00:56.0187 3052 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2011/02/23 10:00:56.0218 3052 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2011/02/23 10:00:56.0296 3052 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2011/02/23 10:00:56.0390 3052 QtsDongle (5c42769a326d3567727c430c31de5d24) C:\WINDOWS\system32\qtsusk.sys 2011/02/23 10:00:56.0656 3052 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/02/23 10:00:56.0703 3052 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/02/23 10:00:56.0734 3052 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/02/23 10:00:56.0750 3052 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/02/23 10:00:56.0796 3052 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/02/23 10:00:56.0828 3052 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/02/23 10:00:56.0921 3052 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/02/23 10:00:57.0062 3052 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/02/23 10:00:57.0109 3052 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/02/23 10:00:57.0375 3052 sdcplh (b7ea2f12416693d2d9bffaaa5eff7037) C:\WINDOWS\system32\drivers\sdcplh.sys 2011/02/23 10:00:57.0515 3052 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/02/23 10:00:57.0609 3052 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys 2011/02/23 10:00:57.0671 3052 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/02/23 10:00:57.0703 3052 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/02/23 10:00:57.0765 3052 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/02/23 10:00:57.0843 3052 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2011/02/23 10:00:57.0906 3052 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys 2011/02/23 10:00:57.0968 3052 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2011/02/23 10:00:58.0031 3052 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/02/23 10:00:58.0078 3052 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/02/23 10:00:58.0171 3052 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/02/23 10:00:58.0359 3052 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/02/23 10:00:58.0406 3052 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/02/23 10:00:58.0453 3052 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2011/02/23 10:00:58.0578 3052 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2011/02/23 10:00:58.0750 3052 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2011/02/23 10:00:58.0828 3052 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2011/02/23 10:00:58.0968 3052 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/02/23 10:00:59.0031 3052 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/02/23 10:00:59.0125 3052 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/02/23 10:00:59.0187 3052 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/02/23 10:00:59.0250 3052 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/02/23 10:00:59.0328 3052 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 2011/02/23 10:00:59.0421 3052 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/02/23 10:00:59.0468 3052 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2011/02/23 10:00:59.0609 3052 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/02/23 10:00:59.0703 3052 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/02/23 10:00:59.0781 3052 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/02/23 10:00:59.0843 3052 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/02/23 10:00:59.0890 3052 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/02/23 10:01:00.0000 3052 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/02/23 10:01:00.0046 3052 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/02/23 10:01:00.0093 3052 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/02/23 10:01:00.0125 3052 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/02/23 10:01:00.0171 3052 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys 2011/02/23 10:01:00.0187 3052 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/02/23 10:01:00.0296 3052 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2011/02/23 10:01:00.0343 3052 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/02/23 10:01:00.0390 3052 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/02/23 10:01:00.0437 3052 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/02/23 10:01:00.0484 3052 wceusbsh (4a954a20a4c73d6db13c0fe25f3f1b0c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys 2011/02/23 10:01:00.0656 3052 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/02/23 10:01:00.0781 3052 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 2011/02/23 10:01:00.0875 3052 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/02/23 10:01:00.0921 3052 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/02/23 10:01:01.0015 3052 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/02/23 10:01:01.0015 3052 ================================================================================ 2011/02/23 10:01:01.0015 3052 Scan finished 2011/02/23 10:01:01.0015 3052 ================================================================================ 2011/02/23 10:01:01.0046 2916 Detected object count: 1 2011/02/23 10:01:09.0796 2916 \HardDisk0 - will be cured after reboot 2011/02/23 10:01:09.0796 2916 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2011/02/23 10:01:14.0781 2680 Deinitialize success

It seems to be running better and I have not been re-directed to another website yet. 2011/02/23 09:21:39.0906 3140 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08 2011/02/23 09:21:40.0203 3140 ================================================================================ 2011/02/23 09:21:40.0203 3140 SystemInfo: 2011/02/23 09:21:40.0203 3140 2011/02/23 09:21:40.0203 3140 OS Version: 5.1.2600 ServicePack: 3.0 2011/02/23 09:21:40.0203 3140 Product type: Workstation 2011/02/23 09:21:40.0203 3140 ComputerName: SECRETARY 2011/02/23 09:21:40.0203 3140 UserName: INNEROFFICE 2011/02/23 09:21:40.0203 3140 Windows directory: C:\WINDOWS 2011/02/23 09:21:40.0203 3140 System windows directory: C:\WINDOWS 2011/02/23 09:21:40.0203 3140 Processor architecture: Intel x86 2011/02/23 09:21:40.0203 3140 Number of processors: 1 2011/02/23 09:21:40.0203 3140 Page size: 0x1000 2011/02/23 09:21:40.0203 3140 Boot type: Normal boot 2011/02/23 09:21:40.0203 3140 ================================================================================ 2011/02/23 09:21:41.0171 3140 Initialize success 2011/02/23 09:21:43.0500 1880 ================================================================================ 2011/02/23 09:21:43.0500 1880 Scan started 2011/02/23 09:21:43.0500 1880 Mode: Manual; 2011/02/23 09:21:43.0500 1880 ================================================================================ 2011/02/23 09:21:46.0234 1880 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2011/02/23 09:21:46.0531 1880 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/02/23 09:21:46.0593 1880 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/02/23 09:21:46.0625 1880 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2011/02/23 09:21:46.0796 1880 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/02/23 09:21:46.0890 1880 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/02/23 09:21:47.0015 1880 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/02/23 09:21:47.0109 1880 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2011/02/23 09:21:47.0203 1880 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2011/02/23 09:21:47.0328 1880 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2011/02/23 09:21:47.0468 1880 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2011/02/23 09:21:47.0687 1880 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2011/02/23 09:21:47.0875 1880 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2011/02/23 09:21:47.0984 1880 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2011/02/23 09:21:48.0046 1880 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2011/02/23 09:21:48.0250 1880 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2011/02/23 09:21:48.0390 1880 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2011/02/23 09:21:48.0515 1880 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2011/02/23 09:21:48.0687 1880 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/02/23 09:21:48.0796 1880 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/02/23 09:21:48.0859 1880 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/02/23 09:21:48.0906 1880 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/02/23 09:21:48.0968 1880 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 2011/02/23 09:21:49.0187 1880 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/02/23 09:21:49.0218 1880 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2011/02/23 09:21:49.0250 1880 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/02/23 09:21:49.0312 1880 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2011/02/23 09:21:49.0500 1880 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/02/23 09:21:49.0546 1880 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/02/23 09:21:49.0593 1880 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/02/23 09:21:49.0703 1880 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2011/02/23 09:21:49.0765 1880 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2011/02/23 09:21:49.0828 1880 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2011/02/23 09:21:49.0921 1880 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2011/02/23 09:21:50.0093 1880 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/02/23 09:21:50.0171 1880 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/02/23 09:21:50.0281 1880 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/02/23 09:21:50.0312 1880 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/02/23 09:21:50.0390 1880 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/02/23 09:21:50.0437 1880 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2011/02/23 09:21:50.0500 1880 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/02/23 09:21:50.0546 1880 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/02/23 09:21:50.0734 1880 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/02/23 09:21:50.0796 1880 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/02/23 09:21:50.0859 1880 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/02/23 09:21:50.0953 1880 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/02/23 09:21:51.0015 1880 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/02/23 09:21:51.0062 1880 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/02/23 09:21:51.0078 1880 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/02/23 09:21:51.0171 1880 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/02/23 09:21:51.0312 1880 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/02/23 09:21:51.0453 1880 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2011/02/23 09:21:51.0625 1880 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2011/02/23 09:21:51.0875 1880 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2011/02/23 09:21:52.0031 1880 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2011/02/23 09:21:52.0250 1880 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/02/23 09:21:52.0343 1880 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2011/02/23 09:21:52.0406 1880 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2011/02/23 09:21:52.0453 1880 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/02/23 09:21:52.0531 1880 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 2011/02/23 09:21:52.0875 1880 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/02/23 09:21:52.0968 1880 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2011/02/23 09:21:53.0109 1880 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/02/23 09:21:53.0187 1880 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/02/23 09:21:53.0250 1880 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/02/23 09:21:53.0312 1880 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/02/23 09:21:53.0406 1880 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/02/23 09:21:53.0484 1880 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/02/23 09:21:53.0515 1880 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/02/23 09:21:53.0578 1880 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/02/23 09:21:53.0656 1880 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/02/23 09:21:53.0687 1880 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/02/23 09:21:53.0718 1880 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/02/23 09:21:53.0765 1880 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/02/23 09:21:53.0796 1880 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/02/23 09:21:53.0937 1880 MfeAVFK (32bcd2aec12cee766b2488731a78127c) C:\WINDOWS\system32\drivers\MfeAVFK.sys 2011/02/23 09:21:54.0093 1880 MfeBOPK (963abf1a4d3a19206f7b059e5a1a190b) C:\WINDOWS\system32\drivers\MfeBOPK.sys 2011/02/23 09:21:54.0281 1880 mfehidk (586a07b1fa933c340d990419d6894d7a) C:\WINDOWS\system32\drivers\mfehidk.sys 2011/02/23 09:21:54.0453 1880 MfeRKDK (820d6aa3f7f0cfa8a1fa8f63d3f1df04) C:\WINDOWS\system32\drivers\MfeRKDK.sys 2011/02/23 09:21:54.0687 1880 mfetdik (3812e49fa67a3f604895f0d0c2e1ef90) C:\WINDOWS\system32\drivers\mfetdik.sys 2011/02/23 09:21:54.0859 1880 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/02/23 09:21:54.0953 1880 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/02/23 09:21:55.0000 1880 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/02/23 09:21:55.0062 1880 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/02/23 09:21:55.0109 1880 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/02/23 09:21:55.0156 1880 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2011/02/23 09:21:55.0281 1880 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/02/23 09:21:55.0328 1880 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/02/23 09:21:55.0421 1880 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/02/23 09:21:55.0484 1880 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/02/23 09:21:55.0531 1880 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/02/23 09:21:55.0609 1880 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/02/23 09:21:55.0734 1880 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/02/23 09:21:55.0765 1880 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/02/23 09:21:55.0796 1880 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/02/23 09:21:55.0859 1880 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/02/23 09:21:55.0937 1880 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/02/23 09:21:55.0968 1880 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/02/23 09:21:56.0015 1880 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/02/23 09:21:56.0156 1880 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/02/23 09:21:56.0234 1880 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/02/23 09:21:56.0312 1880 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/02/23 09:21:56.0406 1880 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/02/23 09:21:56.0453 1880 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/02/23 09:21:56.0578 1880 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/02/23 09:21:56.0703 1880 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/02/23 09:21:56.0734 1880 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/02/23 09:21:56.0796 1880 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\WINDOWS\system32\drivers\PalmUSBD.sys 2011/02/23 09:21:56.0984 1880 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/02/23 09:21:57.0046 1880 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/02/23 09:21:57.0109 1880 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/02/23 09:21:57.0156 1880 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/02/23 09:21:57.0218 1880 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/02/23 09:21:57.0250 1880 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/02/23 09:21:57.0406 1880 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2011/02/23 09:21:57.0593 1880 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2011/02/23 09:21:57.0734 1880 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/02/23 09:21:57.0765 1880 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/02/23 09:21:57.0796 1880 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/02/23 09:21:57.0859 1880 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/02/23 09:21:57.0906 1880 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2011/02/23 09:21:57.0937 1880 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2011/02/23 09:21:57.0968 1880 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2011/02/23 09:21:58.0015 1880 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2011/02/23 09:21:58.0046 1880 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2011/02/23 09:21:58.0125 1880 QtsDongle (5c42769a326d3567727c430c31de5d24) C:\WINDOWS\system32\qtsusk.sys 2011/02/23 09:21:58.0515 1880 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/02/23 09:21:58.0593 1880 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/02/23 09:21:58.0671 1880 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/02/23 09:21:58.0718 1880 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/02/23 09:21:58.0796 1880 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/02/23 09:21:58.0828 1880 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/02/23 09:21:58.0859 1880 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/02/23 09:21:58.0968 1880 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/02/23 09:21:59.0015 1880 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/02/23 09:21:59.0250 1880 sdcplh (b7ea2f12416693d2d9bffaaa5eff7037) C:\WINDOWS\system32\drivers\sdcplh.sys 2011/02/23 09:21:59.0406 1880 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/02/23 09:21:59.0484 1880 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys 2011/02/23 09:21:59.0718 1880 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/02/23 09:21:59.0750 1880 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/02/23 09:21:59.0796 1880 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/02/23 09:21:59.0859 1880 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2011/02/23 09:21:59.0906 1880 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys 2011/02/23 09:21:59.0984 1880 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2011/02/23 09:22:00.0093 1880 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/02/23 09:22:00.0140 1880 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/02/23 09:22:00.0218 1880 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/02/23 09:22:00.0328 1880 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/02/23 09:22:00.0359 1880 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/02/23 09:22:00.0421 1880 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2011/02/23 09:22:00.0562 1880 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2011/02/23 09:22:00.0734 1880 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2011/02/23 09:22:00.0781 1880 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2011/02/23 09:22:00.0953 1880 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/02/23 09:22:01.0031 1880 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/02/23 09:22:01.0109 1880 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/02/23 09:22:01.0187 1880 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/02/23 09:22:01.0250 1880 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/02/23 09:22:01.0343 1880 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 2011/02/23 09:22:01.0437 1880 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/02/23 09:22:01.0515 1880 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2011/02/23 09:22:01.0703 1880 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/02/23 09:22:01.0812 1880 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/02/23 09:22:01.0875 1880 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/02/23 09:22:01.0953 1880 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/02/23 09:22:02.0000 1880 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/02/23 09:22:02.0031 1880 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/02/23 09:22:02.0078 1880 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/02/23 09:22:02.0109 1880 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/02/23 09:22:02.0140 1880 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/02/23 09:22:02.0187 1880 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys 2011/02/23 09:22:02.0203 1880 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/02/23 09:22:02.0296 1880 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2011/02/23 09:22:02.0343 1880 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/02/23 09:22:02.0390 1880 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/02/23 09:22:02.0437 1880 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/02/23 09:22:02.0484 1880 wceusbsh (4a954a20a4c73d6db13c0fe25f3f1b0c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys 2011/02/23 09:22:02.0734 1880 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/02/23 09:22:02.0859 1880 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 2011/02/23 09:22:02.0937 1880 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/02/23 09:22:02.0968 1880 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/02/23 09:22:03.0046 1880 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/02/23 09:22:03.0046 1880 ================================================================================ 2011/02/23 09:22:03.0046 1880 Scan finished 2011/02/23 09:22:03.0046 1880 ================================================================================ 2011/02/23 09:22:03.0078 0564 Detected object count: 1 2011/02/23 09:22:16.0187 0564 \HardDisk0 - will be cured after reboot 2011/02/23 09:22:16.0187 0564 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2011/02/23 09:22:39.0968 0768 Deinitialize success

I have read thread after thread regarding this nasty virus. I have even been involved in removing it from another PC here in my office (sucessfully). Now, on my PC, I have tried Malwarebytes, Spybot, SUPERAntivirus, and out (Paid) McAfee Software to detect and remove this virus. I have been unsucessful. On Friday, I noticed that my PC was running slowly, but at that point I was not having any other trouble. I decided to run Malwarebytes to see if there were any problems and it found 683 threats. They were removed, and I followed up with running Spybot. It also found around 600 threats. Going back to the internet to test the computer, I started to receive pop up windows with ads and other windows so I shut down the PC down and tried running Malwarebytes and Spybot again. Each time I run any Malware or virus protection program, it finds more and more. At this point, I am not sure what to do. If anyone has advice, I would greatly appreciate the help. Thank you, Ashley