Viruus!

1

Viruus!

offline
  • Pridružio: 24 Jul 2011
  • Poruke: 9

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by User at 22:48:39 on 2011-07-24
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1788.1007 [GMT 2:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\atibtmon.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\srvany.exe
C:\Windows\KMService.exe
C:\Windows\system32\conhost.exe
C:\Windows\update.5.0\svchost.exe srv
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\update.2\svchost.exe srv
"C:\Windows\update.5.0\svchost.exe" stand
C:\Program Files\Windows Savevid MediaBar\Datamngr\datamngrUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
"C:\Windows\update.tray-7-0\svchost.exe"
C:\Windows\l1rezerv.exe
C:\Windows\systemup.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\sysdriver32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\update.1\svchost.exe srv
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
"C:\Windows\update.2\svchost.exe" stand
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\ufa\ufa.exe
C:\Windows\system32\conhost.exe
C:\Users\User\AppData\Local\Temp\Rar$EX00.067\u1016.exe
"C:\Windows\update.tray-7-0-lnk\svchost.exe" tray 7-0 1
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchqu.com/405
uInternet Settings,ProxyServer = 127.0.0.1:9666
uInternet Settings,ProxyOverride = 127.0.0.1
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - c:\progra~1\wie833~1\toolbar\SearchquDx.dll
BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - c:\progra~1\wie833~1\datamngr\IEBHO.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - c:\progra~1\wie833~1\toolbar\SearchquDx.dll
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [DATAMNGR] c:\progra~1\wie833~1\datamngr\DATAMN~1.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [wxpdrv] c:\windows\services32.exe
mRun: [tray_ico]
mRun: [tray_ico0] c:\windows\update.tray-7-0\svchost.exe
mRun: [tray_ico1]
mRun: [tray_ico2]
mRun: [tray_ico3]
mRun: [tray_ico4]
mRun: [9696637.exe] "c:\windows\temp\9696637.exe"
mRun: [sysdriver32.exe] "c:\windows\sysdriver32.exe" rezerv
mRun: [sysdriver32_.exe] "c:\windows\sysdriver32_.exe" rezerv
mRun: [6665623.exe] "c:\users\user\appdata\local\temp\6665623.exe"
mRun: [7126010.exe] "c:\windows\temp\7126010.exe"
mRun: [2547372.exe] "c:\windows\temp\2547372.exe"
mRun: [l1rezerv.exe] "c:\windows\l1rezerv.exe"
mRun: [57258704-loader2.exe] "c:\windows\temp\57258704-loader2.exe"
mRun: [systemup] "c:\windows\systemup.exe" stand
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Save video on Savevid.com - c:\program files\savevid\redirect.htm
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1A0462CC-D7A9-4014-843D-1B854B5A1036} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{298E5D37-33E3-4B52-AF0E-9ED9C4256C17} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{298E5D37-33E3-4B52-AF0E-9ED9C4256C17}\4465F42594354554 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{298E5D37-33E3-4B52-AF0E-9ED9C4256C17}\4716B6F667F6D277966696 : DhcpNameServer = 89.216.1.40 89.216.1.50
TCP: Interfaces\{298E5D37-33E3-4B52-AF0E-9ED9C4256C17}\553707F6E6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{298E5D37-33E3-4B52-AF0E-9ED9C4256C17}\B67677966696D2A7F6E656 : DhcpNameServer = 192.168.13.5
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\wie833~1\datamngr\datamngr.dll c:\progra~1\wie833~1\datamngr\IEBHO.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\1p1d8zpb.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=405&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - component: c:\program files\windows savevid mediabar\datamngr\firefoxextension\components\DataMngrHlp.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\users\user\appdata\roaming\mozilla\plugins\np-mswmp.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2011-3-2 8192]
R2 srvbtcclient;srvbtcclient;c:\windows\update.5.0\svchost.exe srv --> c:\windows\update.5.0\svchost.exe srv [?]
R2 srviecheck;srviecheck;c:\windows\update.2\svchost.exe srv --> c:\windows\update.2\svchost.exe srv [?]
R2 srvsysdriver32;srvsysdriver32;c:\windows\sysdriver32.exe srv --> c:\windows\sysdriver32.exe srv [?]
R2 wxpdrivers;wxpdrivers;c:\windows\update.1\svchost.exe srv --> c:\windows\update.1\svchost.exe srv [?]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2011-3-2 24064]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-3-2 280168]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\drivers\rtl8192ce.sys [2011-3-2 841248]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-5 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-5 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2011-07-24 16:23:33 -------- d-----w- c:\windows\ufa
2011-07-24 16:23:33 -------- d-----w- c:\windows\rpcminer
2011-07-24 16:23:33 -------- d-----w- c:\windows\phoenix
2011-07-24 16:20:30 114176 ----a-w- c:\windows\systemup.exe
2011-07-24 16:19:50 -------- d--h--w- c:\windows\update.5.0
2011-07-24 16:19:43 232960 ----a-w- c:\windows\l1rezerv.exe
2011-07-24 16:18:57 -------- d--h--w- c:\windows\update.2
2011-07-24 16:18:25 246272 ----a-w- c:\windows\unrar.exe
2011-07-24 16:16:59 247296 ----a-w- c:\windows\sysdriver32_.exe
2011-07-24 16:16:45 247296 ----a-w- c:\windows\sysdriver32.exe
2011-07-24 16:16:37 -------- d-----w- c:\windows\av_ico
2011-07-24 16:15:27 -------- d--h--w- c:\windows\update.1
2011-07-24 16:15:24 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-24 16:15:24 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-24 16:05:52 1174016 ----a-w- c:\windows\services32.exe
2011-07-22 12:28:26 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d8f7527f-7a76-4b76-bc26-ab6f6b2b6a64}\mpengine.dll
2011-07-17 20:20:36 1170432 ----a-w- c:\users\user\Flash-Player.exe
2011-07-17 18:59:17 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-17 18:59:17 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-07-17 18:59:16 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-28 18:54:20 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-28 18:54:16 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-28 18:54:16 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-28 18:54:16 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-28 18:54:16 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-28 18:54:16 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-28 18:54:16 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-28 18:54:16 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-28 18:54:16 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-06-28 18:54:16 1401344 ----a-w- c:\windows\system32\mssrch.dll
.
==================== Find3M ====================
.
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:32:20 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-06-03 06:01:04 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-06-03 05:59:23 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-06-03 05:56:57 271872 ----a-w- c:\windows\system32\conhost.exe
2011-06-03 03:48:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-05-24 17:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 02:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-03 04:30:02 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 02:46:33 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:46:15 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:46:10 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:17:36 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-27 02:17:28 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-27 02:17:22 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
============= FINISH: 22:48:58.27 ===============

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pozdrav nebojsabujos!









Arrow


Detaljno procitaj Uputstvo za otvaranje teme u Ambulanti: LINK



Potrebno je da opises problem koji imas i potrebno je da postavis izvestaje koji fale: Attach (kada si pokrenuo DDS dobio si dva izvestaja - ti si okacio samo jedan) i GMER/RR izvestaje.







goran9888 (AMF Tim)

offline
  • Pridružio: 24 Jul 2011
  • Poruke: 9

ne mogu da pristupim facebooku sa svog racunara, pokazuje mi gresku... primao sam poruke sadrzaja hi, how are you,juce i nakon toga mi je reagovao antivirus... sa mog profila salje poruke iste sadrzine...Prvo sam se obratio vama, adsl konekcija. nisam menjao sifru

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by User at 15:52:32 on 2011-07-25
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1788.965 [GMT 2:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\srvany.exe
C:\Windows\KMService.exe
C:\Windows\system32\conhost.exe
C:\Windows\update.5.0\svchost.exe srv
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\update.2\svchost.exe srv
"C:\Windows\update.5.0\svchost.exe" stand
C:\Program Files\Windows Savevid MediaBar\Datamngr\datamngrUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
"C:\Windows\update.tray-7-0\svchost.exe"
C:\Windows\l1rezerv.exe
C:\Windows\systemup.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\sysdriver32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\update.1\svchost.exe srv
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
"C:\Windows\update.2\svchost.exe" stand
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\ufa\ufa.exe
C:\Windows\system32\conhost.exe
"C:\Windows\update.tray-7-0-lnk\svchost.exe" tray 7-0 1
C:\Windows\system32\atibtmon.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchqu.com/405
uInternet Settings,ProxyOverride = local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - c:\progra~1\wie833~1\toolbar\SearchquDx.dll
BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - c:\progra~1\wie833~1\datamngr\IEBHO.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - c:\progra~1\wie833~1\toolbar\SearchquDx.dll
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [DATAMNGR] c:\progra~1\wie833~1\datamngr\DATAMN~1.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [wxpdrv] c:\windows\services32.exe
mRun: [tray_ico]
mRun: [tray_ico0] c:\windows\update.tray-7-0\svchost.exe
mRun: [tray_ico1]
mRun: [tray_ico2]
mRun: [tray_ico3]
mRun: [tray_ico4]
mRun: [9696637.exe] "c:\windows\temp\9696637.exe"
mRun: [sysdriver32.exe] "c:\windows\sysdriver32.exe" rezerv
mRun: [sysdriver32_.exe] "c:\windows\sysdriver32_.exe" rezerv
mRun: [6665623.exe] "c:\users\user\appdata\local\temp\6665623.exe"
mRun: [7126010.exe] "c:\windows\temp\7126010.exe"
mRun: [2547372.exe] "c:\windows\temp\2547372.exe"
mRun: [l1rezerv.exe] "c:\windows\l1rezerv.exe"
mRun: [57258704-loader2.exe] "c:\windows\temp\57258704-loader2.exe"
mRun: [systemup] "c:\windows\systemup.exe" stand
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Save video on Savevid.com - c:\program files\savevid\redirect.htm
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1A0462CC-D7A9-4014-843D-1B854B5A1036} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{298E5D37-33E3-4B52-AF0E-9ED9C4256C17} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{298E5D37-33E3-4B52-AF0E-9ED9C4256C17}\4465F42594354554 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{298E5D37-33E3-4B52-AF0E-9ED9C4256C17}\4716B6F667F6D277966696 : DhcpNameServer = 89.216.1.40 89.216.1.50
TCP: Interfaces\{298E5D37-33E3-4B52-AF0E-9ED9C4256C17}\553707F6E6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{298E5D37-33E3-4B52-AF0E-9ED9C4256C17}\B67677966696D2A7F6E656 : DhcpNameServer = 192.168.13.5
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\wie833~1\datamngr\datamngr.dll c:\progra~1\wie833~1\datamngr\IEBHO.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\1p1d8zpb.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=405&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - component: c:\program files\windows savevid mediabar\datamngr\firefoxextension\components\DataMngrHlp.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\users\user\appdata\roaming\mozilla\plugins\np-mswmp.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2011-3-2 8192]
R2 srvbtcclient;srvbtcclient;c:\windows\update.5.0\svchost.exe srv --> c:\windows\update.5.0\svchost.exe srv [?]
R2 srviecheck;srviecheck;c:\windows\update.2\svchost.exe srv --> c:\windows\update.2\svchost.exe srv [?]
R2 srvsysdriver32;srvsysdriver32;c:\windows\sysdriver32.exe srv --> c:\windows\sysdriver32.exe srv [?]
R2 wxpdrivers;wxpdrivers;c:\windows\update.1\svchost.exe srv --> c:\windows\update.1\svchost.exe srv [?]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2011-3-2 24064]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-3-2 280168]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\drivers\rtl8192ce.sys [2011-3-2 841248]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-5 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-5 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2011-07-24 16:23:33 -------- d-----w- c:\windows\ufa
2011-07-24 16:23:33 -------- d-----w- c:\windows\rpcminer
2011-07-24 16:23:33 -------- d-----w- c:\windows\phoenix
2011-07-24 16:20:30 114176 ----a-w- c:\windows\systemup.exe
2011-07-24 16:19:50 -------- d--h--w- c:\windows\update.5.0
2011-07-24 16:19:43 232960 ----a-w- c:\windows\l1rezerv.exe
2011-07-24 16:18:57 -------- d--h--w- c:\windows\update.2
2011-07-24 16:18:25 246272 ----a-w- c:\windows\unrar.exe
2011-07-24 16:16:59 247296 ----a-w- c:\windows\sysdriver32_.exe
2011-07-24 16:16:45 247296 ----a-w- c:\windows\sysdriver32.exe
2011-07-24 16:16:37 -------- d-----w- c:\windows\av_ico
2011-07-24 16:15:27 -------- d--h--w- c:\windows\update.1
2011-07-24 16:15:24 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-24 16:15:24 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-24 16:05:52 1174016 ----a-w- c:\windows\services32.exe
2011-07-22 12:28:26 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d8f7527f-7a76-4b76-bc26-ab6f6b2b6a64}\mpengine.dll
2011-07-17 20:20:36 1170432 ----a-w- c:\users\user\Flash-Player.exe
2011-07-17 18:59:17 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-17 18:59:17 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-07-17 18:59:16 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-28 18:54:20 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-28 18:54:16 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-28 18:54:16 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-28 18:54:16 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-28 18:54:16 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-28 18:54:16 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-28 18:54:16 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-28 18:54:16 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-28 18:54:16 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-06-28 18:54:16 1401344 ----a-w- c:\windows\system32\mssrch.dll
.
==================== Find3M ====================
.
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:32:20 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-06-03 06:01:04 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-06-03 05:59:23 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-06-03 05:56:57 271872 ----a-w- c:\windows\system32\conhost.exe
2011-06-03 03:48:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-05-24 17:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 02:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-03 04:30:02 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 02:46:33 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:46:15 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:46:10 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:17:36 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-27 02:17:28 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-27 02:17:22 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
============= FINISH: 15:52:56.64 ===============


mycity.rs/must-login.png


mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg:
Detaljno citati moja uputstva ( ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima;
Ne traziti istovremeno pomoc na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio;
Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om;
Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj.

Za vise informacija o pravilima Ambulante MyCity foruma: LINK

-------------------------------------------------------------------------------------




Arrow


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.










goran9888 (AMF Tim)

offline
  • Pridružio: 24 Jul 2011
  • Poruke: 9

ComboFix 11-07-25.02 - User 25-Jul-11 18:01:24.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1788.1159 [GMT 2:00]
Running from: c:\users\User\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
c:\users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0C5BA898-90DE-4E2E-BA67-8AA13772BCFB}.xps
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome.manifest
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\.#searchqutb.js.1.3
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\data\search\engines.xml
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\data\search\search.xsl
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\lib\about.xml
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\lib\dtxpanelwin.xul
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\lib\dtxprefwin.xul
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\lib\dtxwin.xul
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\lib\emailnotifierproviders.xml
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\lib\external.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\lib\neterror.xhtml
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\lib\wmpstreamer.html
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\modules\datastore.jsm
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\preferences.xml
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\searchqutb.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\toolbar.htm
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\toolbar.xul
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-mdl.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tl.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tr.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-dragresize.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-down.PNG
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-over.PNG
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-down.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-over.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-down.PNG
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-over.PNG
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize.PNG
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next-off.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous-off.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1227\navico-home.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1227\panel.html
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1227\powered-mystart.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1227\tb_icon.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.xml
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-mdl.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-tl.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-tr.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-dragresize.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-down.PNG
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-over.PNG
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize-down.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize-over.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize-down.PNG
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize-over.PNG
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize.PNG
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-next-off.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-next.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-previous-off.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-previous.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1255\navico-home.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1255\panel.html
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1255\powered-mystart.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1255\tb_icon.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.xml
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-mdl.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-tl.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-tr.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-dragresize.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close-down.PNG
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close-over.PNG
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize-down.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize-over.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize-down.PNG
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize-over.PNG
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize.PNG
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next-off.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-previous-off.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-previous.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1257\navico-home.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1257\panel.html
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1257\powered-mystart.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1257\tb_icon.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.xml
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.YouTube.1217.zip
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-mdl.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tl.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tr.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-dragresize.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-down.PNG
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-over.PNG
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-down.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-over.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-down.PNG
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-over.PNG
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize.PNG
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next-off.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous-off.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.YouTube.1217\navico-home.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.YouTube.1217\panel.html
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.YouTube.1217\powered-mystart.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.YouTube.1217\tb_icon.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.xml
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\bluelite.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\bluesky.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\btn-search-over.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\btn-search.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\btn-settings-over.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\btn-settings.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\btn-widgets-over.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\btn-widgets.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\btn_settings.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\button-down-back-ff.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\button-down-back.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\button-down-left.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\button-down-right.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\button-down-splitter.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\button-drop-back.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\button-drop-left.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\button-drop-right.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\button-drop-splitter.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\button-hover-back-ff.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\button-hover-back.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\button-hover-left.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\button-hover-right.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\button-hover-splitter.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\ca.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\dictionary.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\divider.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\downloadcom.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\email.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\email_on.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\games.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\graphred0.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\graphred0_5.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\grey.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\headsup.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\ico-shield.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\images.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\add.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\aol.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\arrow-dn.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\arrow-right.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\arrow-up.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\bg-btn-end.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\bg-btn-mdl.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\bg-btn-mdl_ff.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\bg-btn-start.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\bg-btnover-end.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\bg-btnover-mdl.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\bg-btnover-start.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\blank.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\btnback-down-vista.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\btnback-vista.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\btnleft-down-vista.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\btnleft-vista.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\btnright-down-vista.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\btnright-vista.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\button-splitter-down-vista.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\button-splitter-vista.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\checkmark.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\chevron.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\collapse.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\comcast.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\dtx.css
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\edit-back-hot.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\edit-back.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\expand.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\found.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\gmail.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\highlight.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\highlight_blue.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\highlight_cyan.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\highlight_lime.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\highlight_magenta.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\highlight_yellow.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\hotmail.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\imap.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\lastsearch-thumb-back.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\loadingMid.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\lock.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\mailcom.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\menu_bg-basic.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\menu_separator_bar.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\menuitem-splitter.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\menuitemback-down-vista.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\menuitemback-vista.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\menuitemleft-down-vista.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\menuitemleft-vista.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\menuitemright-down-vista.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\menuitemright-vista.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\move.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\movetarget.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\css\popupAbout.css
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\css\popupGames.css
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\css\popupWidgets.css
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\footer.htm
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\gamecategory.xsl
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\gameData.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\gameList.xsl
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\gametype.xsl
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\arrow-sml.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\bg-btnover.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\btn-close-grey.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\btn-drag.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\btn-next-over.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\btn-next.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\btn-previous-over.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\btn-previous.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\gamethumb-on.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\ico-calendar.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\ico-download.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\ico-joystick24.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\ico-play.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\ico-tags.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\icon-Add.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\icon-download.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\icon-Info.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\icon-play.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\icon-shop.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\menul-bgon.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\menul-bgover.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\scroll-bg.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\scroll-topwin.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\scrollb-disable.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\scrollb-down.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\scrollb-over.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\scrollb.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\scrollt-disable.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\scrollt-down.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\scrollt-over.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\scrollt.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\star_x_grey.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\star_x_orange.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\view-detailed-on.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\view-detailed-over.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\view-thumb-on.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\view-thumb-over.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\popupGames.html
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\panels\popupWidgets.html
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\pop.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\css\manager.css
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\css\slider.css
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\images\bg-pnl.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\images\btn-close-grey.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\images\collapsed_button.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\images\expanded_button.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\images\ico-playstation.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\images\ico-radio.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\images\music-note.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\images\radio-btn-play.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\images\radio-eq-off.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\images\radio-options-design.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\images\radio-options-on.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\images\radio-options.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\images\radio-volume-0.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\images\radio-volume-1.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\images\radio-volume-2.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\images\radio-volume-3.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\images\scrollbar-track.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\images\slider.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\images\slideron.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\images\track.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\managerpanel.html
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\radio\volumeslider.html
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\remove.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\rename.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\resize-box.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\rss.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\rsschannelback.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\RSSLogo.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\rsstabdivider.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\scroll-left.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\scroll-right.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\search-go.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\search.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\text-ellipsis.xml
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\throbber.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\toolbarsplitter.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\transparent_1px.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\uwa\border_02.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\uwa\border_03.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\uwa\border_04.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\uwa\border_06.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\uwa\border_07.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\uwa\border_08.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\uwa\border_09.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\uwa\border_10.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\uwa\border_11.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\uwa\border_12.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\uwa\border_13.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\uwa\border_14.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\uwa\border_15.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\uwa\border_16.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\uwa\border_18.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\uwa\border_19.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\uwa\border_20.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\uwa\border_21.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\uwa\btn-close-grey.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\uwa\btn-close-greyover.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\uwa\close-hot.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\uwa\close-normal.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\uwa\loadingMid.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\uwa\proxy.html
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\uwa\template.html
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\uwa\template.xml
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\uwa\templateFF.html
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\uwa\throbber.gif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\icons\na.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\icons\weather.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}\chrome\skin\lib\yahoo.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\extensions\{7FF99715-3016-4

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Sadrzaj izvestaja nije mogao da stane u jednu poruku.


Okaci mi, opcijom Prikacij fajl uz poruku, ComboFix izvestaj da pogledam (lokacija izvestaja: C:\ComboFix.txt).










goran9888 (AMF Tim)

offline
  • Pridružio: 24 Jul 2011
  • Poruke: 9

mycity.rs/must-login.png

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Arrow Korak 1



Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\unrar.exe

Folder::
c:\windows\ufa
c:\windows\rpcminer
c:\windows\phoenix
c:\windows\av_ico
c:\windows\update.tray-7-0
c:\windows\update.tray-7-0-lnk

DDS::
uStart Page = hxxp://www.searchqu.com/405

Firefox::
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1p1d8zpb.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=405&q=


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.



Arrow Korak 2


Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
http://www.besttechie.net/tools/mbam-setup.exe

Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;

a zatim klikni Finish.

Nakon završenog ažuriranja program će se pokrenuti.

Izaberi opciju Perform Quick Scan i klikni Scan.

Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.

Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.

Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).



Arrow


Reinstaliraj Avast Anti-Virus. Link za download besplatne verzije: http://www.avast.com/free-antivirus-download








goran9888 (AMF Tim)

offline
  • Pridružio: 24 Jul 2011
  • Poruke: 9

mycity.rs/must-login.png

Malwarebytes' Anti-Malware 1.51.1.1800
malwarebytes.org

Database version: 7279

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

26-Jul-11 13:25:47
mbam-log-2011-07-26 (13-25-47).txt

Scan type: Quick scan
Objects scanned: 150544
Time elapsed: 3 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Jesi li reinstalirao Avast? Koliko vidim, nisi. Odradi taj korak jer nemas aktivan AV na sistemu.





- Promeni sifru na Facebook nalogu i email-u (preporucuje se da promenis sifre na svim tebi vaznim forumima/sajtovima)





Arrow


- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save scrambled log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.




----------------------------------------------




- Kakvo je sada stanje sistema?







goran9888 (AMF Tim)

Ko je trenutno na forumu
 

Ukupno su 1300 korisnika na forumu :: 31 registrovanih, 2 sakrivenih i 1267 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 9k38, amaterSRB, antonije64, Batinas, bojank, bokisha253, Boris90, Dimitrije Paunovic, DonRumataEstorski, drimer, Fabius, Georgius, gorval, JimmyNapoli, Kibice, kihot, kuntalo, Leonov, Mcdado, milenko crazy north, milutin134, novator, sasa87, shadower78, Skywhaler, Srky Boy, stegonosa, Toper, Trpe Grozni, vasa.93, vathra