Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Redirect Virus/Root infection/Trojan/ Malware


  • This topic is locked This topic is locked
29 replies to this topic

#1 GTL

GTL

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 15 March 2012 - 05:55 PM

Hi Everyone,

For a few days now, I have been battling a search redirect problem. The problem exist in both Chrome (main Browser) as well as IE (2ndary), on Google searches (primary) and Yahoo Searches (2ndary). I read a couple of searches on this forum and read some good support so I want to see if you can help me. Previously I have ran various Anti spy/malware/virus program, registry cleaners, and TDSS cleaner with no success. This is a list of things I've tried:

TDSS killer
Search and Destroy
Hitman Pro 3.6
CCleaner
AVG free edition
Microsoft Essential (uninstalled)
Malwarebyte (uninstalled)
Symmetic
Reset Router
Finding Host Files
Tried Finding problems on regedit

I have yet to use Combo Fix as it was advised to use under supervision. I also have not reformat the computer. I would appreciate your help on this matter, because though I've learn more about computers in general, I couldn't fix the problem.

As suggested by the Prep Guide, I installed DDS and GMER. I have both DDS Files and will post the DDS txt but not the Attach txt, but when I try to run GMER, some of the fields were grayed out when I run the .exe, thus I did not proceed with that process.

DDS txt
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Gil at 15:29:15 on 2012-03-15
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2038.740 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Gil\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Gil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Gil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\prevhost.exe
C:\Users\Gil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Users\Gil\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://blekko.com?source=c3348dd4&tbp=homepage&toolbarid=blekkotb&u=20120312787744C39309C6D7BFB8A44D
mWinlogon: Userinit=userinit.exe
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Updater For Spam Free Search Bar: {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll
BHO: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: ExplorerBHO Class: {449d0d6e-2412-4e61-b68f-1cb625cd9e52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\SPYBOT~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Classic Explorer Bar: {553891b7-a0d5-4526-be18-d3ce461d6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll
uRun: [Google Update] "C:\Users\Gil\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Spybot - Search & Destroy\TeaTimer.exe
uRun: [googletalk] C:\Users\Gil\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [AdobeBridge]
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
dRun: [Update] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Microsoft\klzgc.dll",DllRegisterServer
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{912CCE47-15D8-4F17-BCFB-75629AA58C94} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{912CCE47-15D8-4F17-BCFB-75629AA58C94}\2375942554038373 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{912CCE47-15D8-4F17-BCFB-75629AA58C94}\2384F4D454532393 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{912CCE47-15D8-4F17-BCFB-75629AA58C94}\84972757C6560234163747C656 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{912CCE47-15D8-4F17-BCFB-75629AA58C94}\C496371697F6 : DhcpNameServer = 192.168.50.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Updater For Spam Free Search Bar: {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll
BHO-X64: Updater For Spam Free Search Bar - No File
BHO-X64: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll
BHO-X64: Spam Free Search Bar - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB-X64: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-10-14 1612392]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-7-3 1038088]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-03-15 21:55:44 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-15 08:41:04 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-03-15 07:28:17 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-15 00:18:37 -------- d-----w- C:\Windows\pss
2012-03-14 23:12:33 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-14 22:24:30 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2012-03-14 21:59:38 -------- d-----w- C:\Program Files\HitmanPro
2012-03-14 21:59:17 -------- d-----w- C:\ProgramData\HitmanPro
2012-03-14 10:03:35 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 10:03:33 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 10:03:32 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 10:03:27 -------- d-----w- C:\Users\Gil\AppData\Roaming\AVG2012
2012-03-14 09:59:49 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 09:59:45 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 09:59:45 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 09:51:43 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BF1622A2-A493-4753-84F2-2DA4F9F63506}\mpengine.dll
2012-03-14 09:50:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 09:50:27 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 09:50:27 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 09:50:08 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 09:50:08 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 09:50:07 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 09:50:07 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 09:49:04 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-03-14 09:46:17 -------- d-----w- C:\Program Files\CCleaner
2012-03-13 06:02:47 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2012-03-13 05:59:13 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-03-13 03:42:19 -------- d-----w- C:\Users\Gil\AppData\Local\blekkotb
2012-03-13 03:15:48 -------- d-----w- C:\Users\Gil\AppData\Roaming\AVG
2012-03-13 00:20:21 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-03-13 00:20:19 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-03-13 00:20:19 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-03-13 00:20:12 -------- d--h--w- C:\ProgramData\Common Files
2012-03-13 00:19:00 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-03-13 00:19:00 -------- d-----w- C:\ProgramData\AVG2012
2012-03-13 00:18:12 -------- d-----w- C:\Program Files (x86)\AVG
2012-03-13 00:03:38 -------- d-----w- C:\ProgramData\MFAData
2012-03-12 23:52:55 -------- d-----w- C:\Program Files (x86)\1-Click PC Fix v4
2012-03-12 23:52:39 -------- d-----w- C:\ProgramData\Anti-phishing Domain Advisor
2012-03-12 23:52:34 -------- d-----w- C:\Program Files (x86)\blekkotb
2012-03-09 18:50:27 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2012-03-09 18:50:26 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2012-03-08 23:10:33 -------- d-----w- C:\Down
2012-03-08 23:10:09 -------- d-----w- C:\Perfect World Entertainment
2012-03-08 23:09:55 -------- d-----w- C:\Windyzone
2012-03-08 23:07:59 529424 ----a-w- C:\Windows\System32\d3dx10_37.dll
.
==================== Find3M ====================
.
2012-03-01 21:38:21 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 17:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 15:30:15.47 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:04 AM

Posted 16 March 2012 - 02:13 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Backup The Computer!!

If you have not done it yet spend a few minutes to backup the computer. Removing malware can be unpredictable and this may save you and me allot of grief later.

There is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the computer backed up you may do the following.


Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 GTL

GTL
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 16 March 2012 - 02:15 PM

At the moment, I ran ComboFix and have the txt. ComboFix restarted my computer but now whenever I start a program, it would respond with "Illegal operation attempted on a registry key that was marked for deletion". I'm currently on a separate computer.

Combo Fix Log

ComboFix 12-03-16.03 - Gil 03/16/2012 11:48:52.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2038.923 [GMT -7:00]
Running from: c:\users\Gil\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Gil\g2mdlhlpx.exe
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Microsoft\klzgc.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-02-16 to 2012-03-16 )))))))))))))))))))))))))))))))
.
.
2012-03-16 18:53 . 2012-03-16 18:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-16 18:53 . 2012-03-16 18:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-15 21:55 . 2012-03-15 21:55 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-15 21:55 . 2012-03-15 21:55 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-15 21:55 . 2012-03-15 21:55 -------- d-----w- c:\program files (x86)\Java
2012-03-15 08:41 . 2012-03-15 08:41 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-03-15 07:28 . 2012-03-15 07:28 -------- d-----w- c:\programdata\Malwarebytes
2012-03-14 23:12 . 2012-03-14 23:45 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-14 22:24 . 2012-03-14 22:24 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-03-14 21:59 . 2012-03-14 21:59 -------- d-----w- c:\program files\HitmanPro
2012-03-14 21:59 . 2012-03-14 22:24 -------- d-----w- c:\programdata\HitmanPro
2012-03-14 10:03 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 10:03 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 10:03 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 09:59 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 09:59 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 09:59 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 09:51 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF1622A2-A493-4753-84F2-2DA4F9F63506}\mpengine.dll
2012-03-14 09:50 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 09:50 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 09:50 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 09:50 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 09:50 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 09:50 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:50 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 09:49 . 2012-03-14 10:00 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-03-14 09:46 . 2012-03-14 09:46 -------- d-----w- c:\program files\CCleaner
2012-03-13 06:02 . 2012-03-13 06:02 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2012-03-13 05:59 . 2012-03-13 05:59 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-03-13 05:59 . 2012-03-13 05:59 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-03-13 03:42 . 2012-03-13 03:43 -------- d-----w- c:\users\Gil\AppData\Local\blekkotb
2012-03-13 03:15 . 2012-03-13 03:22 -------- d-----w- c:\users\Gil\AppData\Roaming\AVG
2012-03-13 00:20 . 2012-03-13 00:20 -------- d-----w- c:\programdata\AVG Secure Search
2012-03-13 00:20 . 2012-03-14 09:05 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-03-13 00:20 . 2012-03-14 09:05 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-03-13 00:20 . 2012-03-13 00:20 -------- d--h--w- c:\programdata\Common Files
2012-03-13 00:19 . 2012-03-16 16:38 -------- d-----w- c:\windows\system32\drivers\AVG
2012-03-13 00:19 . 2012-03-14 09:58 -------- d-----w- c:\programdata\AVG2012
2012-03-13 00:18 . 2012-03-14 08:51 -------- d-----w- c:\program files (x86)\AVG
2012-03-13 00:03 . 2012-03-16 16:38 -------- d-----w- c:\programdata\MFAData
2012-03-12 23:52 . 2012-03-13 00:03 -------- d-----w- c:\program files (x86)\1-Click PC Fix v4
2012-03-12 23:52 . 2012-03-15 21:09 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2012-03-12 23:52 . 2012-03-14 09:05 -------- d-----w- c:\program files (x86)\blekkotb
2012-03-12 19:11 . 2012-03-12 19:11 -------- d-----w- c:\windows\Sun
2012-03-09 18:50 . 2010-05-26 19:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-03-09 18:50 . 2010-05-26 19:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-03-08 23:10 . 2012-03-08 23:10 -------- d-----w- C:\Down
2012-03-08 23:10 . 2012-03-14 08:51 -------- d-----w- C:\Perfect World Entertainment
2012-03-08 23:09 . 2012-03-14 09:02 -------- d-----w- C:\Windyzone
2012-03-08 23:07 . 2008-03-06 00:04 489480 ----a-w- c:\windows\system32\XAudio2_0.dll
2012-03-01 21:38 . 2012-03-14 08:54 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 21:38 . 2011-06-26 10:02 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 17:18 . 2010-10-15 02:21 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 10:44 . 2012-02-14 22:02 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-14 22:02 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-14 22:01 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-14 22:01 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-14 22:01 498688 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6}]
2012-01-17 19:28 262312 ----a-w- c:\program files (x86)\blekkotb\auxi\blekkoAu.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]
2012-01-17 19:28 86696 ----a-w- c:\program files (x86)\blekkotb\blekkoDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{26c9e18c-3717-4be1-a225-04e4471f5b6e}"= "c:\program files (x86)\blekkotb\blekkoDx.dll" [2012-01-17 86696]
.
[HKEY_CLASSES_ROOT\clsid\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2010-07-29 14:15 316416 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\spybot - search & destroy\TeaTimer.exe" [2009-03-06 2260480]
"googletalk"="c:\users\Gil\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-08-29 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-01-17 232616]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Update"="c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Microsoft\klzgc.dll" [2012-03-12 312832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-07-04 1038088]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\Gil\AppData\Local\Temp\005B51C.tmp [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-05-22 1612392]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1538932294-3402737851-985490036-1000Core.job
- c:\users\Gil\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-15 02:48]
.
2012-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1538932294-3402737851-985490036-1000UA.job
- c:\users\Gil\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-15 02:48]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2010-07-29 14:15 378368 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1875048]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-07-09 282728]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2010-07-29 98304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://blekko.com?source=c3348dd4&tbp=homepage&toolbarid=blekkotb&u=20120312787744C39309C6D7BFB8A44D
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Gil\AppData\Local\Temp\005B51C.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
.
**************************************************************************
.
Completion time: 2012-03-16 12:01:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-16 19:01
.
Pre-Run: 235,115,581,440 bytes free
Post-Run: 234,743,169,024 bytes free
.
- - End Of File - - 9840FAA868FC9A6CD813A09922BB41E4

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:04 AM

Posted 16 March 2012 - 02:22 PM

Hello

4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**


Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer


I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Edited by gringo_pr, 16 March 2012 - 02:22 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 GTL

GTL
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 16 March 2012 - 02:47 PM

Sorry I didn't see that note

TDSS

12:30:23.0053 5004 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
12:30:23.0851 5004 ============================================================
12:30:23.0851 5004 Current date / time: 2012/03/16 12:30:23.0851
12:30:23.0851 5004 SystemInfo:
12:30:23.0851 5004
12:30:23.0851 5004 OS Version: 6.1.7601 ServicePack: 1.0
12:30:23.0851 5004 Product type: Workstation
12:30:23.0852 5004 ComputerName: GIL-PC
12:30:23.0852 5004 UserName: Gil
12:30:23.0852 5004 Windows directory: C:\Windows
12:30:23.0852 5004 System windows directory: C:\Windows
12:30:23.0852 5004 Running under WOW64
12:30:23.0852 5004 Processor architecture: Intel x64
12:30:23.0852 5004 Number of processors: 4
12:30:23.0852 5004 Page size: 0x1000
12:30:23.0852 5004 Boot type: Normal boot
12:30:23.0852 5004 ============================================================
12:30:24.0983 5004 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:30:24.0988 5004 \Device\Harddisk0\DR0:
12:30:24.0988 5004 MBR used
12:30:24.0988 5004 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x5E800, BlocksNum 0x177000
12:30:24.0988 5004 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5800, BlocksNum 0x24E57800
12:30:25.0015 5004 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x2502D800, BlocksNum 0x400800
12:30:25.0104 5004 Initialize success
12:30:25.0104 5004 ============================================================
12:30:28.0420 4820 ============================================================
12:30:28.0420 4820 Scan started
12:30:28.0420 4820 Mode: Manual;
12:30:28.0420 4820 ============================================================
12:30:29.0917 4820 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:30:29.0921 4820 1394ohci - ok
12:30:29.0976 4820 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:30:29.0981 4820 ACPI - ok
12:30:30.0018 4820 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:30:30.0020 4820 AcpiPmi - ok
12:30:30.0081 4820 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
12:30:30.0083 4820 adfs - ok
12:30:30.0161 4820 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:30:30.0170 4820 adp94xx - ok
12:30:30.0199 4820 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:30:30.0206 4820 adpahci - ok
12:30:30.0230 4820 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:30:30.0233 4820 adpu320 - ok
12:30:30.0270 4820 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:30:30.0277 4820 AFD - ok
12:30:30.0314 4820 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:30:30.0316 4820 agp440 - ok
12:30:30.0337 4820 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:30:30.0339 4820 aliide - ok
12:30:30.0361 4820 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:30:30.0362 4820 amdide - ok
12:30:30.0388 4820 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:30:30.0390 4820 AmdK8 - ok
12:30:30.0414 4820 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:30:30.0416 4820 AmdPPM - ok
12:30:30.0447 4820 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:30:30.0449 4820 amdsata - ok
12:30:30.0493 4820 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:30:30.0496 4820 amdsbs - ok
12:30:30.0526 4820 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:30:30.0528 4820 amdxata - ok
12:30:30.0566 4820 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:30:30.0568 4820 AppID - ok
12:30:30.0607 4820 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:30:30.0609 4820 arc - ok
12:30:30.0632 4820 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:30:30.0635 4820 arcsas - ok
12:30:30.0664 4820 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:30:30.0665 4820 AsyncMac - ok
12:30:30.0695 4820 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:30:30.0697 4820 atapi - ok
12:30:30.0750 4820 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
12:30:30.0753 4820 AVGIDSDriver - ok
12:30:30.0795 4820 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
12:30:30.0797 4820 AVGIDSEH - ok
12:30:30.0825 4820 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
12:30:30.0827 4820 AVGIDSFilter - ok
12:30:30.0899 4820 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
12:30:30.0903 4820 Avgldx64 - ok
12:30:30.0929 4820 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
12:30:30.0930 4820 Avgmfx64 - ok
12:30:30.0973 4820 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
12:30:30.0974 4820 Avgrkx64 - ok
12:30:30.0999 4820 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
12:30:31.0003 4820 Avgtdia - ok
12:30:31.0047 4820 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:30:31.0052 4820 b06bdrv - ok
12:30:31.0082 4820 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:30:31.0085 4820 b57nd60a - ok
12:30:31.0117 4820 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys
12:30:31.0118 4820 BCM42RLY - ok
12:30:31.0199 4820 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
12:30:31.0249 4820 BCM43XX - ok
12:30:31.0277 4820 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:30:31.0279 4820 Beep - ok
12:30:31.0318 4820 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:30:31.0320 4820 blbdrive - ok
12:30:31.0356 4820 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:30:31.0359 4820 bowser - ok
12:30:31.0380 4820 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:30:31.0382 4820 BrFiltLo - ok
12:30:31.0401 4820 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:30:31.0402 4820 BrFiltUp - ok
12:30:31.0443 4820 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:30:31.0445 4820 BridgeMP - ok
12:30:31.0494 4820 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:30:31.0499 4820 Brserid - ok
12:30:31.0523 4820 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:30:31.0525 4820 BrSerWdm - ok
12:30:31.0545 4820 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:30:31.0546 4820 BrUsbMdm - ok
12:30:31.0570 4820 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:30:31.0571 4820 BrUsbSer - ok
12:30:31.0601 4820 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:30:31.0603 4820 BTHMODEM - ok
12:30:31.0735 4820 catchme - ok
12:30:31.0763 4820 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:30:31.0766 4820 cdfs - ok
12:30:31.0806 4820 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:30:31.0810 4820 cdrom - ok
12:30:31.0873 4820 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:30:31.0875 4820 circlass - ok
12:30:31.0918 4820 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:30:31.0925 4820 CLFS - ok
12:30:31.0996 4820 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:30:31.0998 4820 CmBatt - ok
12:30:32.0040 4820 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:30:32.0042 4820 cmdide - ok
12:30:32.0087 4820 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:30:32.0095 4820 CNG - ok
12:30:32.0119 4820 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:30:32.0121 4820 Compbatt - ok
12:30:32.0164 4820 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:30:32.0166 4820 CompositeBus - ok
12:30:32.0198 4820 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:30:32.0200 4820 crcdisk - ok
12:30:32.0268 4820 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
12:30:32.0276 4820 CSC - ok
12:30:32.0330 4820 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:30:32.0333 4820 DfsC - ok
12:30:32.0359 4820 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:30:32.0361 4820 discache - ok
12:30:32.0384 4820 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:30:32.0386 4820 Disk - ok
12:30:32.0430 4820 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:30:32.0432 4820 drmkaud - ok
12:30:32.0487 4820 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:30:32.0514 4820 DXGKrnl - ok
12:30:32.0561 4820 e1kexpress (711405da1fbc40b820db5a2b4dd939f0) C:\Windows\system32\DRIVERS\e1k62x64.sys
12:30:32.0566 4820 e1kexpress - ok
12:30:32.0596 4820 EagleX64 - ok
12:30:32.0686 4820 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:30:32.0765 4820 ebdrv - ok
12:30:32.0858 4820 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:30:32.0864 4820 elxstor - ok
12:30:32.0898 4820 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:30:32.0899 4820 ErrDev - ok
12:30:32.0936 4820 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:30:32.0939 4820 exfat - ok
12:30:32.0963 4820 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:30:32.0967 4820 fastfat - ok
12:30:32.0994 4820 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:30:32.0996 4820 fdc - ok
12:30:33.0030 4820 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:30:33.0032 4820 FileInfo - ok
12:30:33.0050 4820 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:30:33.0052 4820 Filetrace - ok
12:30:33.0084 4820 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:30:33.0086 4820 flpydisk - ok
12:30:33.0128 4820 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:30:33.0133 4820 FltMgr - ok
12:30:33.0171 4820 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:30:33.0173 4820 FsDepends - ok
12:30:33.0194 4820 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:30:33.0196 4820 Fs_Rec - ok
12:30:33.0244 4820 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:30:33.0249 4820 fvevol - ok
12:30:33.0270 4820 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:30:33.0272 4820 gagp30kx - ok
12:30:33.0299 4820 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:30:33.0301 4820 hcw85cir - ok
12:30:33.0353 4820 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:30:33.0358 4820 HdAudAddService - ok
12:30:33.0389 4820 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:30:33.0391 4820 HDAudBus - ok
12:30:33.0434 4820 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:30:33.0436 4820 HidBatt - ok
12:30:33.0467 4820 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:30:33.0470 4820 HidBth - ok
12:30:33.0505 4820 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:30:33.0507 4820 HidIr - ok
12:30:33.0532 4820 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:30:33.0534 4820 HidUsb - ok
12:30:33.0568 4820 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:30:33.0571 4820 HpSAMD - ok
12:30:33.0615 4820 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:30:33.0627 4820 HTTP - ok
12:30:33.0661 4820 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:30:33.0663 4820 hwpolicy - ok
12:30:33.0707 4820 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:30:33.0710 4820 i8042prt - ok
12:30:33.0755 4820 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:30:33.0759 4820 iaStorV - ok
12:30:33.0789 4820 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:30:33.0791 4820 iirsp - ok
12:30:33.0849 4820 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:30:33.0851 4820 intelide - ok
12:30:33.0891 4820 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:30:33.0892 4820 intelppm - ok
12:30:33.0940 4820 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:30:33.0943 4820 IpFilterDriver - ok
12:30:33.0975 4820 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:30:33.0977 4820 IPMIDRV - ok
12:30:34.0005 4820 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:30:34.0008 4820 IPNAT - ok
12:30:34.0040 4820 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:30:34.0042 4820 IRENUM - ok
12:30:34.0078 4820 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:30:34.0081 4820 isapnp - ok
12:30:34.0106 4820 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:30:34.0109 4820 iScsiPrt - ok
12:30:34.0131 4820 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
12:30:34.0133 4820 kbdclass - ok
12:30:34.0157 4820 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
12:30:34.0159 4820 kbdhid - ok
12:30:34.0204 4820 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:30:34.0206 4820 KSecDD - ok
12:30:34.0228 4820 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:30:34.0230 4820 KSecPkg - ok
12:30:34.0248 4820 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:30:34.0250 4820 ksthunk - ok
12:30:34.0293 4820 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:30:34.0294 4820 lltdio - ok
12:30:34.0332 4820 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:30:34.0333 4820 LSI_FC - ok
12:30:34.0354 4820 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:30:34.0356 4820 LSI_SAS - ok
12:30:34.0376 4820 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:30:34.0380 4820 LSI_SAS2 - ok
12:30:34.0400 4820 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:30:34.0402 4820 LSI_SCSI - ok
12:30:34.0428 4820 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:30:34.0430 4820 luafv - ok
12:30:34.0462 4820 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:30:34.0463 4820 megasas - ok
12:30:34.0494 4820 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:30:34.0497 4820 MegaSR - ok
12:30:34.0526 4820 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:30:34.0528 4820 Modem - ok
12:30:34.0560 4820 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:30:34.0561 4820 monitor - ok
12:30:34.0581 4820 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:30:34.0582 4820 mouclass - ok
12:30:34.0604 4820 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:30:34.0605 4820 mouhid - ok
12:30:34.0649 4820 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:30:34.0651 4820 mountmgr - ok
12:30:34.0685 4820 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:30:34.0687 4820 mpio - ok
12:30:34.0717 4820 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:30:34.0719 4820 mpsdrv - ok
12:30:34.0768 4820 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:30:34.0770 4820 MRxDAV - ok
12:30:34.0813 4820 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:30:34.0816 4820 mrxsmb - ok
12:30:34.0859 4820 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:30:34.0864 4820 mrxsmb10 - ok
12:30:34.0917 4820 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:30:34.0920 4820 mrxsmb20 - ok
12:30:34.0960 4820 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:30:34.0961 4820 msahci - ok
12:30:35.0006 4820 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:30:35.0009 4820 msdsm - ok
12:30:35.0044 4820 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:30:35.0046 4820 Msfs - ok
12:30:35.0078 4820 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:30:35.0079 4820 mshidkmdf - ok
12:30:35.0116 4820 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:30:35.0117 4820 msisadrv - ok
12:30:35.0156 4820 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:30:35.0158 4820 MSKSSRV - ok
12:30:35.0186 4820 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:30:35.0189 4820 MSPCLOCK - ok
12:30:35.0210 4820 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:30:35.0212 4820 MSPQM - ok
12:30:35.0242 4820 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:30:35.0248 4820 MsRPC - ok
12:30:35.0272 4820 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:30:35.0273 4820 mssmbios - ok
12:30:35.0298 4820 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:30:35.0300 4820 MSTEE - ok
12:30:35.0321 4820 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:30:35.0322 4820 MTConfig - ok
12:30:35.0347 4820 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:30:35.0348 4820 Mup - ok
12:30:35.0396 4820 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:30:35.0401 4820 NativeWifiP - ok
12:30:35.0462 4820 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:30:35.0472 4820 NDIS - ok
12:30:35.0499 4820 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:30:35.0501 4820 NdisCap - ok
12:30:35.0540 4820 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:30:35.0542 4820 NdisTapi - ok
12:30:35.0584 4820 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:30:35.0586 4820 Ndisuio - ok
12:30:35.0625 4820 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:30:35.0628 4820 NdisWan - ok
12:30:35.0676 4820 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:30:35.0678 4820 NDProxy - ok
12:30:35.0701 4820 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:30:35.0703 4820 NetBIOS - ok
12:30:35.0746 4820 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:30:35.0751 4820 NetBT - ok
12:30:35.0788 4820 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:30:35.0789 4820 nfrd960 - ok
12:30:35.0816 4820 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:30:35.0817 4820 Npfs - ok
12:30:35.0856 4820 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:30:35.0858 4820 nsiproxy - ok
12:30:35.0929 4820 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:30:35.0971 4820 Ntfs - ok
12:30:35.0989 4820 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:30:35.0990 4820 Null - ok
12:30:36.0022 4820 NVHDA (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys
12:30:36.0025 4820 NVHDA - ok
12:30:36.0278 4820 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:30:36.0507 4820 nvlddmkm - ok
12:30:36.0559 4820 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:30:36.0563 4820 nvraid - ok
12:30:36.0601 4820 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:30:36.0605 4820 nvstor - ok
12:30:36.0671 4820 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:30:36.0675 4820 nv_agp - ok
12:30:36.0729 4820 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:30:36.0732 4820 ohci1394 - ok
12:30:36.0808 4820 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:30:36.0810 4820 Parport - ok
12:30:36.0874 4820 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:30:36.0877 4820 partmgr - ok
12:30:36.0905 4820 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:30:36.0909 4820 pci - ok
12:30:36.0937 4820 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:30:36.0939 4820 pciide - ok
12:30:36.0971 4820 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:30:36.0975 4820 pcmcia - ok
12:30:36.0998 4820 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:30:37.0000 4820 pcw - ok
12:30:37.0031 4820 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:30:37.0041 4820 PEAUTH - ok
12:30:37.0113 4820 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:30:37.0116 4820 PptpMiniport - ok
12:30:37.0136 4820 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:30:37.0139 4820 Processor - ok
12:30:37.0182 4820 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:30:37.0185 4820 Psched - ok
12:30:37.0237 4820 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:30:37.0281 4820 ql2300 - ok
12:30:37.0301 4820 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:30:37.0304 4820 ql40xx - ok
12:30:37.0331 4820 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:30:37.0332 4820 QWAVEdrv - ok
12:30:37.0358 4820 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:30:37.0359 4820 RasAcd - ok
12:30:37.0392 4820 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:30:37.0394 4820 RasAgileVpn - ok
12:30:37.0428 4820 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:30:37.0431 4820 Rasl2tp - ok
12:30:37.0466 4820 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:30:37.0469 4820 RasPppoe - ok
12:30:37.0495 4820 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:30:37.0498 4820 RasSstp - ok
12:30:37.0541 4820 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:30:37.0546 4820 rdbss - ok
12:30:37.0569 4820 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:30:37.0571 4820 rdpbus - ok
12:30:37.0602 4820 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:30:37.0604 4820 RDPCDD - ok
12:30:37.0659 4820 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
12:30:37.0663 4820 RDPDR - ok
12:30:37.0696 4820 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:30:37.0697 4820 RDPENCDD - ok
12:30:37.0714 4820 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:30:37.0715 4820 RDPREFMP - ok
12:30:37.0742 4820 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
12:30:37.0745 4820 RDPWD - ok
12:30:37.0793 4820 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:30:37.0797 4820 rdyboost - ok
12:30:37.0873 4820 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:30:37.0876 4820 rspndr - ok
12:30:37.0910 4820 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
12:30:37.0912 4820 s3cap - ok
12:30:37.0950 4820 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:30:37.0953 4820 sbp2port - ok
12:30:37.0978 4820 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:30:37.0980 4820 scfilter - ok
12:30:38.0034 4820 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
12:30:38.0037 4820 sdbus - ok
12:30:38.0066 4820 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:30:38.0067 4820 secdrv - ok
12:30:38.0096 4820 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:30:38.0098 4820 Serenum - ok
12:30:38.0141 4820 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:30:38.0144 4820 Serial - ok
12:30:38.0180 4820 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:30:38.0182 4820 sermouse - ok
12:30:38.0227 4820 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:30:38.0228 4820 sffdisk - ok
12:30:38.0247 4820 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:30:38.0249 4820 sffp_mmc - ok
12:30:38.0268 4820 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:30:38.0270 4820 sffp_sd - ok
12:30:38.0291 4820 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:30:38.0293 4820 sfloppy - ok
12:30:38.0323 4820 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:30:38.0325 4820 SiSRaid2 - ok
12:30:38.0353 4820 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:30:38.0355 4820 SiSRaid4 - ok
12:30:38.0379 4820 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:30:38.0381 4820 Smb - ok
12:30:38.0416 4820 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:30:38.0418 4820 spldr - ok
12:30:38.0470 4820 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:30:38.0475 4820 srv - ok
12:30:38.0501 4820 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:30:38.0506 4820 srv2 - ok
12:30:38.0529 4820 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:30:38.0532 4820 srvnet - ok
12:30:38.0588 4820 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:30:38.0589 4820 stexstor - ok
12:30:38.0628 4820 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
12:30:38.0630 4820 storflt - ok
12:30:38.0654 4820 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
12:30:38.0656 4820 storvsc - ok
12:30:38.0690 4820 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:30:38.0691 4820 swenum - ok
12:30:38.0738 4820 tap0901 (f0b9d3ed88e56d3cd713dff21e42aaf0) C:\Windows\system32\DRIVERS\tap0901.sys
12:30:38.0740 4820 tap0901 - ok
12:30:38.0828 4820 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
12:30:38.0879 4820 Tcpip - ok
12:30:38.0920 4820 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
12:30:38.0929 4820 TCPIP6 - ok
12:30:38.0990 4820 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:30:38.0992 4820 tcpipreg - ok
12:30:39.0035 4820 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:30:39.0037 4820 TDPIPE - ok
12:30:39.0112 4820 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:30:39.0114 4820 TDTCP - ok
12:30:39.0172 4820 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:30:39.0175 4820 tdx - ok
12:30:39.0216 4820 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:30:39.0218 4820 TermDD - ok
12:30:39.0312 4820 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:30:39.0315 4820 tssecsrv - ok
12:30:39.0389 4820 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:30:39.0391 4820 TsUsbFlt - ok
12:30:39.0473 4820 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:30:39.0475 4820 tunnel - ok
12:30:39.0508 4820 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:30:39.0510 4820 uagp35 - ok
12:30:39.0551 4820 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:30:39.0557 4820 udfs - ok
12:30:39.0590 4820 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:30:39.0592 4820 uliagpkx - ok
12:30:39.0631 4820 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:30:39.0632 4820 umbus - ok
12:30:39.0655 4820 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:30:39.0656 4820 UmPass - ok
12:30:39.0708 4820 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:30:39.0710 4820 usbccgp - ok
12:30:39.0742 4820 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:30:39.0744 4820 usbcir - ok
12:30:39.0784 4820 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:30:39.0808 4820 usbehci - ok
12:30:39.0847 4820 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:30:39.0851 4820 usbhub - ok
12:30:39.0884 4820 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:30:39.0886 4820 usbohci - ok
12:30:39.0904 4820 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:30:39.0906 4820 usbprint - ok
12:30:39.0940 4820 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:30:39.0943 4820 USBSTOR - ok
12:30:39.0965 4820 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:30:39.0966 4820 usbuhci - ok
12:30:39.0999 4820 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:30:40.0000 4820 vdrvroot - ok
12:30:40.0027 4820 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:30:40.0028 4820 vga - ok
12:30:40.0053 4820 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:30:40.0054 4820 VgaSave - ok
12:30:40.0079 4820 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:30:40.0082 4820 vhdmp - ok
12:30:40.0120 4820 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:30:40.0122 4820 viaide - ok
12:30:40.0147 4820 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
12:30:40.0150 4820 vmbus - ok
12:30:40.0176 4820 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
12:30:40.0177 4820 VMBusHID - ok
12:30:40.0190 4820 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:30:40.0197 4820 volmgr - ok
12:30:40.0234 4820 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:30:40.0238 4820 volmgrx - ok
12:30:40.0273 4820 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:30:40.0276 4820 volsnap - ok
12:30:40.0299 4820 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:30:40.0302 4820 vsmraid - ok
12:30:40.0329 4820 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:30:40.0330 4820 vwifibus - ok
12:30:40.0362 4820 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:30:40.0364 4820 vwififlt - ok
12:30:40.0386 4820 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:30:40.0388 4820 WacomPen - ok
12:30:40.0413 4820 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:30:40.0415 4820 WANARP - ok
12:30:40.0419 4820 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:30:40.0421 4820 Wanarpv6 - ok
12:30:40.0465 4820 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:30:40.0466 4820 Wd - ok
12:30:40.0498 4820 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:30:40.0506 4820 Wdf01000 - ok
12:30:40.0547 4820 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:30:40.0548 4820 WfpLwf - ok
12:30:40.0568 4820 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:30:40.0577 4820 WIMMount - ok
12:30:40.0634 4820 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\drivers\WinUSB.sys
12:30:40.0635 4820 WinUsb - ok
12:30:40.0675 4820 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:30:40.0675 4820 WmiAcpi - ok
12:30:40.0713 4820 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:30:40.0714 4820 ws2ifsl - ok
12:30:40.0759 4820 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:30:40.0761 4820 WudfPf - ok
12:30:40.0784 4820 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:30:40.0787 4820 WUDFRd - ok
12:30:40.0864 4820 X6va005 - ok
12:30:40.0924 4820 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:30:40.0985 4820 \Device\Harddisk0\DR0 - ok
12:30:40.0991 4820 Boot (0x1200) (0faa148d5d967d7c67122ce04d3ee2df) \Device\Harddisk0\DR0\Partition0
12:30:40.0992 4820 \Device\Harddisk0\DR0\Partition0 - ok
12:30:41.0008 4820 Boot (0x1200) (17e4cf1463fff69e664ea809b6608e35) \Device\Harddisk0\DR0\Partition1
12:30:41.0010 4820 \Device\Harddisk0\DR0\Partition1 - ok
12:30:41.0045 4820 Boot (0x1200) (847974cd5e40097f66add67438aa805f) \Device\Harddisk0\DR0\Partition2
12:30:41.0046 4820 \Device\Harddisk0\DR0\Partition2 - ok
12:30:41.0046 4820 ============================================================
12:30:41.0046 4820 Scan finished
12:30:41.0046 4820 ============================================================
12:30:41.0058 3500 Detected object count: 0
12:30:41.0058 3500 Actual detected object count: 0

aswMBR, not sure if this ran, I left it alone for a while.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-16 12:38:10
-----------------------------
12:38:10.729 OS Version: Windows x64 6.1.7601 Service Pack 1
12:38:10.730 Number of processors: 4 586 0x2505
12:38:10.731 ComputerName: GIL-PC UserName: Gil
12:38:12.784 Initialize success
12:44:49.388 AVAST engine defs: 12031600
12:45:46.688 The log file has been saved successfully to "C:\Users\Gil\Desktop\aswMBR.txt"

#6 GTL

GTL
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 16 March 2012 - 03:38 PM

I just tried a search and unfortunately I got redirected again.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:04 AM

Posted 16 March 2012 - 04:48 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache:: 

Folder::
c:\users\Gil\AppData\Local\blekkotb
c:\program files (x86)\blekkotb

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 GTL

GTL
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 16 March 2012 - 05:17 PM

Still has redirects, though I am being redirected to different sites as before. (Before: Ask the Crew, Happli; Now: Compare Prices). Not sure if that has any significance.

ComboFix Log after the script:

ComboFix 12-03-16.03 - Gil 03/16/2012 14:58:09.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2038.1252 [GMT -7:00]
Running from: c:\users\Gil\Desktop\ComboFix.exe
Command switches used :: c:\users\Gil\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\blekkotb
c:\program files (x86)\blekkotb\auxi\blekkoAu.dll
c:\program files (x86)\blekkotb\auxi\config.xml
c:\program files (x86)\blekkotb\blekkoDx.dll
c:\program files (x86)\blekkotb\blekkotb.dll
c:\program files (x86)\blekkotb\chrome\content\custom.js
c:\program files (x86)\blekkotb\chrome\content\lib\about.xml
c:\program files (x86)\blekkotb\chrome\content\lib\dtxpanel.xul
c:\program files (x86)\blekkotb\chrome\content\lib\dtxpaneltransparent.xul
c:\program files (x86)\blekkotb\chrome\content\lib\dtxpanelwin.xul
c:\program files (x86)\blekkotb\chrome\content\lib\dtxprefwin.xul
c:\program files (x86)\blekkotb\chrome\content\lib\dtxtransparentwin.xul
c:\program files (x86)\blekkotb\chrome\content\lib\dtxwin.xul
c:\program files (x86)\blekkotb\chrome\content\lib\emailnotifierproviders.xml
c:\program files (x86)\blekkotb\chrome\content\lib\external.js
c:\program files (x86)\blekkotb\chrome\content\lib\neterror.xhtml
c:\program files (x86)\blekkotb\chrome\content\lib\rsspreview.html
c:\program files (x86)\blekkotb\chrome\content\lib\rsswin.xml
c:\program files (x86)\blekkotb\chrome\content\lib\rsswin.xsl
c:\program files (x86)\blekkotb\chrome\content\modules\datastore.jsm
c:\program files (x86)\blekkotb\chrome\content\modules\nsDragAndDrop.js
c:\program files (x86)\blekkotb\chrome\content\newtab\images\btn_search.gif
c:\program files (x86)\blekkotb\chrome\content\newtab\images\bullet.gif
c:\program files (x86)\blekkotb\chrome\content\newtab\images\field_bg.gif
c:\program files (x86)\blekkotb\chrome\content\newtab\images\powered_by_yahoo.gif
c:\program files (x86)\blekkotb\chrome\content\newtab\newtab.html
c:\program files (x86)\blekkotb\chrome\content\preferences.xml
c:\program files (x86)\blekkotb\chrome\content\toolbar.htm
c:\program files (x86)\blekkotb\chrome\content\toolbar.xul
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\css\dialog.css
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrow-grey.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrows_grey-left.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrows_grey-right.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\bg.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\btn-search-over.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\btn-search.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\throbber.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\index.html
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\css\dialog.css
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\1x1_transparent.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\bg.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-search.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-wide-close-over.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-wide-close.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn_close_x.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\default.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\transparent.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-left.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-mdl.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-right-resize.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-right.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\main.html
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\scripts\defscript.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\tb_icon.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\widget.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\widget.xml
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\widget_version.txt
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\.project
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\alert_coupon.css
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-next-off.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-next.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-previous-off.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-previous.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\bg-coupon-blue.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\bg-save.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\blank_image.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\border-radius.htc
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-getcoupon.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-next-blue.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-previous-blue.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-wide-close-over.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-wide-close.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\checked.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\coupon-activated.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\couponTooltip.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\css\appversion.css
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\css\dialog.css
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\css\IE7Styles.css
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-coupon-hover.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-coupon.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-dollar.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrow-grey.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-left.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-right.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\bg_top.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-back.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-getcoupon.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-search.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\coupon-activated.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\delete.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\loader.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\save.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb-disable.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb-down.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt-disable.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt-down.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\sprite.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-arrow-hover.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-arrow.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-l.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-l_BAK.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-r.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-r_BAK.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-on-l.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-on-r.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-over-l.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-over-r.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-left.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-mdl.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-right.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\vid-bg.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\index.html
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\jquery.contextMenu.css
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\jquery.contextMenu.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\appversion.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery-1.4.2.min.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.event.wheel.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.pagination.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.scrollTo-min.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\JSON.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\listnav.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\main.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\main.js.bak
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\page_white_copy.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\panel.html
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\partner.xml
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\placeholder-logo.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css\dialog.css
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\bg.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-disablealert-over.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-disablealert.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-enablealert-over.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-enablealert.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-help-over.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-help.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-managealerts-over.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-managealerts.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-showalert-over.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-showalert.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-wide-close-over.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-wide-close.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\default.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\power-couponcamp.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\poweredby-couponwinner.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\transparent.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-left.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-left_old.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-mdl.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-mdl_old.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right-resize.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right_old.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\main.html
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts\defscript.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\tb_icon.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\unchecked.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\widget.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\widget.xml
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\widget_version.txt
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Grooveshark\tb_icon.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Grooveshark\widget.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Grooveshark\widget.xml
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Grooveshark\widget_version.txt
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\css\messageContent.css
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\css\messageList.css
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\images\bg_header.jpg
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\images\btn-close-grey.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\images\mail.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\images\msg-btn.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\messageContent.html
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\messageList.html
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\scripts\messageList.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\tb_icon.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\widget.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\widget.xml
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\.cvsignore
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\css\dialog.css
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrow-grey.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-left.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-right.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\back.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search-over.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\delete.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-disable.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-down.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-disable.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-down.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow-hover.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-l.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-r.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-l.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-r.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-l.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-r.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-left.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-mdl.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-right.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-left.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-mdl.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-right.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\throbber.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\vid-bg.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\youtube.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\index.html
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\function.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\jquery-1.4.2.min.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\JSON.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css\dialog.css
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\bg-facebook.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\blank.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close-over.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\default.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\transparent.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-left.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-mdl.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right-resize.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\main.html
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\defscript.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\jquery-1.4.2.min.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\tb_icon.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.xml
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget_version.txt
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-buffering.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-connecting.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-playing.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-stopped.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta.ico
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\tb_icon.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\widget.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\widget.xml
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\css\twitter.css
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login-over.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\btn-submit.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\loginbg.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\refresh-over.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\refresh.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-disable.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-down.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-over.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-disable.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-down.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-over.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-l.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-r.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-l.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-r.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\throbber.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\twitter-logo48.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\twitter_top.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\index.html
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\js\defscript.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\js\jquery.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\js\scripts.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\login.html
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\css\dialog.css
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\bg.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close-over.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\default.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\transparent.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-left.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-mdl.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right-resize.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\main.html
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts\defscript.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\tb_icon.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\widget.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\widget.xml
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\widget_version.txt
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\css\autocomplete.css
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\css\dialog.css
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrow-grey.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrows_grey-left.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrows_grey-right.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\bg.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\btn-search-over.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\btn-search.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\powered-by-youtube.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-off-l.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-off-r.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-on-l.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-on-r.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-red-left.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-red-mdl.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-red-right.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-white-left.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-white-mdl.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-white-right.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\throbber.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\vid-bg.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\youtube.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\index.html
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\js\autocomplete.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\js\jquery-1.4.3.min.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\js\paginator.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\js\youtube.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\css\dialog.css
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\bg.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\btn-search.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\btn-wide-close-over.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\btn-wide-close.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\default.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-off-l.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-off-r.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-on-l.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-on-r.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\transparent.gif
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-left.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-mdl.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-right-resize.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-right.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\main.html
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\scripts\defscript.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\tb_icon.png
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\widget.js
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\widget.xml
c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\widget_version.txt
c:\program files (x86)\blekkotb\chrome\data\search\engines.xml
c:\program files (x86)\blekkotb\chrome\data\search\search.xsl
c:\program files (x86)\blekkotb\chrome\skin\bg-btnover-mdl_ff_bluelite.png
c:\program files (x86)\blekkotb\chrome\skin\bg-btnover-mdl_ff_bluesky.png
c:\program files (x86)\blekkotb\chrome\skin\blekko16.png
c:\program files (x86)\blekkotb\chrome\skin\blogger.png
c:\program files (x86)\blekkotb\chrome\skin\bluelite.gif
c:\program files (x86)\blekkotb\chrome\skin\bluesky.gif
c:\program files (x86)\blekkotb\chrome\skin\btn-search-over.png
c:\program files (x86)\blekkotb\chrome\skin\btn-search.png
c:\program files (x86)\blekkotb\chrome\skin\btn-settings-over.png
c:\program files (x86)\blekkotb\chrome\skin\btn-settings.png
c:\program files (x86)\blekkotb\chrome\skin\btn-widgets-over.png
c:\program files (x86)\blekkotb\chrome\skin\btn-widgets.png
c:\program files (x86)\blekkotb\chrome\skin\coupons-hover.png
c:\program files (x86)\blekkotb\chrome\skin\coupons.png
c:\program files (x86)\blekkotb\chrome\skin\custom.css
c:\program files (x86)\blekkotb\chrome\skin\dictionary.png
c:\program files (x86)\blekkotb\chrome\skin\downloadcom.png
c:\program files (x86)\blekkotb\chrome\skin\dtxlogo.png
c:\program files (x86)\blekkotb\chrome\skin\facebook-blekko-hover.png
c:\program files (x86)\blekkotb\chrome\skin\facebook-blekko.png
c:\program files (x86)\blekkotb\chrome\skin\facebook-hover.png
c:\program files (x86)\blekkotb\chrome\skin\facebook.png
c:\program files (x86)\blekkotb\chrome\skin\fb.png
c:\program files (x86)\blekkotb\chrome\skin\games.png
c:\program files (x86)\blekkotb\chrome\skin\google.png
c:\program files (x86)\blekkotb\chrome\skin\graphna.png
c:\program files (x86)\blekkotb\chrome\skin\graphred0.png
c:\program files (x86)\blekkotb\chrome\skin\graphred0_5.png
c:\program files (x86)\blekkotb\chrome\skin\graphred1.png
c:\program files (x86)\blekkotb\chrome\skin\graphred1_5.png
c:\program files (x86)\blekkotb\chrome\skin\graphred2.png
c:\program files (x86)\blekkotb\chrome\skin\graphred2_5.png
c:\program files (x86)\blekkotb\chrome\skin\graphred3.png
c:\program files (x86)\blekkotb\chrome\skin\graphred3_5.png
c:\program files (x86)\blekkotb\chrome\skin\graphred4.png
c:\program files (x86)\blekkotb\chrome\skin\graphred4_5.png
c:\program files (x86)\blekkotb\chrome\skin\graphred5.png
c:\program files (x86)\blekkotb\chrome\skin\graphredna.png
c:\program files (x86)\blekkotb\chrome\skin\grey.gif
c:\program files (x86)\blekkotb\chrome\skin\hulu.png
c:\program files (x86)\blekkotb\chrome\skin\ico-digg.png
c:\program files (x86)\blekkotb\chrome\skin\ico-shield.png
c:\program files (x86)\blekkotb\chrome\skin\icon_blekko.png
c:\program files (x86)\blekkotb\chrome\skin\images.png
c:\program files (x86)\blekkotb\chrome\skin\lib\add.png
c:\program files (x86)\blekkotb\chrome\skin\lib\aol.png
c:\program files (x86)\blekkotb\chrome\skin\lib\arrow-dn.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\arrow-right-disabled.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\arrow-right.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\arrow-up.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\bg-btn-end.png
c:\program files (x86)\blekkotb\chrome\skin\lib\bg-btn-mdl.png
c:\program files (x86)\blekkotb\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files (x86)\blekkotb\chrome\skin\lib\bg-btn-start.png
c:\program files (x86)\blekkotb\chrome\skin\lib\bg-btnover-end.png
c:\program files (x86)\blekkotb\chrome\skin\lib\bg-btnover-mdl.png
c:\program files (x86)\blekkotb\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files (x86)\blekkotb\chrome\skin\lib\bg-btnover-start.png
c:\program files (x86)\blekkotb\chrome\skin\lib\blank.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\btnback-down-vista.png
c:\program files (x86)\blekkotb\chrome\skin\lib\btnback-vista.png
c:\program files (x86)\blekkotb\chrome\skin\lib\btnleft-down-vista.png
c:\program files (x86)\blekkotb\chrome\skin\lib\btnleft-vista.png
c:\program files (x86)\blekkotb\chrome\skin\lib\btnright-down-vista.png
c:\program files (x86)\blekkotb\chrome\skin\lib\btnright-vista.png
c:\program files (x86)\blekkotb\chrome\skin\lib\button-splitter-down-vista.png
c:\program files (x86)\blekkotb\chrome\skin\lib\button-splitter-vista.png
c:\program files (x86)\blekkotb\chrome\skin\lib\checkmark.png
c:\program files (x86)\blekkotb\chrome\skin\lib\chevron.png
c:\program files (x86)\blekkotb\chrome\skin\lib\collapse.png
c:\program files (x86)\blekkotb\chrome\skin\lib\dtx.css
c:\program files (x86)\blekkotb\chrome\skin\lib\edit-back-hot.png
c:\program files (x86)\blekkotb\chrome\skin\lib\edit-back.png
c:\program files (x86)\blekkotb\chrome\skin\lib\expand.png
c:\program files (x86)\blekkotb\chrome\skin\lib\found.png
c:\program files (x86)\blekkotb\chrome\skin\lib\gmail.png
c:\program files (x86)\blekkotb\chrome\skin\lib\highlight.png
c:\program files (x86)\blekkotb\chrome\skin\lib\highlight_blue.png
c:\program files (x86)\blekkotb\chrome\skin\lib\highlight_cyan.png
c:\program files (x86)\blekkotb\chrome\skin\lib\highlight_lime.png
c:\program files (x86)\blekkotb\chrome\skin\lib\highlight_magenta.png
c:\program files (x86)\blekkotb\chrome\skin\lib\highlight_yellow.png
c:\program files (x86)\blekkotb\chrome\skin\lib\hotmail.png
c:\program files (x86)\blekkotb\chrome\skin\lib\imap.png
c:\program files (x86)\blekkotb\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\loadingMid.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\lock.png
c:\program files (x86)\blekkotb\chrome\skin\lib\mailcom.png
c:\program files (x86)\blekkotb\chrome\skin\lib\menu_bg-basic.png
c:\program files (x86)\blekkotb\chrome\skin\lib\menu_separator_bar.png
c:\program files (x86)\blekkotb\chrome\skin\lib\menuitem-splitter.png
c:\program files (x86)\blekkotb\chrome\skin\lib\menuitemback-down-vista.png
c:\program files (x86)\blekkotb\chrome\skin\lib\menuitemback-vista.png
c:\program files (x86)\blekkotb\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files (x86)\blekkotb\chrome\skin\lib\menuitemleft-vista.png
c:\program files (x86)\blekkotb\chrome\skin\lib\menuitemright-down-vista.png
c:\program files (x86)\blekkotb\chrome\skin\lib\menuitemright-vista.png
c:\program files (x86)\blekkotb\chrome\skin\lib\modify.png
c:\program files (x86)\blekkotb\chrome\skin\lib\move.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\movetarget.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\css\popupAbout.css
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\default\css\dialog.css
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\default\images\bg.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\default\images\default.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\default\main.html
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-drag.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-next.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-previous.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\ico-download.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\ico-tags.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\icon-Add.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\icon-Info.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\scrollb.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\scrollt.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\throbber.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files (x86)\blekkotb\chrome\skin\lib\panels\popupWidgets.html
c:\program files (x86)\blekkotb\chrome\skin\lib\pop.png
c:\program files (x86)\blekkotb\chrome\skin\lib\radio.png
c:\program files (x86)\blekkotb\chrome\skin\lib\reload.png
c:\program files (x86)\blekkotb\chrome\skin\lib\remove.png
c:\program files (x86)\blekkotb\chrome\skin\lib\rename.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\resize-box.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\rss.png
c:\program files (x86)\blekkotb\chrome\skin\lib\rsschannelback.png
c:\program files (x86)\blekkotb\chrome\skin\lib\RSSLogo.png
c:\program files (x86)\blekkotb\chrome\skin\lib\rsstabdivider.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\scroll-left.png
c:\program files (x86)\blekkotb\chrome\skin\lib\scroll-right.png
c:\program files (x86)\blekkotb\chrome\skin\lib\search-go.png
c:\program files (x86)\blekkotb\chrome\skin\lib\search.png
c:\program files (x86)\blekkotb\chrome\skin\lib\text-ellipsis.xml
c:\program files (x86)\blekkotb\chrome\skin\lib\throbber.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\toolbarsplitter.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\transparent_1px.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_02.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_03.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_04.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_06.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_07.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_08.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_09.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_10.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_11.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_12.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_13.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_14.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_15.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_16.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_18.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_19.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_20.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_21.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\close-hot.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\close-normal.png
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\loadingMid.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\paneltemplate.html
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\proxy.html
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\template.html
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\template.xml
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\templateFF.html
c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\throbber.gif
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files (x86)\blekkotb\chrome\skin\lib\yahoo.png
c:\program files (x86)\blekkotb\chrome\skin\lichen.gif
c:\program files (x86)\blekkotb\chrome\skin\local-deals-hover.png
c:\program files (x86)\blekkotb\chrome\skin\local-deals.png
c:\program files (x86)\blekkotb\chrome\skin\logo-about.png
c:\program files (x86)\blekkotb\chrome\skin\logo-over.png
c:\program files (x86)\blekkotb\chrome\skin\logo.png
c:\program files (x86)\blekkotb\chrome\skin\mail-blekko-hover.png
c:\program files (x86)\blekkotb\chrome\skin\mail-blekko.png
c:\program files (x86)\blekkotb\chrome\skin\mail-hover.png
c:\program files (x86)\blekkotb\chrome\skin\mail.png
c:\program files (x86)\blekkotb\chrome\skin\modify-save.png
c:\program files (x86)\blekkotb\chrome\skin\modify.png
c:\program files (x86)\blekkotb\chrome\skin\music.png
c:\program files (x86)\blekkotb\chrome\skin\myspace.png
c:\program files (x86)\blekkotb\chrome\skin\news.png
c:\program files (x86)\blekkotb\chrome\skin\options-main.png
c:\program files (x86)\blekkotb\chrome\skin\options-search.png
c:\program files (x86)\blekkotb\chrome\skin\options\options-main.png
c:\program files (x86)\blekkotb\chrome\skin\options\options-search.png
c:\program files (x86)\blekkotb\chrome\skin\options\options-weather.png
c:\program files (x86)\blekkotb\chrome\skin\options\options-widgets.png
c:\program files (x86)\blekkotb\chrome\skin\orange.gif
c:\program files (x86)\blekkotb\chrome\skin\p_yahoo.png
c:\program files (x86)\blekkotb\chrome\skin\rss-collapse.png
c:\program files (x86)\blekkotb\chrome\skin\rss-delete.png
c:\program files (x86)\blekkotb\chrome\skin\rss-expand.png
c:\program files (x86)\blekkotb\chrome\skin\rss-feed.png
c:\program files (x86)\blekkotb\chrome\skin\rss-folder-remove.png
c:\program files (x86)\blekkotb\chrome\skin\rss-folder-rename.png
c:\program files (x86)\blekkotb\chrome\skin\rss-folder.png
c:\program files (x86)\blekkotb\chrome\skin\rss-found.png
c:\program files (x86)\blekkotb\chrome\skin\rss-reload.png
c:\program files (x86)\blekkotb\chrome\skin\rss-subscribe.png
c:\program files (x86)\blekkotb\chrome\skin\rss.png
c:\program files (x86)\blekkotb\chrome\skin\rssback.gif
c:\program files (x86)\blekkotb\chrome\skin\rsstopback.gif
c:\program files (x86)\blekkotb\chrome\skin\search.png
c:\program files (x86)\blekkotb\chrome\skin\settings.png
c:\program files (x86)\blekkotb\chrome\skin\shopping.png
c:\program files (x86)\blekkotb\chrome\skin\skin-bluelite.png
c:\program files (x86)\blekkotb\chrome\skin\skin-bluesky.png
c:\program files (x86)\blekkotb\chrome\skin\skin-grey.png
c:\program files (x86)\blekkotb\chrome\skin\skin-lichen.png
c:\program files (x86)\blekkotb\chrome\skin\skin-orange.png
c:\program files (x86)\blekkotb\chrome\skin\skin-yellow.png
c:\program files (x86)\blekkotb\chrome\skin\social_delicious.png
c:\program files (x86)\blekkotb\chrome\skin\social_stumbleupon.png
c:\program files (x86)\blekkotb\chrome\skin\technorati.png
c:\program files (x86)\blekkotb\chrome\skin\throbber.gif
c:\program files (x86)\blekkotb\chrome\skin\toolbarsplitter.png
c:\program files (x86)\blekkotb\chrome\skin\twitter-blekko-hover.png
c:\program files (x86)\blekkotb\chrome\skin\twitter-blekko.png
c:\program files (x86)\blekkotb\chrome\skin\twitter-hover.png
c:\program files (x86)\blekkotb\chrome\skin\twitter.png
c:\program files (x86)\blekkotb\chrome\skin\weather-blekko.png
c:\program files (x86)\blekkotb\chrome\skin\web.png
c:\program files (x86)\blekkotb\chrome\skin\websearch.png
c:\program files (x86)\blekkotb\chrome\skin\wikipedia.png
c:\program files (x86)\blekkotb\chrome\skin\yahoosearch.png
c:\program files (x86)\blekkotb\chrome\skin\yellow.gif
c:\program files (x86)\blekkotb\chrome\skin\youtube.png
c:\program files (x86)\blekkotb\components\windowmediator.js
c:\program files (x86)\blekkotb\install.ico
c:\program files (x86)\blekkotb\manifest.xml
c:\program files (x86)\blekkotb\search.ico
c:\program files (x86)\blekkotb\uninstall.exe
c:\users\Gil\AppData\Local\blekkotb
c:\users\Gil\AppData\Local\blekkotb\catalog.list
c:\users\Gil\AppData\Local\blekkotb\data\120314122601-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120314122601-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120314132611-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120314132611-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120314133038-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120314133038-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120314133149-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120314133149-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120314135116-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120314135116-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120314142721-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120314142721-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120314143254-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120314143254-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120314152856-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120314152856-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120314154055-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120314154055-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120314155913-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120314155913-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120314162049-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120314162049-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120314162929-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120314162929-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120314163358-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120314163358-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120314165957-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120314165957-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120314170426-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120314170426-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120314173032-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120314173032-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120314180053-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120314180053-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120314180522-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120314180522-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120314183121-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120314183121-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120314183548-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120314183548-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120314184020-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120314184020-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120314190157-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120314190157-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120314194044-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120314194044-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120314200019-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120314200019-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120314200235-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120314200235-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120314204019-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120314204019-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120314210257-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120314210257-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120314214040-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120314214040-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120314220105-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120314220105-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120314220322-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120314220322-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120314222048-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120314222048-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120314230451-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120314230451-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120314234028-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120314234028-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315000519-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315000519-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315001054-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315001054-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315002038-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315002038-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315010552-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315010552-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315012100-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315012100-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315013607-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315013607-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315020632-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315020632-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315030747-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315030747-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315031110-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315031110-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315034116-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315034116-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315040809-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315040809-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315041030-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315041030-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315043102-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315043102-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315045027-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315045027-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315050851-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315050851-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315053027-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315053027-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315055056-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315055056-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315060919-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315060919-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315070054-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315070054-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315070935-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315070935-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315072029-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315072029-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315074204-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315074204-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315075049-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315075049-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315081018-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315081018-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315081238-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315081238-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315082017-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315082017-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315084045-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315084045-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315084305-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315084305-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315085114-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315085114-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315091037-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315091037-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315091148-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315091148-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315101200-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315101200-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315101521-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315101521-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315104112-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315104112-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315111528-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315111528-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315112100-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315112100-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315114647-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315114647-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315115113-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315115113-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315121348-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315121348-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315121711-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315121711-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315122035-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315122035-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315124725-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315124725-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315131424-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315131424-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315132059-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315132059-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315135104-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315135104-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315141506-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315141506-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315144101-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315144101-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315144840-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315144840-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315151555-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315151555-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315152036-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315152036-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315154104-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315154104-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315161633-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315161633-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315164018-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315164018-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315164649-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315164649-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315171702-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315171702-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315181733-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315181733-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315182057-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315182057-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315183045-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315183045-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315185118-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315185118-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315191817-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315191817-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315194023-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315194023-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315194905-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315194905-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315201918-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315201918-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315202242-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315202242-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315205253-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315205253-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315211953-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315211953-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315214044-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315214044-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315222035-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315222035-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315222400-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315222400-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315224016-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315224016-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315225109-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315225109-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315230058-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315230058-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315232020-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315232020-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315232132-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315232132-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315234114-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315234114-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120315235224-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120315235224-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316002239-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316002239-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316004103-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316004103-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316005257-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316005257-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316012304-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316012304-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316014023-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316014023-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316022428-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316022428-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316025442-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316025442-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316032032-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316032032-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316032457-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316032457-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316035049-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316035049-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316042519-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316042519-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316045116-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316045116-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316052543-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316052543-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316053017-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316053017-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316060027-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316060027-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316062626-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316062626-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316065114-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316065114-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316072649-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316072649-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316072908-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316072908-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316075713-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316075713-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316082724-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316082724-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316085947-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316085947-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316090132-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316090132-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316092821-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316092821-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316095830-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316095830-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316100049-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316100049-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316103055-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316103055-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316105851-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316105851-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316112856-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316112856-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316123008-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316123008-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316123124-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316123124-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316130028-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316130028-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316131018-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316131018-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316133051-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316133051-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316140105-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316140105-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316150018-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316150018-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316150134-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316150134-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316153046-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316153046-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316154033-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316154033-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316160206-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316160206-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316161053-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316161053-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316163226-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316163226-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316164115-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316164115-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316170251-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316170251-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316172116-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316172116-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316173414-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316173414-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316180325-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316180325-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316180439-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316180439-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316182053-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316182053-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316184020-f.list
c:\users\Gil\AppData\Local\blekkotb\data\120316190404-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316190404-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316190523-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316190523-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316192036-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316192036-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316194108-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316194108-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316200453-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316200453-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316200608-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316200608-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316203559-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316203559-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316210029-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316210029-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316210701-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316210701-m.list
c:\users\Gil\AppData\Local\blekkotb\data\120316214035-l.list
c:\users\Gil\AppData\Local\blekkotb\data\120316214035-m.list
c:\users\Gil\AppData\Local\blekkotb\data\temp.zip
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Microsoft\klzgc.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-02-16 to 2012-03-16 )))))))))))))))))))))))))))))))
.
.
2012-03-16 22:04 . 2012-03-16 22:04 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-16 22:04 . 2012-03-16 22:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-15 21:55 . 2012-03-15 21:55 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-15 21:55 . 2012-03-15 21:55 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-15 21:55 . 2012-03-15 21:55 -------- d-----w- c:\program files (x86)\Java
2012-03-15 08:41 . 2012-03-15 08:41 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-03-15 07:28 . 2012-03-15 07:28 -------- d-----w- c:\programdata\Malwarebytes
2012-03-14 23:12 . 2012-03-14 23:45 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-14 22:24 . 2012-03-14 22:24 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-03-14 21:59 . 2012-03-14 21:59 -------- d-----w- c:\program files\HitmanPro
2012-03-14 21:59 . 2012-03-14 22:24 -------- d-----w- c:\programdata\HitmanPro
2012-03-14 10:03 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 10:03 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 10:03 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 09:59 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 09:59 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 09:59 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 09:51 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF1622A2-A493-4753-84F2-2DA4F9F63506}\mpengine.dll
2012-03-14 09:50 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 09:50 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 09:50 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 09:50 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 09:50 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 09:50 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:50 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 09:49 . 2012-03-14 10:00 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-03-14 09:46 . 2012-03-14 09:46 -------- d-----w- c:\program files\CCleaner
2012-03-13 06:02 . 2012-03-13 06:02 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2012-03-13 05:59 . 2012-03-13 05:59 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-03-13 05:59 . 2012-03-13 05:59 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-03-13 03:15 . 2012-03-13 03:22 -------- d-----w- c:\users\Gil\AppData\Roaming\AVG
2012-03-13 00:20 . 2012-03-13 00:20 -------- d-----w- c:\programdata\AVG Secure Search
2012-03-13 00:20 . 2012-03-14 09:05 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-03-13 00:20 . 2012-03-14 09:05 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-03-13 00:20 . 2012-03-13 00:20 -------- d--h--w- c:\programdata\Common Files
2012-03-13 00:19 . 2012-03-16 16:38 -------- d-----w- c:\windows\system32\drivers\AVG
2012-03-13 00:19 . 2012-03-14 09:58 -------- d-----w- c:\programdata\AVG2012
2012-03-13 00:18 . 2012-03-14 08:51 -------- d-----w- c:\program files (x86)\AVG
2012-03-13 00:03 . 2012-03-16 16:38 -------- d-----w- c:\programdata\MFAData
2012-03-12 23:52 . 2012-03-13 00:03 -------- d-----w- c:\program files (x86)\1-Click PC Fix v4
2012-03-12 23:52 . 2012-03-16 19:28 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2012-03-12 19:11 . 2012-03-12 19:11 -------- d-----w- c:\windows\Sun
2012-03-09 18:50 . 2010-05-26 19:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-03-09 18:50 . 2010-05-26 19:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-03-08 23:10 . 2012-03-08 23:10 -------- d-----w- C:\Down
2012-03-08 23:10 . 2012-03-14 08:51 -------- d-----w- C:\Perfect World Entertainment
2012-03-08 23:09 . 2012-03-14 09:02 -------- d-----w- C:\Windyzone
2012-03-08 23:07 . 2008-03-06 00:04 489480 ----a-w- c:\windows\system32\XAudio2_0.dll
2012-03-01 21:38 . 2012-03-14 08:54 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 21:38 . 2011-06-26 10:02 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 17:18 . 2010-10-15 02:21 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 10:44 . 2012-02-14 22:02 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-14 22:02 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-14 22:01 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-14 22:01 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-14 22:01 498688 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-16_18.55.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-15 01:57 . 2012-03-16 19:30 37628 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-16 19:30 32620 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-15 01:41 . 2012-03-16 19:30 13242 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1538932294-3402737851-985490036-1000_UserData.bin
+ 2010-10-15 01:26 . 2012-03-16 22:06 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-15 01:26 . 2012-03-16 18:55 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-15 01:26 . 2012-03-16 22:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-15 01:26 . 2012-03-16 18:55 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-16 22:06 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-16 18:55 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-15 01:57 . 2012-03-16 19:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-15 01:57 . 2012-03-15 21:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-15 01:57 . 2012-03-16 19:28 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-15 01:57 . 2012-03-15 21:09 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-15 01:57 . 2012-03-15 21:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-15 01:57 . 2012-03-16 19:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-15 01:57 . 2012-03-16 21:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-15 01:57 . 2012-03-16 18:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-15 01:57 . 2012-03-16 21:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-15 01:57 . 2012-03-16 18:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-16 18:55 . 2012-03-16 18:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-16 22:05 . 2012-03-16 22:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-16 18:55 . 2012-03-16 18:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-16 22:05 . 2012-03-16 22:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-03-15 05:53 627354 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-16 19:10 627354 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-16 19:10 107638 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-15 05:53 107638 c:\windows\system32\perfc009.dat
+ 2009-07-14 04:46 . 2012-03-16 19:34 104384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 05:01 . 2012-03-16 18:54 466004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-16 22:05 466004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:45 . 2012-03-16 18:59 7378862 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-03-14 10:12 7378862 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2010-07-29 14:15 316416 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\spybot - search & destroy\TeaTimer.exe" [2009-03-06 2260480]
"googletalk"="c:\users\Gil\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-08-29 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-01-17 232616]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Update"="c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Microsoft\klzgc.dll" [2012-03-12 312832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-07-04 1038088]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\Gil\AppData\Local\Temp\005B51C.tmp [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-05-22 1612392]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1538932294-3402737851-985490036-1000Core.job
- c:\users\Gil\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-15 02:48]
.
2012-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1538932294-3402737851-985490036-1000UA.job
- c:\users\Gil\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-15 02:48]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2010-07-29 14:15 378368 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1875048]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-07-09 282728]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2010-07-29 98304]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://blekko.com?source=c3348dd4&tbp=homepage&toolbarid=blekkotb&u=20120312787744C39309C6D7BFB8A44D
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - c:\program files (x86)\blekkotb\auxi\blekkoAu.dll
BHO-{26c9e18c-3717-4be1-a225-04e4471f5b6e} - c:\program files (x86)\blekkotb\blekkoDx.dll
Toolbar-{26c9e18c-3717-4be1-a225-04e4471f5b6e} - c:\program files (x86)\blekkotb\blekkoDx.dll
AddRemove-blekkotb - c:\program files (x86)\blekkotb\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Gil\AppData\Local\Temp\005B51C.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
.
**************************************************************************
.
Completion time: 2012-03-16 15:11:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-16 22:11
ComboFix2.txt 2012-03-16 19:01
.
Pre-Run: 234,474,323,968 bytes free
Post-Run: 234,426,089,472 bytes free
.
- - End Of File - - 4F00F2C78B119604A00C37DFF30373F1

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:04 AM

Posted 17 March 2012 - 12:01 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 GTL

GTL
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 17 March 2012 - 01:42 AM

OTL logfile created on: 3/16/2012 11:28:34 PM - Run 1
OTL by OldTimer - Version 3.2.38.0 Folder = C:\Users\Gil\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 65.08% Memory free
3.98 Gb Paging File | 2.60 Gb Available in Paging File | 65.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 295.17 Gb Total Space | 217.94 Gb Free Space | 73.84% Space Free | Partition Type: NTFS
Drive D: | 2.00 Gb Total Space | 1.90 Gb Free Space | 95.27% Space Free | Partition Type: FAT32

Computer Name: GIL-PC | User Name: Gil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Gil\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
PRC - C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe (AVG)
PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Users\Gil\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\AVG\AVG PC Tuneup\madExcept_.bpl ()
MOD - C:\Program Files (x86)\AVG\AVG PC Tuneup\madBasic_.bpl ()
MOD - C:\Program Files (x86)\AVG\AVG PC Tuneup\madDisAsm_.bpl ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Adobe Version Cue CS4) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (e1kexpress) Intel® -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1538932294-3402737851-985490036-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://blekko.com?source=c3348dd4&tbp=homepage&toolbarid=blekkotb&u=20120312787744C39309C6D7BFB8A44D
IE - HKU\S-1-5-21-1538932294-3402737851-985490036-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1538932294-3402737851-985490036-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1A EB 93 1F AA FC CC 01 [binary data]
IE - HKU\S-1-5-21-1538932294-3402737851-985490036-1000\..\SearchScopes,DefaultScope = {E7E7C5B4-88DA-4519-9D2F-AF02FF9B7347}
IE - HKU\S-1-5-21-1538932294-3402737851-985490036-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1538932294-3402737851-985490036-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=20120312787744C39309C6D7BFB8A44D&q={searchTerms}
IE - HKU\S-1-5-21-1538932294-3402737851-985490036-1000\..\SearchScopes\{E7E7C5B4-88DA-4519-9D2F-AF02FF9B7347}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-1538932294-3402737851-985490036-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Gil\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Gil\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Gil\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Gil\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/03/14 02:59:07 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Gil\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Gil\AppData\Local\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Gil\AppData\Local\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Gil\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Gil\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Gil\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Gil\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Gil\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Gil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Gil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: AVG Safe Search = C:\Users\Gil\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Gmail = C:\Users\Gil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/16 15:06:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Updater For Spam Free Search Bar) - {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll File not found
O2 - BHO: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll File not found
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKU\S-1-5-21-1538932294-3402737851-985490036-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\.DEFAULT..\Run: [Update] C:\Windows\SysWow64\config\systemprofile\AppData\Roaming\Microsoft\Microsoft\klzgc.dll (eMajix.com, Inc.)
O4 - HKU\S-1-5-18..\Run: [Update] C:\Windows\SysWow64\config\systemprofile\AppData\Roaming\Microsoft\Microsoft\klzgc.dll (eMajix.com, Inc.)
O4 - HKU\S-1-5-21-1538932294-3402737851-985490036-1000..\Run: [googletalk] C:\Users\Gil\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-1538932294-3402737851-985490036-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1538932294-3402737851-985490036-1000..\Run: [SpybotSD TeaTimer] C:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1538932294-3402737851-985490036-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1538932294-3402737851-985490036-1003..\Run: [Update] C:\Windows\SysWow64\config\systemprofile\AppData\Roaming\Microsoft\Microsoft\klzgc.dll (eMajix.com, Inc.)
O4 - HKU\S-1-5-21-1538932294-3402737851-985490036-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1538932294-3402737851-985490036-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1538932294-3402737851-985490036-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1538932294-3402737851-985490036-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{912CCE47-15D8-4F17-BCFB-75629AA58C94}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/16 23:27:21 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Gil\Desktop\OTL.exe
[2012/03/16 18:34:15 | 000,000,000 | ---D | C] -- C:\Users\Gil\Desktop\BleepComp fix module
[2012/03/16 15:14:17 | 000,000,000 | ---D | C] -- C:\Users\Gil\AppData\Local\blekkotb
[2012/03/16 15:11:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/16 15:06:28 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/03/16 14:57:00 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/03/16 12:31:30 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Gil\Desktop\aswMBR.exe
[2012/03/16 11:47:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/16 11:47:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/16 11:47:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/16 11:47:53 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/16 11:47:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/16 11:45:49 | 004,438,270 | R--- | C] (Swearware) -- C:\Users\Gil\Desktop\ComboFix.exe
[2012/03/15 15:38:02 | 000,000,000 | ---D | C] -- C:\Users\Gil\Desktop\gmer
[2012/03/15 15:27:30 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Gil\Desktop\dds.scr
[2012/03/15 14:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/03/15 14:55:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/03/15 14:55:44 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/03/15 14:55:43 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/15 14:55:42 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/15 14:55:41 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/15 14:55:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/03/15 01:41:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2012/03/15 00:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/14 17:18:37 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/03/14 16:12:33 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/14 15:24:30 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/03/14 14:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/03/14 14:59:17 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/03/14 11:27:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2012/03/14 03:03:35 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/14 03:03:33 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/14 03:03:32 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/14 03:03:27 | 000,000,000 | ---D | C] -- C:\Users\Gil\AppData\Roaming\AVG2012
[2012/03/14 03:00:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012/03/14 02:59:45 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/14 02:50:27 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/14 02:50:27 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/14 02:50:27 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/14 02:50:08 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/14 02:50:08 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/14 02:49:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/03/14 02:46:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/03/13 00:16:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/03/12 23:02:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2012/03/12 22:59:13 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/03/12 20:15:48 | 000,000,000 | ---D | C] -- C:\Users\Gil\AppData\Roaming\AVG
[2012/03/12 20:15:33 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/03/12 17:20:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/03/12 17:20:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/03/12 17:20:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/03/12 17:20:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/03/12 17:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/03/12 17:19:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/03/12 17:18:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/03/12 17:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/03/12 16:52:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1-Click PC Fix v4
[2012/03/12 16:52:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Anti-phishing Domain Advisor
[2012/03/12 12:11:50 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/03/12 04:07:54 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/03/09 11:50:27 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2012/03/09 11:50:26 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2012/03/09 11:44:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
[2012/03/09 05:19:27 | 000,000,000 | ---D | C] -- C:\Users\Gil\AppData\Roaming\Mozilla
[2012/03/08 16:10:33 | 000,000,000 | ---D | C] -- C:\Down
[2012/03/08 16:10:09 | 000,000,000 | ---D | C] -- C:\Perfect World Entertainment
[2012/03/08 16:09:55 | 000,000,000 | ---D | C] -- C:\Windyzone
[2012/03/08 16:08:17 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2012/03/08 16:08:17 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2012/03/08 16:08:17 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2012/03/08 16:08:17 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2012/03/08 16:08:16 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2012/03/08 16:08:16 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2012/03/08 16:08:15 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2012/03/08 16:08:15 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2012/03/08 16:08:15 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2012/03/08 16:08:15 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2012/03/08 16:08:15 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2012/03/08 16:08:15 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2012/03/08 16:08:15 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2012/03/08 16:08:14 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2012/03/08 16:08:13 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2012/03/08 16:08:13 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2012/03/08 16:08:13 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2012/03/08 16:08:13 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2012/03/08 16:08:13 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2012/03/08 16:08:13 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2012/03/08 16:08:13 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2012/03/08 16:08:13 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2012/03/08 16:08:12 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2012/03/08 16:08:12 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2012/03/08 16:08:12 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2012/03/08 16:08:12 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2012/03/08 16:08:12 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2012/03/08 16:08:12 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2012/03/08 16:08:10 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2012/03/08 16:08:10 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2012/03/08 16:08:10 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2012/03/08 16:08:10 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2012/03/08 16:08:10 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2012/03/08 16:08:10 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2012/03/08 16:08:09 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2012/03/08 16:08:09 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2012/03/08 16:08:09 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2012/03/08 16:08:09 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2012/03/08 16:08:09 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2012/03/08 16:08:09 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2012/03/08 16:08:08 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2012/03/08 16:08:08 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2012/03/08 16:08:07 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2012/03/08 16:08:07 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2012/03/08 16:08:07 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2012/03/08 16:08:07 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2012/03/08 16:08:07 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2012/03/08 16:08:07 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2012/03/08 16:08:07 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2012/03/08 16:08:07 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2012/03/08 16:08:06 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2012/03/08 16:08:06 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2012/03/08 16:08:06 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2012/03/08 16:08:06 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2012/03/08 16:08:05 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2012/03/08 16:08:05 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2012/03/08 16:08:05 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2012/03/08 16:08:05 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2012/03/08 16:08:05 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2012/03/08 16:08:05 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2012/03/08 16:08:05 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2012/03/08 16:08:05 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2012/03/08 16:08:05 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2012/03/08 16:08:05 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2012/03/08 16:08:04 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2012/03/08 16:08:04 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2012/03/08 16:08:04 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2012/03/08 16:08:04 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2012/03/08 16:08:04 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2012/03/08 16:08:04 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2012/03/08 16:08:03 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2012/03/08 16:08:03 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2012/03/08 16:08:03 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2012/03/08 16:08:03 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2012/03/08 16:08:02 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2012/03/08 16:08:02 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2012/03/08 16:08:02 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2012/03/08 16:08:02 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2012/03/08 16:08:02 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2012/03/08 16:08:02 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2012/03/08 16:08:02 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2012/03/08 16:08:02 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2012/03/08 16:08:02 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2012/03/08 16:08:02 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2012/03/08 16:08:01 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2012/03/08 16:08:01 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2012/03/08 16:08:01 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2012/03/08 16:08:01 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2012/03/08 16:08:00 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2012/03/08 16:08:00 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2012/03/08 16:07:59 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2012/03/08 16:07:59 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2012/03/08 16:07:59 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2012/03/08 16:07:59 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2012/03/08 16:07:59 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2012/03/08 16:07:59 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2012/03/08 16:07:59 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2012/03/08 16:07:59 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2012/03/08 16:07:59 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2012/03/08 16:07:59 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2012/03/08 16:07:57 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2012/03/08 16:07:57 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2012/03/08 16:07:57 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2012/03/08 16:07:57 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2012/03/08 16:07:56 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2012/03/08 16:07:56 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2012/03/08 16:07:56 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2012/03/08 16:07:56 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2012/03/08 16:07:55 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2012/03/08 16:07:55 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2012/03/08 16:07:54 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2012/03/08 16:07:54 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2012/03/08 16:07:54 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2012/03/08 16:07:54 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2012/03/08 16:07:54 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2012/03/08 16:07:54 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2012/03/08 16:07:53 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2012/03/08 16:07:53 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2012/03/08 16:07:52 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2012/03/08 16:07:52 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2012/03/08 16:07:52 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2012/03/08 16:07:52 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2012/03/08 16:07:51 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2012/03/08 16:07:51 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2012/03/08 16:07:51 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2012/03/08 16:07:51 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2012/03/08 16:07:50 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2012/03/08 16:07:50 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2012/03/08 16:07:49 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2012/03/08 16:07:49 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2012/03/08 16:07:48 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2012/03/08 16:07:48 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2012/03/08 16:07:48 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2012/03/08 16:07:48 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2012/03/08 16:07:48 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2012/03/08 16:07:48 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2012/03/08 16:07:47 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2012/03/08 16:07:47 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2012/03/08 16:07:46 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2012/03/08 16:07:46 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2012/03/08 16:07:46 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2012/03/08 16:07:46 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2012/03/08 16:07:46 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2012/03/08 16:07:46 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2012/03/08 16:07:45 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2012/03/08 16:07:45 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2012/03/08 16:07:44 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2012/03/08 16:07:44 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2012/03/08 16:07:44 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2012/03/08 16:07:44 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2012/03/08 16:07:44 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2012/03/08 16:07:44 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2012/03/08 16:07:43 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2012/03/08 16:07:43 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2012/03/08 16:07:43 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2012/03/08 16:07:43 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2012/03/08 16:07:41 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2012/03/08 16:07:41 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2012/03/08 16:07:41 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2012/03/08 16:07:41 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2012/03/08 16:07:40 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2012/03/08 16:07:40 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2012/03/08 16:07:36 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2012/03/08 16:07:36 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2012/03/08 16:07:35 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2012/03/08 16:07:35 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2012/03/08 16:07:35 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2012/03/08 16:07:35 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2012/03/08 16:07:34 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2012/03/08 16:07:34 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2012/03/08 16:07:34 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2012/03/08 16:07:34 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2012/03/08 16:07:33 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2012/03/08 16:07:33 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2012/03/08 16:07:32 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2012/03/08 16:07:32 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2012/03/08 16:07:31 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2012/03/08 16:07:31 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2012/03/08 16:07:30 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2012/03/08 16:07:30 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2012/03/01 14:38:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed

========== Files - Modified Within 30 Days ==========

[2012/03/16 23:27:13 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Gil\Desktop\OTL.exe
[2012/03/16 23:19:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1538932294-3402737851-985490036-1000UA.job
[2012/03/16 18:51:05 | 092,030,579 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/03/16 15:21:11 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/16 15:21:11 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/16 15:19:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1538932294-3402737851-985490036-1000Core.job
[2012/03/16 15:13:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/16 15:13:41 | 1602,613,248 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/16 15:06:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/16 12:32:24 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Gil\Desktop\aswMBR.exe
[2012/03/16 12:10:27 | 000,730,532 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/16 12:10:27 | 000,627,354 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/16 12:10:27 | 000,107,638 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/16 11:55:17 | 003,024,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/16 11:46:21 | 004,438,270 | R--- | M] (Swearware) -- C:\Users\Gil\Desktop\ComboFix.exe
[2012/03/15 17:35:18 | 000,032,428 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/03/15 15:35:09 | 000,294,216 | ---- | M] () -- C:\Users\Gil\Desktop\gmer.zip
[2012/03/15 15:31:47 | 000,003,871 | ---- | M] () -- C:\Users\Gil\Desktop\Attach.zip
[2012/03/15 15:28:25 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Gil\Desktop\dds.scr
[2012/03/15 14:55:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/03/15 14:55:34 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/15 14:55:34 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/15 14:55:34 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/14 15:24:30 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/03/14 11:27:27 | 000,001,166 | ---- | M] () -- C:\Users\Gil\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2012/03/14 03:00:08 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/03/14 02:49:04 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/03/12 16:59:05 | 000,000,897 | ---- | M] () -- C:\Windows\IntIgn0xF28456.dat
[2012/03/12 16:41:09 | 000,744,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/12 15:25:35 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
[2012/03/12 12:30:27 | 000,002,385 | ---- | M] () -- C:\Users\Gil\Desktop\Google Chrome.lnk
[2012/03/09 11:50:33 | 000,001,836 | ---- | M] () -- C:\Users\Public\Desktop\RustyHearts.lnk
[2012/03/01 14:38:21 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/16 23:38:26 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/02/16 22:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll

========== Files Created - No Company Name ==========

[2012/03/16 18:51:05 | 092,030,579 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/03/16 11:47:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/16 11:47:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/16 11:47:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/16 11:47:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/16 11:47:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/15 17:35:17 | 000,032,428 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/03/15 15:34:35 | 000,294,216 | ---- | C] () -- C:\Users\Gil\Desktop\gmer.zip
[2012/03/15 15:31:47 | 000,003,871 | ---- | C] () -- C:\Users\Gil\Desktop\Attach.zip
[2012/03/14 11:27:27 | 000,001,166 | ---- | C] () -- C:\Users\Gil\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2012/03/14 03:00:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/03/14 02:49:04 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/03/12 16:59:05 | 000,000,897 | ---- | C] () -- C:\Windows\IntIgn0xF28456.dat
[2012/03/12 16:41:09 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/12 15:25:35 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2012/03/09 11:50:33 | 000,001,836 | ---- | C] () -- C:\Users\Public\Desktop\RustyHearts.lnk
[2010/10/14 18:29:08 | 000,007,605 | ---- | C] () -- C:\Users\Gil\AppData\Local\Resmon.ResmonCfg

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:04 AM

Posted 17 March 2012 - 05:00 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
    O2 - BHO: (Updater For Spam Free Search Bar) - {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll File not found
    O2 - BHO: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll File not found
    O3 - HKLM\..\Toolbar: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll File not found
    O4 - HKU\S-1-5-21-1538932294-3402737851-985490036-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0B4227B4   
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 GTL

GTL
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 17 March 2012 - 12:01 PM

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@nexon.net/NxGame\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26c9e18c-3717-4be1-a225-04e4471f5b6e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26c9e18c-3717-4be1-a225-04e4471f5b6e}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{26c9e18c-3717-4be1-a225-04e4471f5b6e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26c9e18c-3717-4be1-a225-04e4471f5b6e}\ not found.
Registry value HKEY_USERS\S-1-5-21-1538932294-3402737851-985490036-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Gil\Desktop\cmd.bat deleted successfully.
C:\Users\Gil\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Gil
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Gil
->Flash cache emptied: 4297 bytes

This however, didn't work. I did a search and it redirected me to a yellowpages page.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:04 AM

Posted 17 March 2012 - 03:00 PM

Hello


Does this happen to all browsers or only happens on one.


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 GTL

GTL
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 17 March 2012 - 03:35 PM

As faras I know yes. But I usually use chrome and that's where the problem exist.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:04 AM

Posted 17 March 2012 - 03:41 PM

Can you test it for me because that would tell us what we do next


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users