Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox search engines keep redirecting


  • This topic is locked This topic is locked
14 replies to this topic

#1 SPSDUDE

SPSDUDE

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 18 September 2011 - 06:43 PM

Firefox has been hijacked with a malware. We use Norton's Security Suite. The fire wall and virus scan are all working. This malware or virus appears to only be affecting firefox and not IE. It appears that the only issue is the search engine redirect. A review of the log shows the virus is changing about every minute.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by RoseyB at 13:52:20 on 2011-09-17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3037.2057 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Norton Security Suite *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: Norton Security Suite *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Postbox Express\postbox.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.excite.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: {0cf7685e-757d-4b78-84c0-713a40e92c2f} - C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-032.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Toolbar - Big Fish Games: {c7c9fc25-88b0-4682-9c9f-2608e9117647} - C:\Program Files (x86)\bfgbartb\BfgBarDx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
TB: Toolbar - Big Fish Games: {c7c9fc25-88b0-4682-9c9f-2608e9117647} - C:\Program Files (x86)\bfgbartb\BfgBarDx.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [Ulead AutoDetector v2] C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe" -u auto-update
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
StartupFolder: C:\Users\RoseyB\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\RoseyB\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: DhcpNameServer = 68.87.69.150 68.87.85.102
TCP: Interfaces\{E7490A99-8BD1-40F5-B707-37E22507E905} : DhcpNameServer = 68.87.69.150 68.87.85.102
C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-032.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Toolbar - Big Fish Games: {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files (x86)\bfgbartb\BfgBarDx.dll
BHO-X64: Toolbar - Big Fish Games - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
TB-X64: Toolbar - Big Fish Games: {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files (x86)\bfgbartb\BfgBarDx.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [Ulead AutoDetector v2] C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe" -u auto-update
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.excite.com/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm00384us&ptb=AFA208CE-D8E1-4F94-81FF-7A595A662933&psa=&ind=2011062414&ptnrS=YKxdm00384us&si=CP_nqNiOz6kCFaYZQgodhDAyfw&st=kwd&n=77de608e&searchfor=
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\components\dtTransparency.dll
FF - component: C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\components\dtTransparency3.5.dll
FF - component: C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}\components\dtTransparency3.6.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6
FF - Ext: XUL Cache: {d25b4e4d-c4d4-4dc0-aae7-89d2809dc88a} - %profile%\extensions\{d25b4e4d-c4d4-4dc0-aae7-89d2809dc88a}
FF - Ext: Toolbar - Big Fish Games: {6847DFAE-037A-400c-A524-27F0A281B692} - %profile%\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110909.001\BHDrvx64.sys [2011-9-9 1152632]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys --> C:\Windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110917.031\IDSviA64.sys [2011-9-17 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\N360x64\0403000.005\SYMTDIV.SYS --> C:\Windows\system32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-22 13336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-8-18 2151640]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe [2011-3-9 126392]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-12-22 705856]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-7-28 136824]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-9-10 17152]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-09-16 18:38:55 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2011-09-16 18:33:34 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-09-16 18:24:42 -------- d-----w- C:\ProgramData\Hitman Pro
2011-09-13 00:55:08 -------- d-----w- C:\Users\RoseyB\AppData\Roaming\Vast Studios
2011-09-13 00:54:18 -------- d-----w- C:\Program Files (x86)\Cursed Memories - The Secret of Agony Creek Collector's Edition
2011-09-12 03:30:35 161736 ----a-w- C:\Program Files (x86)\14res.dll
2011-09-11 04:26:39 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2011-09-11 02:21:02 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-09-11 02:18:16 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-09-11 02:18:07 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-09-02 16:24:03 -------- d-----w- C:\Users\RoseyB\AppData\Roaming\Gamers Digital
2011-09-02 16:24:03 -------- d-----w- C:\ProgramData\Gamers Digital
2011-09-02 16:23:21 -------- d-----w- C:\Program Files (x86)\Real Crimes - Jack the Ripper
2011-09-02 16:14:03 -------- d-----w- C:\Program Files (x86)\bfgbartb
2011-08-29 02:38:49 -------- d-----w- C:\Users\RoseyB\AppData\Roaming\Vogat Interactive
2011-08-29 02:38:02 -------- d-----w- C:\Program Files (x86)\FACES
2011-08-23 21:42:07 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-08-23 21:42:07 2048 ----a-w- C:\Windows\System32\tzres.dll
.
==================== Find3M ====================
.
2011-07-22 05:35:08 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 04:56:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:44:55 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-24 14:55:55 255352 ----a-w- C:\Windows\SysWow64\awrdscdc.ax
2011-06-23 05:29:39 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-06-23 04:38:05 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:38:04 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-06-21 06:27:14 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-21 06:20:48 1197056 ----a-w- C:\Windows\System32\wininet.dll
2011-06-21 06:20:06 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-06-21 05:36:36 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-06-21 05:35:05 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-06-21 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec
2011-06-21 04:26:02 386048 ----a-w- C:\Windows\SysWow64\html.iec
.
============= FINISH: 13:52:57.50 =============

BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Members
  • 12,471 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:11 AM

Posted 18 September 2011 - 08:40 PM

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Watch this topic. Click on this then choose Immediate E-Mail notification and then Proceed and you will be advised when I respond to your topic by email.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Lavasoft or Norton.

==========



Please download ComboFix from one of these locations:

Link 1
Link 2

Save it to your Desktop <-- Important!!!

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Right click it and run as admin & follow the prompts.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Still redirected?

Kind regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://organdonor.gov/index.html

#3 SPSDUDE

SPSDUDE
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 22 September 2011 - 10:14 AM

ComboFix 11-09-21.04 - RoseyB 09/22/2011 7:56.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3037.1838 [GMT -7:00]
Running from: c:\users\RoseyB\Documents\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Norton Security Suite *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Security Suite *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Norton Security Suite *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\TotalRecipeSearch_14EI
c:\users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{d25b4e4d-c4d4-4dc0-aae7-89d2809dc88a}
c:\users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{d25b4e4d-c4d4-4dc0-aae7-89d2809dc88a}\chrome.manifest
c:\users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{d25b4e4d-c4d4-4dc0-aae7-89d2809dc88a}\chrome\xulcache.jar
c:\users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{d25b4e4d-c4d4-4dc0-aae7-89d2809dc88a}\defaults\preferences\xulcache.js
c:\users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{d25b4e4d-c4d4-4dc0-aae7-89d2809dc88a}\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2011-08-22 to 2011-09-22 )))))))))))))))))))))))))))))))
.
.
2011-09-22 15:01 . 2011-09-22 15:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-21 22:17 . 2011-09-21 22:17 -------- d-----w- c:\programdata\BC Soft Games
2011-09-21 22:17 . 2011-09-21 22:17 -------- d-----w- c:\program files (x86)\The Magicians Handbook - Cursed Valley
2011-09-16 18:38 . 2011-09-16 18:38 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-09-16 18:33 . 2011-09-18 14:57 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-09-16 18:24 . 2011-09-16 18:32 -------- d-----w- c:\programdata\Hitman Pro
2011-09-13 00:55 . 2011-09-13 00:55 -------- d-----w- c:\users\RoseyB\AppData\Roaming\Vast Studios
2011-09-13 00:54 . 2011-09-13 00:54 -------- d-----w- c:\program files (x86)\Cursed Memories - The Secret of Agony Creek Collector's Edition
2011-09-12 03:30 . 2011-06-24 17:56 161736 ----a-w- c:\program files (x86)\14res.dll
2011-09-11 04:26 . 2011-09-11 02:21 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-09-11 02:21 . 2011-09-11 02:21 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-11 02:18 . 2011-08-18 22:25 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-09-11 02:18 . 2011-09-11 02:18 -------- d-----w- c:\program files (x86)\Lavasoft
2011-09-11 02:18 . 2011-09-11 02:18 -------- d-----w- c:\programdata\Lavasoft
2011-09-02 16:24 . 2011-09-02 16:24 -------- d-----w- c:\users\RoseyB\AppData\Roaming\Gamers Digital
2011-09-02 16:24 . 2011-09-02 16:24 -------- d-----w- c:\programdata\Gamers Digital
2011-09-02 16:23 . 2011-09-02 16:23 -------- d-----w- c:\program files (x86)\Real Crimes - Jack the Ripper
2011-09-02 16:14 . 2011-09-02 16:14 -------- d-----w- c:\program files (x86)\bfgbartb
2011-08-29 02:38 . 2011-08-29 02:38 -------- d-----w- c:\users\RoseyB\AppData\Roaming\Vogat Interactive
2011-08-29 02:38 . 2011-08-29 02:38 -------- d-----w- c:\program files (x86)\FACES
2011-08-23 21:42 . 2011-07-09 05:14 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-23 21:42 . 2011-07-09 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-22 05:35 . 2011-08-10 12:22 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 04:56 . 2011-08-10 12:22 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-16 05:26 . 2011-08-10 12:22 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:26 . 2011-08-10 12:22 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:26 . 2011-08-10 12:22 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:26 . 2011-08-10 12:22 214528 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 05:24 . 2011-08-10 12:22 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:21 . 2011-08-10 12:22 422400 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:17 . 2011-08-10 12:22 338432 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 05:04 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:36 . 2011-08-10 12:22 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:32 . 2011-08-10 12:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:31 . 2011-08-10 12:22 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:30 . 2011-08-10 12:22 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:30 . 2011-08-10 12:22 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:19 . 2011-08-10 12:22 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:26 . 2011-08-10 12:22 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-16 02:26 . 2011-08-10 12:22 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-16 02:21 . 2011-08-10 12:22 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 12:22 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 12:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:44 . 2011-08-10 12:22 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-08-23 3926528]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"Ulead AutoDetector v2"="c:\program files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2007-08-03 95504]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jaureg.exe" [2010-05-14 237800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-18 560128]
.
c:\users\RoseyB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110909.001\BHDrvx64.sys [2011-09-09 1152632]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110921.030\IDSvia64.sys [2011-08-23 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-11 2151640]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 136824]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-09-11 17152]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - HITMANPRO35
*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.excite.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 68.87.69.150 68.87.85.102
FF - ProfilePath - c:\users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.excite.com/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm00384us&ptb=AFA208CE-D8E1-4F94-81FF-7A595A662933&psa=&ind=2011062414&ptnrS=YKxdm00384us&si=CP_nqNiOz6kCFaYZQgodhDAyfw&st=kwd&n=77de608e&searchfor=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6
FF - Ext: Toolbar - Big Fish Games: {6847DFAE-037A-400c-A524-27F0A281B692} - %profile%\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{0CF7685E-757D-4B78-84C0-713A40E92C2f} - c:\windows\SysWow64\api-ms-win-core-misc-l1-1-032.dll
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
.
**************************************************************************
.
Completion time: 2011-09-22 08:09:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-22 15:09
.
Pre-Run: 431,111,557,120 bytes free
Post-Run: 430,775,676,928 bytes free
.
- - End Of File - - A59EC2A227C22FE30BCE0751D2C66070

#4 thcbytes

thcbytes

  • Members
  • 12,471 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:11 AM

Posted 22 September 2011 - 09:29 PM

Are you still redirected? Did you uninstall one of the AV's as I suggested?

==========

:exclame: Warning: This script was specifically written and designed for this user only. Unsupervised use of this tool could render your computer unbootable permanently!! :exclame:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the all of the text in the quotebox below (including the hyperlink if present) into it:

4. Combofix might upload a few suspicious files. Please allow this!!

http://www.bleepingcomputer.com/forums/topic419506.html/page__pid__2416390#entry2416390

Suspect::[89]
c:\program files (x86)\14res.dll

DirLook::
c:\users\Default\AppData\Local\temp
c:\program files (x86)\bfgbartb

DDS::
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm00384us&ptb=AFA208CE-D8E1-4F94-81FF-7A595A662933&psa=&ind=2011062414&ptnrS=YKxdm00384us&si=CP_nqNiOz6kCFaYZQgodhDAyfw&st=kwd&n=77de608e&searchfor=


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

==========

Please go to start => Run => Copy and paste the bold line in the run-box and click OK:

"C:\Qoobox\Add-Remove Programs.txt"

A text file opens up, copy and paste the content to your reply.

Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://organdonor.gov/index.html

#5 SPSDUDE

SPSDUDE
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 25 September 2011 - 10:03 AM

I did uninstall lava-soft, though it wasn't installed until after the problems started. As of right now firefox is working with no re-directs and has for the last day. I have not performed this last step. Do you still want me to do that step or are we good at this point unless it starts doing it again?
Thanks

#6 thcbytes

thcbytes

  • Members
  • 12,471 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:11 AM

Posted 25 September 2011 - 10:36 AM

We are not done. Please follow my instructions exactly as I have outlined above. Please try to reply in a timely fashion as others await my voluntary assistance too.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://organdonor.gov/index.html

#7 SPSDUDE

SPSDUDE
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 26 September 2011 - 07:34 AM

ComboFix 11-09-21.04 - RoseyB 09/26/2011 5:18.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3037.2055 [GMT -7:00]
Running from: c:\users\RoseyB\Desktop\ComboFix.exe
Command switches used :: c:\users\RoseyB\Desktop\CFScript.txt
AV: Norton Security Suite *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Security Suite *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Security Suite *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Y:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-08-26 to 2011-09-26 )))))))))))))))))))))))))))))))
.
.
2011-09-26 12:23 . 2011-09-26 12:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-21 22:17 . 2011-09-21 22:17 -------- d-----w- c:\programdata\BC Soft Games
2011-09-21 22:17 . 2011-09-21 22:17 -------- d-----w- c:\program files (x86)\The Magicians Handbook - Cursed Valley
2011-09-16 18:38 . 2011-09-16 18:38 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-09-16 18:33 . 2011-09-22 15:09 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-09-16 18:24 . 2011-09-16 18:32 -------- d-----w- c:\programdata\Hitman Pro
2011-09-13 00:55 . 2011-09-13 00:55 -------- d-----w- c:\users\RoseyB\AppData\Roaming\Vast Studios
2011-09-13 00:54 . 2011-09-13 00:54 -------- d-----w- c:\program files (x86)\Cursed Memories - The Secret of Agony Creek Collector's Edition
2011-09-12 03:30 . 2011-06-24 17:56 161736 ------w- c:\program files (x86)\14res.dll
2011-09-11 02:21 . 2011-09-11 02:21 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-11 02:18 . 2011-09-24 17:51 -------- d-----w- c:\programdata\Lavasoft
2011-09-02 16:24 . 2011-09-02 16:24 -------- d-----w- c:\users\RoseyB\AppData\Roaming\Gamers Digital
2011-09-02 16:24 . 2011-09-02 16:24 -------- d-----w- c:\programdata\Gamers Digital
2011-09-02 16:23 . 2011-09-02 16:23 -------- d-----w- c:\program files (x86)\Real Crimes - Jack the Ripper
2011-09-02 16:14 . 2011-09-02 16:14 -------- d-----w- c:\program files (x86)\bfgbartb
2011-08-29 02:38 . 2011-08-29 02:38 -------- d-----w- c:\users\RoseyB\AppData\Roaming\Vogat Interactive
2011-08-29 02:38 . 2011-08-29 02:38 -------- d-----w- c:\program files (x86)\FACES
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-22 05:35 . 2011-08-10 12:22 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 04:56 . 2011-08-10 12:22 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-16 05:26 . 2011-08-10 12:22 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:26 . 2011-08-10 12:22 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:26 . 2011-08-10 12:22 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:26 . 2011-08-10 12:22 214528 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 05:24 . 2011-08-10 12:22 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:21 . 2011-08-10 12:22 422400 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:17 . 2011-08-10 12:22 338432 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 05:04 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:36 . 2011-08-10 12:22 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:32 . 2011-08-10 12:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:31 . 2011-08-10 12:22 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:30 . 2011-08-10 12:22 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:30 . 2011-08-10 12:22 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:19 . 2011-08-10 12:22 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:26 . 2011-08-10 12:22 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-16 02:26 . 2011-08-10 12:22 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-16 02:21 . 2011-08-10 12:22 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 12:22 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 12:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 12:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 05:14 . 2011-08-23 21:42 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-09 04:30 . 2011-08-23 21:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-07-09 02:44 . 2011-08-10 12:22 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files (x86)\bfgbartb ----
.
2011-07-13 20:36 . 2011-07-13 20:36 167016 ----a-w- c:\program files (x86)\bfgbartb\uninstall.exe
2011-07-13 20:36 . 2011-07-13 20:36 86696 ----a-w- c:\program files (x86)\bfgbartb\BfgBarDx.dll
2011-07-13 20:36 . 2011-07-13 20:36 447144 ----a-w- c:\program files (x86)\bfgbartb\BfgBarTb.dll
2011-07-13 20:18 . 2011-07-13 20:18 710 ----a-w- c:\program files (x86)\bfgbartb\chrome\content\toolbar.htm
2011-07-13 20:18 . 2011-07-13 20:18 412345 ----a-w- c:\program files (x86)\bfgbartb\chrome\content\lib\external.js
2011-07-13 20:18 . 2011-07-13 20:18 413300 ----a-w- c:\program files (x86)\bfgbartb\chrome\content\toolbar.xul
2011-07-13 20:18 . 2011-07-13 20:18 20936 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\dtx.css
2011-07-11 18:54 . 2011-07-11 18:54 777 ----a-w- c:\program files (x86)\bfgbartb\manifest.xml
2011-07-11 17:23 . 2011-07-11 17:23 42640 ----a-w- c:\program files (x86)\bfgbartb\chrome\content\bfgbar.js
2011-06-30 15:31 . 2011-06-30 15:31 2161 ----a-w- c:\program files (x86)\bfgbartb\chrome\content\videoPreview.html
2011-06-30 15:01 . 2011-06-30 15:01 512 ----a-w- c:\program files (x86)\bfgbartb\chrome\content\preferences.xml
2011-05-25 19:23 . 2011-05-25 19:23 1702 ----a-w- c:\program files (x86)\bfgbartb\chrome\content\popupMenu.css
2011-05-13 06:03 . 2011-05-13 06:03 4827 ----a-w- c:\program files (x86)\bfgbartb\chrome\content\lib\about.xml
2011-05-13 06:03 . 2011-05-13 06:03 573 ----a-w- c:\program files (x86)\bfgbartb\chrome\content\lib\dtxpanel.xul
2011-05-13 06:03 . 2011-05-13 06:03 653 ----a-w- c:\program files (x86)\bfgbartb\chrome\content\lib\dtxpaneltransparent.xul
2011-05-13 06:03 . 2011-05-13 06:03 407 ----a-w- c:\program files (x86)\bfgbartb\chrome\content\lib\dtxpanelwin.xul
2011-05-13 06:03 . 2011-05-13 06:03 307 ----a-w- c:\program files (x86)\bfgbartb\chrome\content\lib\dtxprefwin.xul
2011-05-13 06:03 . 2011-05-13 06:03 626 ----a-w- c:\program files (x86)\bfgbartb\chrome\content\lib\dtxtransparentwin.xul
2011-05-13 06:03 . 2011-05-13 06:03 387 ----a-w- c:\program files (x86)\bfgbartb\chrome\content\lib\dtxwin.xul
2011-05-13 06:03 . 2011-05-13 06:03 344 ----a-w- c:\program files (x86)\bfgbartb\chrome\content\lib\neterror.xhtml
2011-05-13 06:03 . 2011-05-13 06:03 3820 ----a-w- c:\program files (x86)\bfgbartb\chrome\content\modules\datastore.jsm
2011-05-13 06:03 . 2011-05-13 06:03 22187 ----a-w- c:\program files (x86)\bfgbartb\chrome\content\modules\nsDragAndDrop.js
2011-05-13 06:03 . 2011-05-13 06:03 14651 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\popupWidgets.html
2011-05-13 06:03 . 2011-05-13 06:03 907 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\css\popupAbout.css
2011-05-13 06:03 . 2011-05-13 06:03 9698 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\css\popupWidgets.css
2011-05-13 06:03 . 2011-05-13 06:03 2749 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\default\main.html
2011-05-13 06:03 . 2011-05-13 06:03 3162 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\default\css\dialog.css
2011-05-13 06:03 . 2011-05-13 06:03 8005 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\default\images\bg.gif
2011-05-13 06:03 . 2011-05-13 06:03 873 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
2011-05-13 06:03 . 2011-05-13 06:03 857 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\default\images\btn-wide-close.png
2011-05-13 06:03 . 2011-05-13 06:03 867 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\default\images\default.png
2011-05-13 06:03 . 2011-05-13 06:03 49 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\default\images\transparent.gif
2011-05-13 06:03 . 2011-05-13 06:03 204 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\default\images\win-btm-left.png
2011-05-13 06:03 . 2011-05-13 06:03 118 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\default\images\win-btm-mdl.png
2011-05-13 06:03 . 2011-05-13 06:03 214 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
2011-05-13 06:03 . 2011-05-13 06:03 205 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\default\images\win-btm-right.png
2011-05-13 06:03 . 2011-05-13 06:03 3270 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\default\scripts\defscript.js
2011-05-13 06:03 . 2011-05-13 06:03 188 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\arrow-sml-drop.png
2011-05-13 06:03 . 2011-05-13 06:03 211 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\arrow-sml.png
2011-05-13 06:03 . 2011-05-13 06:03 205 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\arrowr-bluew5.png
2011-05-13 06:03 . 2011-05-13 06:03 2526 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\bg-aboutbox.png
2011-05-13 06:03 . 2011-05-13 06:03 179 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\bg-btnover.png
2011-05-13 06:03 . 2011-05-13 06:03 3335 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\bg-pnl520x390.png
2011-05-13 06:03 . 2011-05-13 06:03 1622 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
2011-05-13 06:03 . 2011-05-13 06:03 1643 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
2011-05-13 06:03 . 2011-05-13 06:03 1147 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
2011-05-13 06:03 . 2011-05-13 06:03 283 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\btn-close-grey.png
2011-05-13 06:03 . 2011-05-13 06:03 457 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\btn-close-greyover.png
2011-05-13 06:03 . 2011-05-13 06:03 486 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\btn-drag.png
2011-05-13 06:03 . 2011-05-13 06:03 1032 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\btn-mdl-over.png
2011-05-13 06:03 . 2011-05-13 06:03 1033 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\btn-mdl.png
2011-05-13 06:03 . 2011-05-13 06:03 442 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\btn-next-over.png
2011-05-13 06:03 . 2011-05-13 06:03 471 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\btn-next.png
2011-05-13 06:03 . 2011-05-13 06:03 440 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\btn-previous-over.png
2011-05-13 06:03 . 2011-05-13 06:03 476 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\btn-previous.png
2011-05-13 06:03 . 2011-05-13 06:03 1145 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\btn-right-over.png
2011-05-13 06:03 . 2011-05-13 06:03 3452 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
2011-05-13 06:03 . 2011-05-13 06:03 916 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
2011-05-13 06:03 . 2011-05-13 06:03 2549 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\gamethumb-on.png
2011-05-13 06:03 . 2011-05-13 06:03 566 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\ico-calendar.png
2011-05-13 06:03 . 2011-05-13 06:03 692 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\ico-download.png
2011-05-13 06:03 . 2011-05-13 06:03 209 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\ico-tags.png
2011-05-13 06:03 . 2011-05-13 06:03 228 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\icon-Add.png
2011-05-13 06:03 . 2011-05-13 06:03 218 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\icon-Info.png
2011-05-13 06:03 . 2011-05-13 06:03 179 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\menul-bgon.png
2011-05-13 06:03 . 2011-05-13 06:03 168 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\menul-bgover.png
2011-05-13 06:03 . 2011-05-13 06:03 448 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\panel-botm-noscroll.png
2011-05-13 06:03 . 2011-05-13 06:03 663 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\scroll-bg-206.png
2011-05-13 06:03 . 2011-05-13 06:03 663 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\scroll-bg.png
2011-05-13 06:03 . 2011-05-13 06:03 951 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\scroll-topwin.png
2011-05-13 06:03 . 2011-05-13 06:03 1063 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\scrollb-disable.png
2011-05-13 06:03 . 2011-05-13 06:03 1105 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\scrollb-down.png
2011-05-13 06:03 . 2011-05-13 06:03 1102 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\scrollb-over.png
2011-05-13 06:03 . 2011-05-13 06:03 1118 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\scrollb.png
2011-05-13 06:03 . 2011-05-13 06:03 832 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\scrollt-disable.png
2011-05-13 06:03 . 2011-05-13 06:03 864 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\scrollt-down.png
2011-05-13 06:03 . 2011-05-13 06:03 892 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\scrollt-over.png
2011-05-13 06:03 . 2011-05-13 06:03 893 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\scrollt.png
2011-05-13 06:03 . 2011-05-13 06:03 532 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
2011-05-13 06:03 . 2011-05-13 06:03 328 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\star_x_grey.png
2011-05-13 06:03 . 2011-05-13 06:03 367 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\star_x_orange.png
2011-05-13 06:03 . 2011-05-13 06:03 5528 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\TRUSTe_about.png
2011-05-13 06:03 . 2011-05-13 06:03 496 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\view-detailed-on.png
2011-05-13 06:03 . 2011-05-13 06:03 451 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\view-detailed-over.png
2011-05-13 06:03 . 2011-05-13 06:03 402 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\view-thumb-on.png
2011-05-13 06:03 . 2011-05-13 06:03 380 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\view-thumb-over.png
2011-05-13 06:03 . 2011-05-13 06:03 690 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\widgets-square-16px.png
2011-05-13 06:03 . 2011-05-13 06:03 1097 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\panels\images\widgets-square-24px.png
2011-05-13 06:03 . 2011-05-13 06:03 248 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\uwa\border_02.png
2011-05-13 06:03 . 2011-05-13 06:03 218 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\uwa\border_03.png
2011-05-13 06:03 . 2011-05-13 06:03 293 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\uwa\border_04.png
2011-05-13 06:03 . 2011-05-13 06:03 316 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\uwa\border_06.png
2011-05-13 06:03 . 2011-05-13 06:03 254 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\uwa\border_07.png
2011-05-13 06:03 . 2011-05-13 06:03 328 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\uwa\border_08.png
2011-05-13 06:03 . 2011-05-13 06:03 288 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\uwa\border_09.png
2011-05-13 06:03 . 2011-05-13 06:03 250 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\uwa\border_10.png
2011-05-13 06:03 . 2011-05-13 06:03 284 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\uwa\border_11.png
2011-05-13 06:03 . 2011-05-13 06:03 173 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\uwa\border_12.png
2011-05-13 06:03 . 2011-05-13 06:03 277 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\uwa\border_13.png
2011-05-13 06:03 . 2011-05-13 06:03 270 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\uwa\border_14.png
2011-05-13 06:03 . 2011-05-13 06:03 344 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\uwa\border_15.png
2011-05-13 06:03 . 2011-05-13 06:03 278 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\uwa\border_16.png
2011-05-13 06:03 . 2011-05-13 06:03 312 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\uwa\border_18.png
2011-05-13 06:03 . 2011-05-13 06:03 299 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\uwa\border_19.png
2011-05-13 06:03 . 2011-05-13 06:03 287 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\uwa\border_20.png
2011-05-13 06:03 . 2011-05-13 06:03 300 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\uwa\border_21.png
2011-05-13 06:03 . 2011-05-13 06:03 263 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\uwa\btn-close-grey.png
2011-05-13 06:03 . 2011-05-13 06:03 444 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\uwa\btn-close-greyover.png
2011-05-13 06:03 . 2011-05-13 06:03 579 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\uwa\close-hot.png
2011-05-13 06:03 . 2011-05-13 06:03 585 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\uwa\close-normal.png
2011-05-13 06:03 . 2011-05-13 06:03 7823 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\uwa\loadingMid.gif
2011-05-13 06:03 . 2011-05-13 06:03 354 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\uwa\proxy.html
2011-05-13 06:03 . 2011-05-13 06:03 7617 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\uwa\template.html
2011-05-13 06:03 . 2011-05-13 06:03 810 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\uwa\template.xml
2011-05-13 06:03 . 2011-05-13 06:03 6198 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\uwa\templateFF.html
2011-05-13 06:03 . 2011-05-13 06:03 825 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\uwa\throbber.gif
2011-04-21 21:24 . 2011-04-21 21:24 17680 ----a-w- c:\program files (x86)\bfgbartb\chrome\content\popupMenu.js
2011-03-30 21:23 . 2011-03-30 21:23 19575 ----a-w- c:\program files (x86)\bfgbartb\chrome\content\data\search\engines.xml
2011-03-16 19:22 . 2011-03-16 19:22 2046 ----a-w- c:\program files (x86)\bfgbartb\chrome\content\aboutBox.xml
2011-03-15 14:49 . 2011-03-15 14:49 3177 ----a-w- c:\program files (x86)\bfgbartb\chrome\content\data\feeds\topgames.xsl
2011-03-11 21:13 . 2011-03-11 21:13 8916 ----a-w- c:\program files (x86)\bfgbartb\chrome\content\popupMenu.html
2011-01-10 23:07 . 2011-01-10 23:07 825 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\throbber.gif
2010-10-18 19:32 . 2010-10-18 19:32 5968 ----a-w- c:\program files (x86)\bfgbartb\chrome\content\bfgbar.css
2010-09-10 17:35 . 2010-09-10 17:35 5499 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\icon_install_32x32.png
2010-09-09 21:12 . 2010-09-09 21:12 1795 ----a-w- c:\program files (x86)\bfgbartb\chrome\content\data\search\search.xsl
2010-09-03 18:10 . 2010-09-03 18:10 8066 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\logo-about.png
2010-08-26 14:01 . 2010-08-26 14:01 1960 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\tbnMyGames-st.png
2010-08-18 19:16 . 2010-08-18 19:16 8590 ----a-w- c:\program files (x86)\bfgbartb\chrome\content\cache.js
2010-08-16 17:16 . 2010-08-16 17:16 657 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\icon_bfg_web.png
2010-08-16 17:16 . 2010-08-16 17:16 347 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\web.png
2010-08-13 21:06 . 2010-08-13 21:06 1991 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\btn-settings-over.png
2010-08-13 21:06 . 2010-08-13 21:06 1944 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\btn-settings.png
2010-08-13 16:56 . 2010-08-13 16:56 3601 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\btn-search-over.png
2010-08-13 14:24 . 2010-08-13 14:24 3597 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\btn-search.png
2010-08-12 13:49 . 2010-08-12 13:49 2836 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\btn-hot-body-FF.png
2010-08-12 13:49 . 2010-08-12 13:49 1085 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\btn-std-body-FF.png
2010-08-12 13:47 . 2010-08-12 13:47 87 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\toolbar-bg.gif
2010-08-05 18:58 . 2010-08-05 18:58 2270 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\alert-newreleases.png
2010-08-05 18:58 . 2010-08-05 18:58 2280 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\alert-offers.png
2010-08-05 18:58 . 2010-08-05 18:58 2004 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\alert-topgames.png
2010-08-05 18:58 . 2010-08-05 18:58 205 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\btn-hot-body-IE.png
2010-08-05 18:58 . 2010-08-05 18:58 375 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\btn-hot-left.png
2010-08-05 18:58 . 2010-08-05 18:58 376 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\btn-hot-right.png
2010-08-05 18:58 . 2010-08-05 18:58 178 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\btn-std-body-IE.png
2010-08-05 18:58 . 2010-08-05 18:58 290 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\btn-std-left.png
2010-08-05 18:58 . 2010-08-05 18:58 284 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\btn-std-right.png
2010-08-05 18:58 . 2010-08-05 18:58 1886 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\icon-newreleases.png
2010-08-05 18:58 . 2010-08-05 18:58 1934 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\icon-offers.png
2010-08-05 18:58 . 2010-08-05 18:58 1474 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\icon-topgames.png
2010-07-30 17:29 . 2010-07-30 17:29 1033 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\tbnTopGames-st.png
2010-07-07 20:21 . 2010-07-07 20:21 9062 ----a-w- c:\program files (x86)\bfgbartb\install.ico
2010-06-30 20:05 . 2010-06-30 20:05 1201 ----a-w- c:\program files (x86)\bfgbartb\chrome\content\data\feeds\bigfishgames.xsl
2010-06-30 20:05 . 2010-06-30 20:05 4082 ----a-w- c:\program files (x86)\bfgbartb\chrome\content\data\feeds\newgames.xsl
2010-06-30 20:05 . 2010-06-30 20:05 1487 ----a-w- c:\program files (x86)\bfgbartb\chrome\content\data\feeds\whatsnew.xsl
2010-04-22 15:44 . 2010-04-22 15:44 46 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\arrow-right-disabled.gif
2010-03-04 14:29 . 2010-03-04 14:29 386 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\search-bg-game.gif
2010-03-04 14:28 . 2010-03-04 14:28 360 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\search-bg-web.gif
2010-02-24 20:42 . 2010-02-24 20:42 657 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\icon_bfg.png
2010-02-06 01:00 . 2010-02-06 01:00 4363 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\options\options-main.png
2010-02-06 01:00 . 2010-02-06 01:00 4139 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\options\options-search.png
2010-02-06 01:00 . 2010-02-06 01:00 1778 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\options\options-weather.gif
2010-02-04 15:08 . 2010-02-04 15:08 1081 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\options\options-widgets.png
2010-01-29 22:12 . 2010-01-29 22:12 203 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\bg-btn-mdl_ff.png
2010-01-29 22:07 . 2010-01-29 22:07 296 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\bg-btn-end.png
2010-01-29 22:07 . 2010-01-29 22:07 189 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\bg-btn-mdl.png
2010-01-29 22:07 . 2010-01-29 22:07 326 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\bg-btn-start.png
2010-01-29 22:07 . 2010-01-29 22:07 284 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\bg-btnover-end.png
2010-01-29 22:07 . 2010-01-29 22:07 193 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\bg-btnover-mdl.png
2010-01-29 22:07 . 2010-01-29 22:07 2862 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\bg-btnover-mdl_ff.png
2010-01-29 22:07 . 2010-01-29 22:07 335 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\bg-btnover-start.png
2009-10-29 15:34 . 2009-10-29 15:34 347 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\yahoo-icon.png
2009-06-30 18:48 . 2009-06-30 18:48 2812 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\menu_separator_bar.png
2009-06-16 18:40 . 2009-06-16 18:40 3136 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\menu_bg-basic.png
2009-06-04 14:56 . 2009-06-04 14:56 45 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\transparent_1px.gif
2009-04-16 21:52 . 2009-04-16 21:52 2332 ----a-w- c:\program files (x86)\bfgbartb\components\windowmediator.js
2009-04-16 21:41 . 2009-04-16 21:41 4344 ----a-w- c:\program files (x86)\bfgbartb\chrome\content\data\languages.xml
2009-04-15 22:22 . 2009-04-15 22:22 1716 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\topgames\bg\b1.gif
2009-04-15 22:22 . 2009-04-15 22:22 635 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\topgames\bg\b10.gif
2009-04-15 22:22 . 2009-04-15 22:22 617 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\topgames\bg\b2.gif
2009-04-15 22:22 . 2009-04-15 22:22 811 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\topgames\bg\b3.gif
2009-04-15 22:22 . 2009-04-15 22:22 840 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\topgames\bg\b4.gif
2009-04-15 22:22 . 2009-04-15 22:22 845 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\topgames\bg\b5.gif
2009-04-15 22:22 . 2009-04-15 22:22 819 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\topgames\bg\b6.gif
2009-04-15 22:22 . 2009-04-15 22:22 820 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\topgames\bg\b7.gif
2009-04-15 22:22 . 2009-04-15 22:22 776 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\topgames\bg\b8.gif
2009-04-15 22:22 . 2009-04-15 22:22 789 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\topgames\bg\b9.gif
2009-04-15 22:22 . 2009-04-15 22:22 395 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\topgames\fg\d1.png
2009-04-15 22:22 . 2009-04-15 22:22 1023 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\topgames\fg\d10.png
2009-04-15 22:22 . 2009-04-15 22:22 750 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\topgames\fg\d2.png
2009-04-15 22:22 . 2009-04-15 22:22 862 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\topgames\fg\d3.png
2009-04-15 22:22 . 2009-04-15 22:22 647 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\topgames\fg\d4.png
2009-04-15 22:22 . 2009-04-15 22:22 725 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\topgames\fg\d5.png
2009-04-15 22:22 . 2009-04-15 22:22 874 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\topgames\fg\d6.png
2009-04-15 22:22 . 2009-04-15 22:22 574 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\topgames\fg\d7.png
2009-04-15 22:22 . 2009-04-15 22:22 869 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\topgames\fg\d8.png
2009-04-15 22:22 . 2009-04-15 22:22 850 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\topgames\fg\d9.png
2009-04-15 22:22 . 2009-04-15 22:22 7047 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\topgames\fg\flame.png
2009-04-15 22:22 . 2009-04-15 22:22 601 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\m12.png
2009-04-15 22:22 . 2009-04-15 22:22 582 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\m2.png
2009-04-15 22:22 . 2009-04-15 22:22 667 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\m3.png
2009-04-15 22:22 . 2009-04-15 22:22 642 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\m4.png
2009-04-15 22:22 . 2009-04-15 22:22 644 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\m5.png
2009-04-15 22:22 . 2009-04-15 22:22 571 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\m6.png
2009-04-15 22:22 . 2009-04-15 22:22 536 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\m7.png
2009-04-15 22:22 . 2009-04-15 22:22 686 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\m8.png
2009-04-15 22:22 . 2009-04-15 22:22 613 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\m9.png
2009-04-15 22:22 . 2009-04-15 22:22 1894 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\today.png
2009-04-15 22:22 . 2009-04-15 22:22 4630 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\tomorrow.png
2009-04-15 22:22 . 2009-04-15 22:22 1162 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\bg\b1.gif
2009-04-15 22:22 . 2009-04-15 22:22 433 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\bg\b10.gif
2009-04-15 22:22 . 2009-04-15 22:22 1757 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\bg\b2.gif
2009-04-15 22:22 . 2009-04-15 22:22 710 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\bg\b3.gif
2009-04-15 22:22 . 2009-04-15 22:22 743 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\bg\b4.gif
2009-04-15 22:22 . 2009-04-15 22:22 770 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\bg\b5.gif
2009-04-15 22:22 . 2009-04-15 22:22 806 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\bg\b6.gif
2009-04-15 22:22 . 2009-04-15 22:22 770 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\bg\b7.gif
2009-04-15 22:22 . 2009-04-15 22:22 769 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\bg\b8.gif
2009-04-15 22:22 . 2009-04-15 22:22 783 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\bg\b9.gif
2009-04-15 22:22 . 2009-04-15 22:22 519 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\bg\f1.png
2009-04-15 22:22 . 2009-04-15 22:22 228 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\bg\f10.png
2009-04-15 22:22 . 2009-04-15 22:22 676 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\bg\f2.png
2009-04-15 22:22 . 2009-04-15 22:22 592 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\bg\f3.png
2009-04-15 22:22 . 2009-04-15 22:22 581 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\bg\f4.png
2009-04-15 22:22 . 2009-04-15 22:22 578 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\bg\f5.png
2009-04-15 22:22 . 2009-04-15 22:22 584 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\bg\f6.png
2009-04-15 22:22 . 2009-04-15 22:22 569 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\bg\f7.png
2009-04-15 22:22 . 2009-04-15 22:22 552 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\bg\f8.png
2009-04-15 22:22 . 2009-04-15 22:22 555 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\bg\f9.png
2009-04-15 22:22 . 2009-04-15 22:22 725 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\bg\h1.png
2009-04-15 22:22 . 2009-04-15 22:22 504 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\bg\h10.png
2009-04-15 22:22 . 2009-04-15 22:22 661 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\bg\h2.png
2009-04-15 22:22 . 2009-04-15 22:22 499 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\bg\h3.png
2009-04-15 22:22 . 2009-04-15 22:22 508 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\bg\h4.png
2009-04-15 22:22 . 2009-04-15 22:22 530 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\bg\h5.png
2009-04-15 22:22 . 2009-04-15 22:22 510 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\bg\h6.png
2009-04-15 22:22 . 2009-04-15 22:22 517 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\bg\h7.png
2009-04-15 22:22 . 2009-04-15 22:22 523 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\bg\h8.png
2009-04-15 22:22 . 2009-04-15 22:22 488 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\bg\h9.png
2009-04-15 22:22 . 2009-04-15 22:22 395 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\d1.png
2009-04-15 22:22 . 2009-04-15 22:22 1023 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\d10.png
2009-04-15 22:22 . 2009-04-15 22:22 454 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\d11.png
2009-04-15 22:22 . 2009-04-15 22:22 917 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\d12.png
2009-04-15 22:22 . 2009-04-15 22:22 1013 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\d13.png
2009-04-15 22:22 . 2009-04-15 22:22 818 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\d14.png
2009-04-15 22:22 . 2009-04-15 22:22 881 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\d15.png
2009-04-15 22:22 . 2009-04-15 22:22 1046 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\d16.png
2009-04-15 22:22 . 2009-04-15 22:22 768 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\d17.png
2009-04-15 22:22 . 2009-04-15 22:22 1048 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\d18.png
2009-04-15 22:22 . 2009-04-15 22:22 1010 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\d19.png
2009-04-15 22:22 . 2009-04-15 22:22 750 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\d2.png
2009-04-15 22:22 . 2009-04-15 22:22 1251 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\d20.png
2009-04-15 22:22 . 2009-04-15 22:22 918 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\d21.png
2009-04-15 22:22 . 2009-04-15 22:22 828 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\d22.png
2009-04-15 22:22 . 2009-04-15 22:22 1209 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\d23.png
2009-04-15 22:22 . 2009-04-15 22:22 1123 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\d24.png
2009-04-15 22:22 . 2009-04-15 22:22 1110 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\d25.png
2009-04-15 22:22 . 2009-04-15 22:22 1224 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\d26.png
2009-04-15 22:22 . 2009-04-15 22:22 1050 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\d27.png
2009-04-15 22:22 . 2009-04-15 22:22 1271 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\d28.png
2009-04-15 22:22 . 2009-04-15 22:22 1213 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\d29.png
2009-04-15 22:22 . 2009-04-15 22:22 862 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\d3.png
2009-04-15 22:22 . 2009-04-15 22:22 1324 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\d30.png
2009-04-15 22:22 . 2009-04-15 22:22 1027 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\d31.png
2009-04-15 22:22 . 2009-04-15 22:22 647 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\d4.png
2009-04-15 22:22 . 2009-04-15 22:22 725 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\d5.png
2009-04-15 22:22 . 2009-04-15 22:22 874 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\d6.png
2009-04-15 22:22 . 2009-04-15 22:22 574 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\d7.png
2009-04-15 22:22 . 2009-04-15 22:22 869 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\d8.png
2009-04-15 22:22 . 2009-04-15 22:22 850 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\d9.png
2009-04-15 22:22 . 2009-04-15 22:22 600 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\m1.png
2009-04-15 22:22 . 2009-04-15 22:22 588 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\m10.png
2009-04-15 22:22 . 2009-04-15 22:22 669 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\fg\m11.png
2009-04-15 22:22 . 2009-04-15 22:22 1350 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\bigfishgames\customer_support.png
2009-04-15 22:22 . 2009-04-15 22:22 1319 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\bigfishgames\download_games.png
2009-04-15 22:22 . 2009-04-15 22:22 1521 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\bigfishgames\forums.png
2009-04-15 22:22 . 2009-04-15 22:22 1727 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\bigfishgames\ico.png
2009-04-15 22:22 . 2009-04-15 22:22 1711 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\bigfishgames\mygamespace.png
2009-04-15 22:22 . 2009-04-15 22:22 1279 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\bigfishgames\online_games.png
2009-04-15 22:22 . 2009-04-15 22:22 1989 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\bigfishgames\visit_bigfishgames.png
2009-04-15 22:22 . 2009-04-15 22:22 1350 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\bigfishgames\whatsnew.png
2009-04-15 22:22 . 2009-04-15 22:22 1221 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\newgames\ico.png
2009-04-15 22:22 . 2009-04-15 22:22 1047 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\topgames\ico.png
2009-04-15 22:22 . 2009-04-15 22:22 9792 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\whatsnew\felix.png
2009-04-15 22:22 . 2009-04-15 22:22 10614 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\whatsnew\game_club.png
2009-04-15 22:22 . 2009-04-15 22:22 15783 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\whatsnew\gift.png
2009-04-15 22:22 . 2009-04-15 22:22 1434 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\whatsnew\ico.png
2009-04-15 22:22 . 2009-04-15 22:22 123 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\tab_ftrleft.gif
2009-04-15 22:22 . 2009-04-15 22:22 122 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\tab_ftrright.gif
2009-04-15 22:22 . 2009-04-15 22:22 128 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\tab_hdrleft.gif
2009-04-15 22:22 . 2009-04-15 22:22 126 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\tab_hdrright.gif
2009-04-15 22:22 . 2009-04-15 22:22 1003 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\tbnBigFishGames-st.png
2009-04-15 22:22 . 2009-04-15 22:22 1923 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\tbnNewReleases-ani.gif
2009-04-15 22:22 . 2009-04-15 22:22 1003 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\tbnNewReleases-st.png
2009-04-15 22:22 . 2009-04-15 22:22 1001 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\tbnPlayOnline-st.png
2009-04-15 22:22 . 2009-04-15 22:22 689 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\tbnTopGames-ani.gif
2009-04-15 22:22 . 2009-04-15 22:22 1762 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\tbnWhatsNew-ani.gif
2009-04-15 22:22 . 2009-04-15 22:22 1008 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\tbnWhatsNew-st.png
2009-04-15 22:22 . 2009-04-15 22:22 584 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\video.png
2009-04-15 22:22 . 2009-04-15 22:22 2618 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\videopreview_bg.png
2009-04-15 22:22 . 2009-04-15 22:22 51 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\border-btm.gif
2009-04-15 22:22 . 2009-04-15 22:22 354 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\border-left.gif
2009-04-15 22:22 . 2009-04-15 22:22 354 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\border-right.gif
2009-04-15 22:22 . 2009-04-15 22:22 170 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\border-top-left.gif
2009-04-15 22:22 . 2009-04-15 22:22 158 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\border-top-right.gif
2009-04-15 22:22 . 2009-04-15 22:22 64 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\border-top.gif
2009-04-15 22:22 . 2009-04-15 22:22 146 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\btn-hot-body-FF.gif
2009-04-15 22:22 . 2009-04-15 22:22 149 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\btn-hot-body-IE.gif
2009-04-15 22:22 . 2009-04-15 22:22 96 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\btn-hot-body-mygames-FF.gif
2009-04-15 22:22 . 2009-04-15 22:22 149 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\btn-hot-body-mygames-IE.gif
2009-04-15 22:22 . 2009-04-15 22:22 190 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\btn-hot-left-mygames.gif
2009-04-15 22:22 . 2009-04-15 22:22 346 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\btn-hot-left.gif
2009-04-15 22:22 . 2009-04-15 22:22 189 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\btn-hot-right-mygames.gif
2009-04-15 22:22 . 2009-04-15 22:22 348 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\btn-hot-right.gif
2009-04-15 22:22 . 2009-04-15 22:22 866 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\btn-search.gif
2009-04-15 22:22 . 2009-04-15 22:22 94 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\btn-std-body-FF.gif
2009-04-15 22:22 . 2009-04-15 22:22 96 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\btn-std-body-IE.gif
2009-04-15 22:22 . 2009-04-15 22:22 67 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\btn-std-body-mygames-FF.gif
2009-04-15 22:22 . 2009-04-15 22:22 95 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\btn-std-body-mygames-IE.gif
2009-04-15 22:22 . 2009-04-15 22:22 114 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\btn-std-left-mygames.gif
2009-04-15 22:22 . 2009-04-15 22:22 335 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\btn-std-left.gif
2009-04-15 22:22 . 2009-04-15 22:22 114 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\btn-std-right-mygames.gif
2009-04-15 22:22 . 2009-04-15 22:22 335 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\btn-std-right.gif
2009-04-15 22:22 . 2009-04-15 22:22 5993 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\close.png
2009-04-15 22:22 . 2009-04-15 22:22 1001 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\next.png
2009-04-15 22:22 . 2009-04-15 22:22 134 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\scroller-btm-arrow.gif
2009-04-15 22:22 . 2009-04-15 22:22 68 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\scroller-btm-body.gif
2009-04-15 22:22 . 2009-04-15 22:22 194 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\scroller-btm-left.gif
2009-04-15 22:22 . 2009-04-15 22:22 208 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\scroller-btm-right.gif
2009-04-15 22:22 . 2009-04-15 22:22 138 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\scroller-top-arrow.gif
2009-04-15 22:22 . 2009-04-15 22:22 93 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\scroller-top-body.gif
2009-04-15 22:22 . 2009-04-15 22:22 193 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\scroller-top-left.gif
2009-04-15 22:22 . 2009-04-15 22:22 208 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\scroller-top-right.gif
2009-04-15 22:22 . 2009-04-15 22:22 205 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\selbar-btm-left.gif
2009-04-15 22:22 . 2009-04-15 22:22 207 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\selbar-btm-right.gif
2009-04-15 22:22 . 2009-04-15 22:22 90 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\selbar-btm.gif
2009-04-15 22:22 . 2009-04-15 22:22 265 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\selbar-left.gif
2009-04-15 22:22 . 2009-04-15 22:22 266 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\selbar-right.gif
2009-04-15 22:22 . 2009-04-15 22:22 205 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\selbar-top-left.gif
2009-04-15 22:22 . 2009-04-15 22:22 204 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\selbar-top-right.gif
2009-04-15 22:22 . 2009-04-15 22:22 65 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\selbar-top.gif
2009-04-15 22:22 . 2009-04-15 22:22 157 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\slider_bg.gif
2009-04-15 22:22 . 2009-04-15 22:22 105 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\tab-top-left-corner.gif
2009-04-15 22:22 . 2009-04-15 22:22 104 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\tab-top-right-corner.gif
2009-04-14 22:14 . 2009-04-14 22:14 1349 ----a-w- c:\program files (x86)\bfgbartb\chrome\content\data\search\engines_all.xml
2009-04-14 22:14 . 2009-04-14 22:14 865 ----a-w- c:\program files (x86)\bfgbartb\chrome\content\data\search\engines_uk.xml
2009-04-08 20:06 . 2009-04-08 20:06 423 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\text-ellipsis.xml
2009-03-10 16:02 . 2009-03-10 16:02 143 ----a-w- c:\program files (x86)\bfgbartb\chrome\content\data\localization.xml
2009-03-09 14:46 . 2009-03-09 14:46 1170 ----a-w- c:\program files (x86)\bfgbartb\chrome\content\data\feeds\whatsnew.xml
2009-03-09 14:46 . 2009-03-09 14:46 5192 ----a-w- c:\program files (x86)\bfgbartb\chrome\content\data\feeds\topgames.xml
2009-03-09 14:46 . 2009-03-09 14:46 4759 ----a-w- c:\program files (x86)\bfgbartb\chrome\content\data\feeds\newgames.xml
2009-03-09 14:45 . 2009-03-09 14:45 1580 ----a-w- c:\program files (x86)\bfgbartb\chrome\content\data\feeds\bigfishgames.xml
2008-11-28 13:10 . 2008-11-28 13:10 1895 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\lastsearch-thumb-back.gif
2008-11-17 13:10 . 2008-11-17 13:10 236 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\scroll-left.png
2008-11-17 13:10 . 2008-11-17 13:10 235 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\scroll-right.png
2008-10-20 04:54 . 2008-10-20 04:54 58 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\move.gif
2008-10-20 04:54 . 2008-10-20 04:54 491 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\movetarget.png
2008-08-17 23:01 . 2008-08-17 23:01 55 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\blank.gif
2008-07-28 20:49 . 2008-07-28 20:49 46 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\arrow-dn.gif
2008-07-28 20:49 . 2008-07-28 20:49 46 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\arrow-right.gif
2008-07-28 20:49 . 2008-07-28 20:49 191 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\btnback-down-vista.png
2008-07-28 20:49 . 2008-07-28 20:49 191 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\btnback-vista.png
2008-07-28 20:49 . 2008-07-28 20:49 294 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\btnleft-down-vista.png
2008-07-28 20:49 . 2008-07-28 20:49 293 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\btnleft-vista.png
2008-07-28 20:49 . 2008-07-28 20:49 274 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\btnright-down-vista.png
2008-07-28 20:49 . 2008-07-28 20:49 297 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\btnright-vista.png
2008-07-28 20:49 . 2008-07-28 20:49 245 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\button-splitter-down-vista.png
2008-07-28 20:49 . 2008-07-28 20:49 248 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\button-splitter-vista.png
2008-07-28 20:49 . 2008-07-28 20:49 293 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\checkmark.png
2008-07-28 20:49 . 2008-07-28 20:49 175 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\chevron.png
2008-07-28 20:49 . 2008-07-28 20:49 209 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\edit-back-hot.png
2008-07-28 20:49 . 2008-07-28 20:49 205 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\edit-back.png
2008-07-28 20:49 . 2008-07-28 20:49 795 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\highlight.png
2008-07-28 20:49 . 2008-07-28 20:49 293 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\highlight_blue.png
2008-07-28 20:49 . 2008-07-28 20:49 283 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\highlight_cyan.png
2008-07-28 20:49 . 2008-07-28 20:49 284 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\highlight_lime.png
2008-07-28 20:49 . 2008-07-28 20:49 286 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\highlight_magenta.png
2008-07-28 20:49 . 2008-07-28 20:49 293 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\highlight_yellow.png
2008-07-28 20:49 . 2008-07-28 20:49 120 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\menuitem-splitter.png
2008-07-28 20:49 . 2008-07-28 20:49 186 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\menuitemback-down-vista.png
2008-07-28 20:49 . 2008-07-28 20:49 191 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\menuitemback-vista.png
2008-07-28 20:49 . 2008-07-28 20:49 270 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\menuitemleft-down-vista.png
2008-07-28 20:49 . 2008-07-28 20:49 293 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\menuitemleft-vista.png
2008-07-28 20:49 . 2008-07-28 20:49 235 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\menuitemright-down-vista.png
2008-07-28 20:49 . 2008-07-28 20:49 297 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\menuitemright-vista.png
2008-07-28 20:49 . 2008-07-28 20:49 323 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\radio.png
2008-07-28 20:49 . 2008-07-28 20:49 92 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\resize-box.gif
2008-07-28 20:49 . 2008-07-28 20:49 824 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\search-go.png
2008-07-28 20:49 . 2008-07-28 20:49 76 ----a-w- c:\program files (x86)\bfgbartb\chrome\skin\lib\toolbarsplitter.gif
.
---- Directory of c:\users\Default\AppData\Local\temp ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-22_15.06.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-26 12:24 . 2011-09-26 12:24 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2011-09-22 15:04 . 2011-09-22 15:04 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2011-09-22 15:05 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-09-26 12:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-09-22 15:05 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-09-26 12:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-09-26 12:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-09-22 15:05 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-07 23:36 . 2011-09-22 15:07 32592 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-09-22 15:07 25026 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-03-07 23:34 . 2011-09-22 12:27 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-07 23:34 . 2011-09-25 01:41 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-07 23:34 . 2011-09-22 12:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-07 23:34 . 2011-09-25 01:41 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-09-22 12:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-09-25 01:41 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-09-22 15:09 78512 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-03-08 01:02 . 2011-09-26 12:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-08 01:02 . 2011-09-22 14:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-08 01:02 . 2011-09-22 14:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-08 01:02 . 2011-09-26 12:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-16 10:19 . 2011-09-26 12:24 3508 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-06-16 10:19 . 2011-09-18 10:25 3508 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-03-08 01:19 . 2011-09-22 15:07 7372 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-595959905-2252331606-883414425-1000_UserData.bin
+ 2011-09-26 12:25 . 2011-09-26 12:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-09-22 15:05 . 2011-09-22 15:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-26 12:25 . 2011-09-26 12:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-09-22 15:05 . 2011-09-22 15:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-03-08 14:30 . 2011-09-26 12:07 243222 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 05:01 . 2011-09-22 15:04 298444 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-09-26 12:24 298444 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:45 . 2011-09-18 15:56 3802522 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-09-22 15:08 3802522 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 02:34 . 2011-09-22 03:10 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-09-26 07:42 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0CF7685E-757D-4B78-84C0-713A40E92C2f}]
c:\windows\SysWow64\api-ms-win-core-misc-l1-1-032.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-08-23 3926528]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"Ulead AutoDetector v2"="c:\program files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2007-08-03 95504]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jaureg.exe" [2010-05-14 237800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-18 560128]
.
c:\users\RoseyB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110909.001\BHDrvx64.sys [2011-09-09 1152632]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110923.030\IDSvia64.sys [2011-08-23 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 136824]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.excite.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 68.87.69.150 68.87.85.102
FF - ProfilePath - c:\users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.excite.com/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm00384us&ptb=AFA208CE-D8E1-4F94-81FF-7A595A662933&psa=&ind=2011062414&ptnrS=YKxdm00384us&si=CP_nqNiOz6kCFaYZQgodhDAyfw&st=kwd&n=77de608e&searchfor=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6
FF - Ext: Toolbar - Big Fish Games: {6847DFAE-037A-400c-A524-27F0A281B692} - %profile%\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hitmanpro35]
"ImagePath"="\??\c:\windows\system32\drivers\hitmanpro35.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hitmanpro35]
"ImagePath"="\??\c:\windows\system32\drivers\hitmanpro35.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
.
**************************************************************************
.
Completion time: 2011-09-26 05:29:13 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-26 12:29
ComboFix2.txt 2011-09-22 15:09
.
Pre-Run: 430,444,089,344 bytes free
Post-Run: 430,788,886,528 bytes free
.
- - End Of File - - 3B20F6FA5F7A27821CD8DF584D877AF5
Upload was successful


Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.2
Amazing Adventures - The Forgotten Dynasty
Apple Application Support
Apple Software Update
AudibleManager
Best Buy pc app
Big Fish Games: Game Manager
Can You See What I See?
Cursed Memories: The Secret of Agony Creek Collector's Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Dock
Dell Getting Started Guide
Dell Product Registration
DHTML Editing Component
Escape Rosecliff Island
Escape the Museum
F.A.C.E.S.
Fairway Solitaire
Fishdom H2O: Hidden Odyssey ™
G.H.O.S.T. Hunters: The Haunting of Majesty Manor
GoToAssist 8.0.0.514
Haunted Halls - Green Hills Sanitarium
Hidden Expedition &reg;: Amazon
Hidden Expedition: The Uncharted Islands Collector's Edition
Hidden Mysteries - White House
Hidden Mysteries Titanic
Intel® Control Center
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 6 Update 21
Junk Mail filter update
Margrave Manor 2: The Lost Ship
Margrave: The Curse of the Severed Heart
Masque IGT Slots Little Green Men
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox (3.6.22)
MSVCRT
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Musaic Box
Mysteries of Cleopatra
Mystery Case Files &reg;: 13th Skull ™ Collector's Edition
Mystery Case Files: Madame Fate &reg;
Mystery Case Files: Prime Suspects ™
Mystery Case Files: Ravenhearst &reg;
Mystery Case Files: Return to Ravenhearst ™
Mystery Trackers: Raincliff
Mystery Trackers: The Void
Nightfall Mysteries: Curse of the Opera
Norton Security Suite
OpenOffice.org 3.3
Phantasmat Collector's Edition
PhotoImpact X3
PMB
Postbox Express (1.0.1)
QuickTime
Real Crimes: Jack the Ripper
Realtek High Definition Audio Driver
Redrum ™
Reel Deal Slots Adventure
Roxio Burn
Secrets of Great Art
Secrets of the Dark: Temple of Night Collector's Edition
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Shadow Wolf Mysteries: Curse of the Full Moon Collector's Edition
The Magicians Handbook: Cursed Valley
Timeless: The Forgotten Town Collector's Edition
Toolbar - Big Fish Games
Treasure Seekers: Follow the Ghosts
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Voodoo Whisperer: Curse of a Legend
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer

#8 thcbytes

thcbytes

  • Members
  • 12,471 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:11 AM

Posted 26 September 2011 - 02:44 PM

Well done. :thumbup2:

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

==========

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

==========

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

==========

With your next post please provide:

  • MBAM log
  • ESET log
  • OTL.txt
  • Extra.txt
  • How is your computer running now?

Kind regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://organdonor.gov/index.html

#9 SPSDUDE

SPSDUDE
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 26 September 2011 - 06:41 PM

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7803

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/26/2011 2:47:08 PM
mbam-log-2011-09-26 (14-47-08).txt

Scan type: Quick scan
Objects scanned: 181592
Time elapsed: 2 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files (x86)\14res.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.



ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=2ce2e7bdcff140459ac102b332538b7a
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-09-26 11:16:33
# local_time=2011-09-26 04:16:33 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=3589 16777213 80 82 4902056 80353323 0 0
# compatibility_mode=5893 16776574 66 85 68603561 68618478 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=243922
# found=4
# cleaned=4
# scan_time=3965
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{d25b4e4d-c4d4-4dc0-aae7-89d2809dc88a}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{d25b4e4d-c4d4-4dc0-aae7-89d2809dc88a}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C


OTL logfile created on: 9/26/2011 4:28:14 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\RoseyB\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 44.63% Memory free
5.93 Gb Paging File | 4.22 Gb Available in Paging File | 71.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.84 Gb Total Space | 400.91 Gb Free Space | 87.95% Space Free | Partition Type: NTFS
Drive D: | 3.96 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ROSEYB-PC | User Name: RoseyB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/26 16:26:30 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\RoseyB\Desktop\OTL.exe
PRC - [2011/09/06 10:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 08:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 08:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/06/22 08:47:34 | 000,884,304 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
PRC - [2011/04/05 14:19:16 | 002,692,024 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\NUA.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/11/27 00:55:44 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/11/27 00:55:44 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/07/05 14:44:43 | 012,483,584 | ---- | M] (Postbox, Inc.) -- C:\Program Files (x86)\Postbox Express\postbox.exe
PRC - [2010/03/03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 19:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe
PRC - [2009/10/15 02:10:44 | 001,169,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
PRC - [2009/10/15 02:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2007/08/02 21:08:00 | 000,095,504 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/18 03:24:08 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\60aa01ac9637903f30ac346c55ce58bb\PresentationFramework.Aero.ni.dll
MOD - [2011/09/18 03:23:51 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\462ca53f84ff85f159d5555d91a5e28d\PresentationFramework.ni.dll
MOD - [2011/09/18 03:23:42 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\808e41877f992187276492aa2e55e909\PresentationCore.ni.dll
MOD - [2011/09/18 03:23:29 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\5914966008346d5e9341ba1f9d6d2760\System.Core.ni.dll
MOD - [2011/09/18 03:22:17 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cea5d9b8e3d6ff3bf3be32cf5fcbcd02\WindowsBase.ni.dll
MOD - [2011/09/18 03:22:17 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\456d5e9d3a0a37697ab28c150e9ac5b7\System.Runtime.Remoting.ni.dll
MOD - [2011/09/18 03:22:15 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b6a8747fc31bd7eb902b39f884665b21\IAStorUtil.ni.dll
MOD - [2011/09/18 03:22:14 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad9c2f4737e1e07fa774af31a7d74235\System.Windows.Forms.ni.dll
MOD - [2011/09/18 03:22:09 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eba4ec48e3f7f16864c6d96f510fafd9\System.Drawing.ni.dll
MOD - [2011/09/18 03:22:05 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33f90d6b27bac1977\System.Xml.ni.dll
MOD - [2011/09/18 03:22:02 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0bddc91cbf37d143f08f6684b2919566\System.Configuration.ni.dll
MOD - [2011/09/18 03:22:01 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da252243e673ac64b\System.ni.dll
MOD - [2011/09/18 03:21:57 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll
MOD - [2011/08/18 08:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/06/23 08:19:56 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/06/22 08:47:34 | 000,884,304 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
MOD - [2011/03/21 17:30:20 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/07/05 14:44:45 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Postbox Express\nsldap32v60.dll
MOD - [2010/07/05 14:44:45 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Postbox Express\nsldappr32v60.dll
MOD - [2009/10/15 02:10:44 | 001,169,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
MOD - [2009/10/15 02:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/10/15 02:10:16 | 000,588,272 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\BBEngineAS.dll
MOD - [2009/09/27 23:52:34 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2007/08/02 21:07:56 | 000,034,064 | ---- | M] () -- C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\DetMethod.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/08/18 08:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/12/22 09:21:09 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/11/27 00:55:44 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/07 18:38:15 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/05/05 21:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2010/04/28 22:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/21 20:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010/04/21 19:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/21 19:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/02/25 17:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\cchpx64.sys -- (ccHP)
DRV:64bit: - [2009/10/14 20:50:05 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symds64.sys -- (SymDS)
DRV:64bit: - [2009/07/30 20:58:42 | 000,236,544 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/26 05:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/09/09 10:44:05 | 001,152,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110920.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/08/23 00:17:32 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110924.030\IDSviA64.sys -- (IDSVia64)
DRV - [2011/08/03 20:00:03 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110926.003\EX64.SYS -- (NAVEX15)
DRV - [2011/08/03 20:00:03 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110926.003\ENG64.SYS -- (NAVENG)
DRV - [2011/07/27 17:58:03 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/07/27 17:58:03 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5E 68 F7 0C 7D 75 78 4B 84 C0 71 3A 40 E9 2C 2F [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.excite.com/"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2010.9.0.6
FF - prefs.js..extensions.enabledItems: {6847DFAE-037A-400c-A524-27F0A281B692}:2.2
FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm00384us&ptb=AFA208CE-D8E1-4F94-81FF-7A595A662933&psa=&ind=2011062414&ptnrS=YKxdm00384us&si=CP_nqNiOz6kCFaYZQgodhDAyfw&st=kwd&n=77de608e&searchfor="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 49333

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/07/21 05:29:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2011/09/26 14:51:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/06 15:46:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/06 15:46:38 | 000,000,000 | ---D | M]

[2011/03/12 16:16:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RoseyB\AppData\Roaming\Mozilla\Extensions
[2011/03/12 16:16:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RoseyB\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/09/25 22:47:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions
[2011/09/02 09:14:05 | 000,000,000 | ---D | M] (Toolbar - Big Fish Games) -- C:\Users\RoseyB\AppData\Roaming\Mozilla\Firefox\Profiles\yzit0tbc.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}
[2011/03/07 18:46:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/09/26 14:51:25 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\COFFPLGN_2010_9_0_6
[2011/07/21 05:29:48 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPLGN

O1 HOSTS File: ([2011/09/26 05:25:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Reg Error: Value error.) - {0CF7685E-757D-4B78-84C0-713A40E92C2f} - C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-032.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Toolbar - Big Fish Games) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files (x86)\bfgbartb\BfgBarDx.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Toolbar - Big Fish Games) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files (x86)\bfgbartb\BfgBarDx.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKCU..\Run: [NortonUpdateAgent] C:\ProgramData\Norton\NUA.exe (Symantec Corporation)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - Startup: C:\Users\RoseyB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\RoseyB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinner.com/games/v41/hangman/hangman.cab (Hangman Control)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7490A99-8BD1-40F5-B707-37E22507E905}: DhcpNameServer = 68.87.69.150 68.87.85.102
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/26 16:26:27 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\RoseyB\Desktop\OTL.exe
[2011/09/26 15:06:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/09/26 14:42:11 | 000,000,000 | ---D | C] -- C:\Users\RoseyB\AppData\Roaming\Malwarebytes
[2011/09/26 14:42:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/26 14:42:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/26 14:42:02 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/09/26 14:42:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/09/26 14:40:19 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\RoseyB\Desktop\mbam-setup-1.51.2.1300.exe
[2011/09/26 05:30:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/09/26 05:26:01 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/09/24 10:52:33 | 004,223,304 | R--- | C] (Swearware) -- C:\Users\RoseyB\Desktop\ComboFix.exe
[2011/09/22 07:54:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/22 07:54:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/22 07:54:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/22 07:41:59 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/22 07:38:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/22 07:37:05 | 004,223,304 | R--- | C] (Swearware) -- C:\Users\RoseyB\Documents\ComboFix.exe
[2011/09/21 15:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\BC Soft Games
[2011/09/21 15:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Magicians Handbook - Cursed Valley
[2011/09/21 15:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Magicians Handbook - Cursed Valley
[2011/09/16 11:38:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2011/09/16 11:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/09/16 11:24:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/09/12 17:55:08 | 000,000,000 | ---D | C] -- C:\Users\RoseyB\AppData\Roaming\Vast Studios
[2011/09/12 17:54:18 | 000,000,000 | ---D | C] -- C:\Users\RoseyB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cursed Memories - The Secret of Agony Creek Collector's Edition
[2011/09/12 17:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cursed Memories - The Secret of Agony Creek Collector's Edition
[2011/09/12 17:54:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cursed Memories - The Secret of Agony Creek Collector's Edition
[2011/09/10 19:21:02 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/09/10 19:18:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/09/02 09:24:03 | 000,000,000 | ---D | C] -- C:\Users\RoseyB\AppData\Roaming\Gamers Digital
[2011/09/02 09:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Gamers Digital
[2011/09/02 09:23:21 | 000,000,000 | ---D | C] -- C:\Users\RoseyB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Real Crimes - Jack the Ripper
[2011/09/02 09:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Crimes - Jack the Ripper
[2011/09/02 09:23:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real Crimes - Jack the Ripper
[2011/09/02 09:14:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\bfgbartb
[2011/08/28 19:38:49 | 000,000,000 | ---D | C] -- C:\Users\RoseyB\AppData\Roaming\Vogat Interactive
[2011/08/28 19:38:02 | 000,000,000 | ---D | C] -- C:\Users\RoseyB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FACES
[2011/08/28 19:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FACES
[2011/08/28 19:38:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FACES

========== Files - Modified Within 30 Days ==========

[2011/09/26 16:26:30 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\RoseyB\Desktop\OTL.exe
[2011/09/26 15:24:55 | 000,001,940 | ---- | M] () -- C:\Users\RoseyB\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/09/26 14:58:55 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/26 14:58:55 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/26 14:51:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/26 14:50:43 | 2388,381,696 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/26 14:42:05 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/26 14:40:26 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\RoseyB\Desktop\mbam-setup-1.51.2.1300.exe
[2011/09/26 05:28:36 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/09/26 05:25:57 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/09/22 07:38:05 | 004,223,304 | R--- | M] (Swearware) -- C:\Users\RoseyB\Documents\ComboFix.exe
[2011/09/22 07:38:05 | 004,223,304 | R--- | M] (Swearware) -- C:\Users\RoseyB\Desktop\ComboFix.exe
[2011/09/21 15:17:33 | 000,001,306 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2011/09/21 15:17:32 | 000,002,223 | ---- | M] () -- C:\Users\Public\Desktop\Play The Magicians Handbook - Cursed Valley.lnk
[2011/09/20 19:19:44 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/09/20 19:19:44 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/09/18 03:07:01 | 000,740,772 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/18 03:07:01 | 000,624,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/18 03:07:01 | 000,106,502 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/16 11:38:55 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/09/14 03:01:31 | 000,743,066 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/12 17:54:45 | 000,002,390 | ---- | M] () -- C:\Users\Public\Desktop\Play Cursed Memories - The Secret of Agony Creek Collector's Edition.lnk
[2011/09/10 19:21:01 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/09/06 15:26:29 | 000,003,584 | ---- | M] () -- C:\Users\RoseyB\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/02 09:23:42 | 000,002,096 | ---- | M] () -- C:\Users\Public\Desktop\Play Real Crimes - Jack the Ripper.lnk
[2011/09/02 09:13:45 | 000,000,059 | ---- | M] () -- C:\ProgramData\user.ini
[2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/08/28 19:38:22 | 000,001,860 | ---- | M] () -- C:\Users\Public\Desktop\Play FACES.lnk

========== Files Created - No Company Name ==========

[2011/09/26 14:42:05 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/22 07:54:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/22 07:54:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/22 07:54:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/22 07:54:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/22 07:54:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/21 15:17:32 | 000,002,223 | ---- | C] () -- C:\Users\Public\Desktop\Play The Magicians Handbook - Cursed Valley.lnk
[2011/09/16 11:38:55 | 000,001,976 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/09/16 11:33:34 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/09/13 19:20:01 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/09/13 19:20:01 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/09/12 17:54:45 | 000,002,390 | ---- | C] () -- C:\Users\Public\Desktop\Play Cursed Memories - The Secret of Agony Creek Collector's Edition.lnk
[2011/09/12 17:54:45 | 000,001,306 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2011/09/06 15:26:29 | 000,003,584 | ---- | C] () -- C:\Users\RoseyB\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/02 09:23:42 | 000,002,096 | ---- | C] () -- C:\Users\Public\Desktop\Play Real Crimes - Jack the Ripper.lnk
[2011/09/02 09:13:45 | 000,000,059 | ---- | C] () -- C:\ProgramData\user.ini
[2011/08/28 19:38:22 | 000,001,860 | ---- | C] () -- C:\Users\Public\Desktop\Play FACES.lnk
[2011/05/18 16:40:17 | 000,001,940 | ---- | C] () -- C:\Users\RoseyB\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/04/10 16:27:59 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/23 18:12:25 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/03/23 18:12:25 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/12/22 10:57:15 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 239 bytes -> C:\ProgramData\TEMP:93F3E4C9
@Alternate Data Stream - 238 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 237 bytes -> C:\ProgramData\TEMP:53B8C5D2
@Alternate Data Stream - 235 bytes -> C:\ProgramData\TEMP:E732B44B
@Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:DBC3D477
@Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:553056F1
@Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:F89F2593
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:D055FC10
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:BACD3198
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:4EFA2FC7
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:EC2381A4
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:BDCD8531
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:A3251D01
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:24C072FF
@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:2BC498A4
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:98982C88
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:8B4B9596
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:5EF1AD34
@Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:D31BE97C
@Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:9BB8C675
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:6A0A47E7
@Alternate Data Stream - 214 bytes -> C:\ProgramData\TEMP:2F141B68
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:7C412B92
@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:0AC32449
@Alternate Data Stream - 202 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:7776B809
@Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:FB97DB91
@Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:78E0DF72
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:34FB96D1
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:A4E7D25F
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:A9056F42
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:2ADC9FB3
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:943971F5
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:CC6A54A8

< End of report >


OTL Extras logfile created on: 9/26/2011 4:28:14 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\RoseyB\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 44.63% Memory free
5.93 Gb Paging File | 4.22 Gb Available in Paging File | 71.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.84 Gb Total Space | 400.91 Gb Free Space | 87.95% Space Free | Partition Type: NTFS
Drive D: | 3.96 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ROSEYB-PC | User Name: RoseyB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{18155797-EF2E-4699-9A16-FE787C4C10DB}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java™ 6 Update 21 (64-bit)
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"HDMI" = Intel® Graphics Media Accelerator Driver
"HitmanPro35" = Hitman Pro 3.5
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0346D86C-D5F6-41FF-949B-01329CA424ED}" = Mysteries of Cleopatra
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{15803703-25FA-4C01-A062-3F4A59937E87}" = PhotoImpact X3
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{2A0F2CC5-3065-492C-8380-B03AA7106B1A}" = Dell Product Registration
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119848740}" = Haunted Halls - Green Hills Sanitarium
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11996780}" = Amazing Adventures - The Forgotten Dynasty
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A54F806B-A2E1-4794-A7FE-365167EC67CB}" = Masque IGT Slots Little Green Men
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C8BC0A-B0E7-4F39-848C-C5B06021B702}" = Hidden Mysteries - White House
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1D29E40-F7AA-43FE-95F3-C27538B6EC9B}" = Reel Deal Slots Adventure
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AudibleManager" = AudibleManager
"bfgbartb" = Toolbar - Big Fish Games
"BFGC" = Big Fish Games: Game Manager
"BFG-Can You See What I See" = Can You See What I See?
"BFG-Cursed Memories - The Secret of Agony Creek Collector's Edition" = Cursed Memories: The Secret of Agony Creek Collector's Edition
"BFG-Escape Rosecliff Island" = Escape Rosecliff Island
"BFG-Escape the Museum" = Escape the Museum
"BFG-FACES" = F.A.C.E.S.
"BFG-Fairway Solitaire" = Fairway Solitaire
"BFG-Fishdom H2O - Hidden Odyssey" = Fishdom H2O: Hidden Odyssey ™
"BFG-G.H.O.S.T. Hunters - The Haunting of Majesty Manor" = G.H.O.S.T. Hunters: The Haunting of Majesty Manor
"BFG-Hidden Expedition - Amazon" = Hidden Expedition &reg;: Amazon
"BFG-Hidden Expedition - The Uncharted Islands Collector's Edition" = Hidden Expedition: The Uncharted Islands Collector's Edition
"BFG-Margrave - The Curse of the Severed Heart" = Margrave: The Curse of the Severed Heart
"BFG-Margrave Manor 2 - The Lost Ship" = Margrave Manor 2: The Lost Ship
"BFG-Musaic Box" = Musaic Box
"BFG-Mystery Case Files - 13th Skull Collector's Edition" = Mystery Case Files &reg;: 13th Skull ™ Collector's Edition
"BFG-Mystery Case Files - Madame Fate" = Mystery Case Files: Madame Fate &reg;
"BFG-Mystery Case Files - Prime Suspects" = Mystery Case Files: Prime Suspects ™
"BFG-Mystery Case Files - Ravenhearst" = Mystery Case Files: Ravenhearst &reg;
"BFG-Mystery Case Files - Return to Ravenhearst" = Mystery Case Files: Return to Ravenhearst ™
"BFG-Mystery Trackers - Raincliff" = Mystery Trackers: Raincliff
"BFG-Mystery Trackers - The Void" = Mystery Trackers: The Void
"BFG-Nightfall Mysteries - Curse of the Opera" = Nightfall Mysteries: Curse of the Opera
"BFG-Phantasmat Collector's Edition" = Phantasmat Collector's Edition
"BFG-Real Crimes - Jack the Ripper" = Real Crimes: Jack the Ripper
"BFG-Redrum" = Redrum ™
"BFG-Secrets of Great Art" = Secrets of Great Art
"BFG-Secrets of the Dark - Temple of Night Collector's Edition" = Secrets of the Dark: Temple of Night Collector's Edition
"BFG-Shadow Wolf Mysteries - Curse of the Full Moon Collector's Edition" = Shadow Wolf Mysteries: Curse of the Full Moon Collector's Edition
"BFG-The Magicians Handbook - Cursed Valley" = The Magicians Handbook: Cursed Valley
"BFG-Timeless - The Forgotten Town Collector's Edition" = Timeless: The Forgotten Town Collector's Edition
"BFG-Treasure Seekers - Follow the Ghosts" = Treasure Seekers: Follow the Ghosts
"BFG-Voodoo Whisperer - Curse of a Legend" = Voodoo Whisperer: Curse of a Legend
"Dell Dock" = Dell Dock
"ESET Online Scanner" = ESET Online Scanner v3
"GoToAssist" = GoToAssist 8.0.0.514
"Hidden Mysteries Titanic" = Hidden Mysteries Titanic
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = PhotoImpact X3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox (3.6.22)" = Mozilla Firefox (3.6.22)
"N360" = Norton Security Suite
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Postbox Express (1.0.1)" = Postbox Express (1.0.1)
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"48e4cff94f039634" = Best Buy pc app

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/14/2011 6:05:09 AM | Computer Name = RoseyB-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 9/14/2011 6:05:45 AM | Computer Name = RoseyB-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.

Error - 9/14/2011 11:55:55 PM | Computer Name = RoseyB-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 9/15/2011 5:52:25 AM | Computer Name = RoseyB-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 9/15/2011 5:52:57 AM | Computer Name = RoseyB-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.

Error - 9/16/2011 2:15:05 AM | Computer Name = RoseyB-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 9/16/2011 1:35:14 PM | Computer Name = RoseyB-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 9/17/2011 9:14:37 AM | Computer Name = RoseyB-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 9/17/2011 9:34:58 AM | Computer Name = RoseyB-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 9/17/2011 9:35:30 AM | Computer Name = RoseyB-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.

[ Dell Events ]
Error - 3/7/2011 8:04:43 PM | Computer Name = RoseyB-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 3/7/2011 8:04:43 PM | Computer Name = RoseyB-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 3/19/2011 8:09:19 PM | Computer Name = RoseyB-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 3/19/2011 8:09:19 PM | Computer Name = RoseyB-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/3/2011 7:47:13 PM | Computer Name = RoseyB-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/3/2011 7:47:13 PM | Computer Name = RoseyB-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/10/2011 7:47:39 PM | Computer Name = RoseyB-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/10/2011 7:47:39 PM | Computer Name = RoseyB-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/17/2011 7:47:52 PM | Computer Name = RoseyB-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ System Events ]
Error - 9/22/2011 11:01:20 AM | Computer Name = RoseyB-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 9/22/2011 11:02:04 AM | Computer Name = RoseyB-PC | Source = bowser | ID = 8003
Description =

Error - 9/22/2011 11:06:47 AM | Computer Name = RoseyB-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 9/22/2011 11:14:04 AM | Computer Name = RoseyB-PC | Source = bowser | ID = 8003
Description =

Error - 9/22/2011 11:50:06 AM | Computer Name = RoseyB-PC | Source = bowser | ID = 8003
Description =

Error - 9/22/2011 12:14:02 PM | Computer Name = RoseyB-PC | Source = bowser | ID = 8003
Description =

Error - 9/22/2011 12:49:56 PM | Computer Name = RoseyB-PC | Source = bowser | ID = 8003
Description =

Error - 9/22/2011 4:16:54 PM | Computer Name = RoseyB-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the IPBusEnum service.

Error - 9/22/2011 4:26:15 PM | Computer Name = RoseyB-PC | Source = bowser | ID = 8003
Description =

Error - 9/22/2011 4:50:16 PM | Computer Name = RoseyB-PC | Source = bowser | ID = 8003
Description =


< End of report >





computer running good so far.
Thank You

#10 thcbytes

thcbytes

  • Members
  • 12,471 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:11 AM

Posted 27 September 2011 - 07:41 PM

Your welcome! And thanks for the timely replies. Looking good. Almost there.

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :OTL
    FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm00384us&ptb=AFA208CE-D8E1-4F94-81FF-7A595A662933&psa=&ind=2011062414&ptnrS=YKxdm00384us&si=CP_nqNiOz6kCFaYZQgodhDAyfw&st=kwd&n=77de608e&searchfor="
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 49333
    @Alternate Data Stream - 239 bytes -> C:\ProgramData\TEMP:93F3E4C9
    @Alternate Data Stream - 238 bytes -> C:\ProgramData\TEMP:8E5EA40F
    @Alternate Data Stream - 237 bytes -> C:\ProgramData\TEMP:53B8C5D2
    @Alternate Data Stream - 235 bytes -> C:\ProgramData\TEMP:E732B44B
    @Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:DBC3D477
    @Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:553056F1
    @Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:F89F2593
    @Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:D055FC10
    @Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:BACD3198
    @Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:4EFA2FC7
    @Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:EC2381A4
    @Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:BDCD8531
    @Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:A3251D01
    @Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:24C072FF
    @Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:C22674B6
    @Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:2BC498A4
    @Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:98982C88
    @Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:8B4B9596
    @Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:5EF1AD34
    @Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:D31BE97C
    @Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:9BB8C675
    @Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:6A0A47E7
    @Alternate Data Stream - 214 bytes -> C:\ProgramData\TEMP:2F141B68
    @Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:7C412B92
    @Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:0AC32449
    @Alternate Data Stream - 202 bytes -> C:\ProgramData\TEMP:260575F1
    @Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:7776B809
    @Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:FB97DB91
    @Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:78E0DF72
    @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:34FB96D1
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:A4E7D25F
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:A9056F42
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:2ADC9FB3
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:943971F5
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:CC6A54A8
    
    :Commands
    [emptytemp]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

==========

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://organdonor.gov/index.html

#11 SPSDUDE

SPSDUDE
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 28 September 2011 - 09:52 AM

All processes killed
========== OTL ==========
Prefs.js: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm00384us&ptb=AFA208CE-D8E1-4F94-81FF-7A595A662933&psa=&ind=2011062414&ptnrS=YKxdm00384us&si=CP_nqNiOz6kCFaYZQgodhDAyfw&st=kwd&n=77de608e&searchfor=" removed from keyword.URL
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 49333 removed from network.proxy.http_port
ADS C:\ProgramData\TEMP:93F3E4C9 deleted successfully.
ADS C:\ProgramData\TEMP:8E5EA40F deleted successfully.
ADS C:\ProgramData\TEMP:53B8C5D2 deleted successfully.
ADS C:\ProgramData\TEMP:E732B44B deleted successfully.
ADS C:\ProgramData\TEMP:DBC3D477 deleted successfully.
ADS C:\ProgramData\TEMP:553056F1 deleted successfully.
ADS C:\ProgramData\TEMP:F89F2593 deleted successfully.
ADS C:\ProgramData\TEMP:D055FC10 deleted successfully.
ADS C:\ProgramData\TEMP:BACD3198 deleted successfully.
ADS C:\ProgramData\TEMP:4EFA2FC7 deleted successfully.
ADS C:\ProgramData\TEMP:EC2381A4 deleted successfully.
ADS C:\ProgramData\TEMP:BDCD8531 deleted successfully.
ADS C:\ProgramData\TEMP:A3251D01 deleted successfully.
ADS C:\ProgramData\TEMP:24C072FF deleted successfully.
ADS C:\ProgramData\TEMP:C22674B6 deleted successfully.
ADS C:\ProgramData\TEMP:2BC498A4 deleted successfully.
ADS C:\ProgramData\TEMP:98982C88 deleted successfully.
ADS C:\ProgramData\TEMP:8B4B9596 deleted successfully.
ADS C:\ProgramData\TEMP:5EF1AD34 deleted successfully.
ADS C:\ProgramData\TEMP:D31BE97C deleted successfully.
ADS C:\ProgramData\TEMP:9BB8C675 deleted successfully.
ADS C:\ProgramData\TEMP:6A0A47E7 deleted successfully.
ADS C:\ProgramData\TEMP:2F141B68 deleted successfully.
ADS C:\ProgramData\TEMP:7C412B92 deleted successfully.
ADS C:\ProgramData\TEMP:0AC32449 deleted successfully.
ADS C:\ProgramData\TEMP:260575F1 deleted successfully.
ADS C:\ProgramData\TEMP:7776B809 deleted successfully.
ADS C:\ProgramData\TEMP:FB97DB91 deleted successfully.
ADS C:\ProgramData\TEMP:78E0DF72 deleted successfully.
ADS C:\ProgramData\TEMP:34FB96D1 deleted successfully.
ADS C:\ProgramData\TEMP:A4E7D25F deleted successfully.
ADS C:\ProgramData\TEMP:A9056F42 deleted successfully.
ADS C:\ProgramData\TEMP:2ADC9FB3 deleted successfully.
ADS C:\ProgramData\TEMP:943971F5 deleted successfully.
ADS C:\ProgramData\TEMP:CC6A54A8 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: RoseyB
->Temp folder emptied: 32147 bytes
->Temporary Internet Files folder emptied: 48353206 bytes
->Java cache emptied: 332500447 bytes
->FireFox cache emptied: 61582380 bytes
->Flash cache emptied: 63155 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 422.00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 09282011_071433

Files\Folders moved on Reboot...
File\Folder C:\Users\RoseyB\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
C:\Users\RoseyB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TEIGKS23\dmm[1].htm moved successfully.
C:\Users\RoseyB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TEIGKS23\gca_iframe[1].htm moved successfully.
C:\Users\RoseyB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R12RL9SC\dmm[1].htm moved successfully.
C:\Users\RoseyB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OL8R8HKH\dmm[1].htm moved successfully.
C:\Users\RoseyB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M23BOW60\excite_com[2].htm moved successfully.
C:\Users\RoseyB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M23BOW60\topic419506[1].html moved successfully.
C:\Users\RoseyB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ABTY0PU1\afr[1].htm moved successfully.
C:\Users\RoseyB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ABTY0PU1\emily[1].html moved successfully.
C:\Users\RoseyB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4Q1JNVR9\ads[1].htm moved successfully.
C:\Users\RoseyB\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...


Have removed old versions of Java and installed the new version.

Thanks

#12 thcbytes

thcbytes

  • Members
  • 12,471 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:11 AM

Posted 28 September 2011 - 07:55 PM

Hello,

Congratulations! You now appear clean!

**********

Please pay particularly close attention to the instructions that follow. To neglect these steps risk needless reinfection!!

**********

Are things running okay? Do you have any more questions?

**********

  • Press the Windows Key + R on your keyboard.
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall


    Posted Image

  • The following will implement some very important cleanup procedures as well as reset System Restore points.

**********

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :Commands
    [CLEARALLRESTOREPOINTS]
    [resethosts]
    [emptytemp]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.


**********

Run OTL again

We will now remove the tools we used during this fix using OTL.
  • Double click the OTL icon to start the program.
  • Then Click the big Posted Image button.
  • Restart your computer when prompted.

**********

Please right click and delete any tools we downloaded for cleanup. Do not forget to turn your AV's real-time protection back on.

**********

Recommendations


Below are some recommendations to lower your chances of (re)infection.


  • Have one antivirus application installed and running at all times.

  • Avoid file sharing, P2P, illegal downloads or rogue sites. This is a sure way to get severely infected.

  • Install an Anti-Spyware program, and update it regularly

    Malwarebytes' Anti-Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.

    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.

  • Prevention article : To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

  • Keep your other software up to date as well. Periodically run the Secunia Online Software Inspector (OSI).

  • Consider Firefox as your primary browser. Its safer, fast and secure!

  • Install WOT. Never inadvertently surf to a dangerous website again.

  • Install NoScript. Pre-emptively blocks malicious scripts and allows JavaScript, Java and other potentially dangerous content only from sites you trust.

  • Stay up to date!

    Again the MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.

Good luck & safe surfing,
Kind Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://organdonor.gov/index.html

#13 SPSDUDE

SPSDUDE
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 29 September 2011 - 09:15 PM

Thank you so much for your help. Will look at the additional programs you recommend. I had thought we were keeping up to date and where safe but will be more alert to such things in the future. Thank you again for your help.
p.s. my wife wanted you to know we are organ donors. thanks again.

#14 thcbytes

thcbytes

  • Members
  • 12,471 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:11 AM

Posted 30 September 2011 - 12:28 PM

Your welcome. My pleasure assisting you.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://organdonor.gov/index.html

#15 thcbytes

thcbytes

  • Members
  • 12,471 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:11 AM

Posted 30 September 2011 - 12:28 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://organdonor.gov/index.html




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users