Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple systems crashes, BlueScreenofDeath, unauthorized program/toolbar downloads AND more...H E L P !


  • This topic is locked This topic is locked
30 replies to this topic

#1 phulltillt

phulltillt

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southern California, USA
  • Local time:05:54 PM

Posted 28 May 2012 - 12:01 AM

In middle April this computer unexpectedly crashed, would not allow access to the D:\ system and I did a clean OS install. Since then every computer (and ROKU player) attached to my Verizon Westell VersaLink model 326w has crashed and only a clean install would breath life into them. The hardest hit was my old reliable DELL Dimension 4300, one by one, everything but the still working floppy drive and the C:\ drive which is inaccessable. CD and DVD drives spin up and lights blink as does the hard drive.

Once again this computer is showing symptoms and today had two BlueScreenofDeath restarts. After restoring 5 computers in as many weeks my brain feels like a steaming puddle of brown stuff. Not to sound paranoid but this feels as if it's a personal attack. This and all other computers ran slow and had many Internet Explorer (Not Responding) troubles, files named "blekko" and the unwanted "Search.com" toolbar installed without asking.

Thank You in advance for your much appreciated help...

Judie


909090...J



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1
Run by David Higginbotham at 18:12:05 on 2012-05-27
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.426 [GMT -7:00]
.
AV: Trend Micro Titanium Maximum Security 2012 *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\QUALCOMM\QDLService\QDLService.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\PLFSetL.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\David Higginbotham\Local Settings\Temporary Internet Files\Content.IE5\BO3GP4VJ\Defogger[1].exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\progra~1\yahoo!


\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common


files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\2.0.1313


\6.8.1078\TmIEPlg.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Search.com Bar: {80987362-6216-49bc-98e4-77e6cf71a5d7} - c:\program files\searchcom_001\searchcom_001X.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft


shared\windows live\WindowsLiveLogin.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\7.1.1102


\7.1.1102\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1


runtime\bin\jp2ssv.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: Search.com Bar: {80987362-6216-49bc-98e4-77e6cf71a5d7} - c:\program files\searchcom_001\searchcom_001X.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [snp2uvc] rundll32.exe c:\windows\system32\csnp2uvc.dll,ResetCIDS
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Anti-phishing Domain Advisor] "c:\documents and settings\all users\application data\anti-phishing domain


advisor\visicom_antiphishing.exe"
mRun: [Trend Micro Titanium] "c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe" -set Silent "1" SplashURL ""
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [OE] "c:\program files\trend micro\titanium\plugin\tmas\tmas_oe\TMAS_OEMon.exe"
mRun: [WLM] "c:\program files\trend micro\titanium\plugin\tmas\tmas_wlm\TMAS_WLMMon.exe"
StartupFolder: c:\docume~1\davidh~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12


\ONENOTEM.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows


live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12


\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12


\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{22A9790C-3E9F-4C31-8E97-FB7766F4D9F9} : DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\7.1.1102\7.1.1102


\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1078


\TmIEPlg.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - c:\program files\trend


micro\titanium\uiframework\ProToolbarIMRatingActiveX.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2012-5-20 68368]
R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2012-5-20 200632]
R2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\qdlservice\QDLService.exe [2008-11-10 345336]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-6-


17 38912]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s


"norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program

files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-6-17 1684736]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-5-22 40776]
S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}


\norton\definitions\virusdefs\20080829.024\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-

0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\NAVENG.SYS [?]
S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}


\norton\definitions\virusdefs\20080829.024\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-

0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\NAVEX15.SYS [?]
S3 QCFilterGAD;Gobi AD USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterGAD.sys [2012-4-20 5248]
S3 qcusbnetGAD;Gobi AD USB-NDIS miniport;c:\windows\system32\drivers\qcusbnetGAD.sys [2012-4-20 115200]
S3 qcusbserGAD;Gobi AD USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserGAD.sys [2012-4-20


103680]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-6-17 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]
.
=============== Created Last 30 ================
.
2012-05-27 22:09:00 84752 ----a-w- c:\windows\system32\drivers\tmeext.sys
2012-05-27 22:08:59 171280 ----a-w- c:\windows\system32\drivers\tmnciesc.sys
2012-05-26 00:26:14 5632 ----a-w- c:\windows\system32\ptpusb.dll
2012-05-26 00:26:13 159232 ----a-w- c:\windows\system32\ptpusd.dll
2012-05-26 00:26:12 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-05-26 00:26:12 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-05-25 06:55:03 -------- d-----w- c:\program files\PurePlay
2012-05-24 04:35:02 -------- d-----w- c:\program files\Microsoft
2012-05-23 16:32:29 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-05-22 11:13:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-05-22 11:11:27 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-21 21:28:47 -------- d-----w- c:\documents and settings\david higginbotham\local settings\application data\Sun
2012-05-21 02:18:48 -------- d-----w- c:\program files\Oracle
2012-05-21 02:18:28 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-21 02:18:28 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-21 02:18:28 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-20 13:03:21 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2012-05-20 13:03:17 81168 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2012-05-20 13:03:17 68368 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-05-20 13:03:17 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-05-19 10:09:09 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-05-19 10:08:39 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-05-19 10:08:39 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-05-19 10:08:39 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-05-19 10:08:39 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-05-19 10:08:39 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-05-19 10:08:39 117760 ------w- c:\windows\system32\prntvpt.dll
2012-05-19 10:08:38 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2012-05-19 10:08:38 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-05-19 10:08:35 -------- d-----w- C:\4203e670695b65b7867d89
2012-05-19 10:01:10 -------- d-----w- C:\98c51fe54d96a39d6b
2012-05-19 10:00:36 -------- d-----w- C:\86dd3b853a00526e1e3fe4163712b4
2012-05-17 23:11:28 -------- d-----w- c:\documents and settings\all users\application data\blekko toolbars
2012-05-17 23:11:21 -------- d-----w- c:\documents and settings\david higginbotham\application data\searchcom_001
2012-05-17 23:11:19 -------- d-----w- c:\program files\searchcom_001
2012-05-17 23:11:18 -------- d-----w- c:\documents and settings\david higginbotham\local settings\application


data\searchcom_001
2012-05-17 23:11:07 -------- d-----w- c:\documents and settings\all users\application data\Anti-phishing Domain Advisor
2012-05-17 23:11:02 -------- d-----w- c:\program files\Yontoo
2012-05-17 23:10:59 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2012-05-16 23:03:01 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-05-16 23:03:01 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-16 03:40:37 -------- d-----w- c:\documents and settings\david higginbotham\application data\Malwarebytes
2012-05-16 03:39:35 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-05-16 03:39:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-15 03:15:10 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlc4CF.tmp
2012-05-14 23:28:45 -------- d-----w- c:\documents and settings\all users\application data\PurePlay
2012-05-14 16:13:46 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-14 16:13:46 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-14 15:29:40 -------- d-----w- c:\documents and settings\david higginbotham\local settings\application data\Adobe
2012-05-14 10:47:23 -------- d-----w- c:\windows\ServicePackFiles
2012-05-14 03:24:40 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-05-14 03:24:40 3072 ------w- c:\windows\system32\iacenc.dll
2012-05-14 03:21:27 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2012-05-14 03:17:31 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2012-05-14 02:53:58 -------- d-----w- c:\program files\Launch Manager
2012-05-09 19:10:21 -------- d-----w- c:\program files\Dell
2012-05-05 06:23:12 -------- d-----w- c:\windows\pss
2012-05-04 16:05:56 -------- d-----w- c:\program files\Conduit
2012-05-04 16:05:54 -------- d-----w- c:\documents and settings\david higginbotham\local settings\application


data\Conduit_Apps
2012-05-04 16:05:52 -------- d-----w- c:\documents and settings\david higginbotham\local settings\application data\Conduit
2012-05-02 17:21:51 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlc10.tmp
2012-04-29 11:39:45 -------- d-----w- c:\documents and settings\david higginbotham\local settings\application


data\Identities
2012-04-28 18:47:50 -------- d-----w- c:\program files\Belarc
2012-04-28 17:45:59 -------- d-----w- c:\documents and settings\david higginbotham\local settings\application


data\Microsoft Corporation
2012-04-28 17:44:34 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2012-04-28 16:24:07 -------- d-----w- c:\program files\Hijack This
2012-04-28 07:49:36 -------- d-----w- c:\documents and settings\david higginbotham\application data\WildTangent
.
==================== Find3M ====================
.
2012-05-20 13:01:57 56 ----a-w- c:\windows\system32\SupportTool.exe.bat
2012-04-20 15:03:59 2942 ----a-w- c:\windows\CLEANUP.CMD
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k(2)(2).sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust(2).dll
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust(2)(2).dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp(2).dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp(2)(2).dll
2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 18:14:26.35 ===============


Attached Files


[font=Verdana][size=4][color=#660000]"Observed knowledge is lost if it isn't shared!"

BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:54 AM

Posted 30 May 2012 - 03:06 PM

Hello and welcome to BleepingComputer! :)



I am Elle and I will be helping you out with your problem. Firstly, you should know that we are working with specific tools which are used to identify the possible threats present on your system so I will analyze the results they produce.


As a start we need to have some more up-to-date logs than the ones you have already provided. The current state of the files on your system might have changed so we need to get a clear look on that aspect. DO NOT bring any changes to the system except the ones I tell you to as that may produce more damage than helping us.

If you will encounter a delay of over 2 days from me, please don't hesitate and private message me (link in the signature).
Do not forget to check your topic periodically and subscribe to it so that you can receive notifications regarding my replies.



Please generate another DDS log (download it from here if you haven't already) and post it in your next reply along with other changes that may have occured since you last posted.
Also download and run GMER from this link: GMER download link.



Thank you very much for your patience.




Regards,

Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 phulltillt

phulltillt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southern California, USA
  • Local time:05:54 PM

Posted 30 May 2012 - 09:23 PM

Hi Elle...thanks for responding!

I had two blue screens today and found my Lexar memory stick was pushed in...took it out and computer started right up. It's out now and here are the scans you requested.

Judie :busy: 909090...J

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1
Run by David Higginbotham at 17:53:46 on 2012-05-30
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.432 [GMT -7:00]
.
AV: Trend Micro Titanium Maximum Security 2012 *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\QUALCOMM\QDLService\QDLService.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\PLFSetL.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Search.com Bar: {80987362-6216-49bc-98e4-77e6cf71a5d7} - c:\program files\searchcom_001\searchcom_001X.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: Search.com Bar: {80987362-6216-49bc-98e4-77e6cf71a5d7} - c:\program files\searchcom_001\searchcom_001X.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [snp2uvc] rundll32.exe c:\windows\system32\csnp2uvc.dll,ResetCIDS
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Anti-phishing Domain Advisor] "c:\documents and settings\all users\application data\anti-phishing domain advisor\visicom_antiphishing.exe"
mRun: [Trend Micro Titanium] "c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe" -set Silent "1" SplashURL ""
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [OE] "c:\program files\trend micro\titanium\plugin\tmas\tmas_oe\TMAS_OEMon.exe"
mRun: [WLM] "c:\program files\trend micro\titanium\plugin\tmas\tmas_wlm\TMAS_WLMMon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\davidh~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{22A9790C-3E9F-4C31-8E97-FB7766F4D9F9} : DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - c:\program files\trend micro\titanium\uiframework\ProToolbarIMRatingActiveX.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2012-5-20 68368]
R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2012-5-20 200632]
R2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\qdlservice\QDLService.exe [2008-11-10 345336]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-6-17 38912]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-6-17 1684736]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-5-22 40776]
S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\NAVENG.SYS [?]
S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\NAVEX15.SYS [?]
S3 QCFilterGAD;Gobi AD USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterGAD.sys [2012-4-20 5248]
S3 qcusbnetGAD;Gobi AD USB-NDIS miniport;c:\windows\system32\drivers\qcusbnetGAD.sys [2012-4-20 115200]
S3 qcusbserGAD;Gobi AD USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserGAD.sys [2012-4-20 103680]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-6-17 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]
.
=============== Created Last 30 ================
.
2012-05-28 15:39:23 84752 ----a-w- c:\windows\system32\drivers\tmeext.sys
2012-05-28 15:39:20 171280 ----a-w- c:\windows\system32\drivers\tmnciesc.sys
2012-05-28 03:52:51 -------- d-----w- c:\documents and settings\david higginbotham\local settings\application data\Windows Live Writer
2012-05-28 03:52:51 -------- d-----w- c:\documents and settings\david higginbotham\application data\Windows Live Writer
2012-05-26 00:26:14 5632 ----a-w- c:\windows\system32\ptpusb.dll
2012-05-26 00:26:13 159232 ----a-w- c:\windows\system32\ptpusd.dll
2012-05-26 00:26:12 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-05-26 00:26:12 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-05-25 06:55:03 -------- d-----w- c:\program files\PurePlay
2012-05-24 04:35:02 -------- d-----w- c:\program files\Microsoft
2012-05-23 16:32:29 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-05-22 11:13:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-05-22 11:11:27 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-21 21:28:47 -------- d-----w- c:\documents and settings\david higginbotham\local settings\application data\Sun
2012-05-21 02:18:48 -------- d-----w- c:\program files\Oracle
2012-05-21 02:18:28 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-21 02:18:28 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-21 02:18:28 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-20 13:03:21 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2012-05-20 13:03:17 81168 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2012-05-20 13:03:17 68368 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-05-20 13:03:17 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-05-19 10:09:09 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-05-19 10:08:39 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-05-19 10:08:39 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-05-19 10:08:39 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-05-19 10:08:39 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-05-19 10:08:39 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-05-19 10:08:39 117760 ------w- c:\windows\system32\prntvpt.dll
2012-05-19 10:08:38 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2012-05-19 10:08:38 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-05-19 10:08:35 -------- d-----w- C:\4203e670695b65b7867d89
2012-05-19 10:01:10 -------- d-----w- C:\98c51fe54d96a39d6b
2012-05-19 10:00:36 -------- d-----w- C:\86dd3b853a00526e1e3fe4163712b4
2012-05-17 23:11:28 -------- d-----w- c:\documents and settings\all users\application data\blekko toolbars
2012-05-17 23:11:21 -------- d-----w- c:\documents and settings\david higginbotham\application data\searchcom_001
2012-05-17 23:11:19 -------- d-----w- c:\program files\searchcom_001
2012-05-17 23:11:18 -------- d-----w- c:\documents and settings\david higginbotham\local settings\application data\searchcom_001
2012-05-17 23:11:07 -------- d-----w- c:\documents and settings\all users\application data\Anti-phishing Domain Advisor
2012-05-17 23:11:02 -------- d-----w- c:\program files\Yontoo
2012-05-17 23:10:59 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2012-05-16 23:03:01 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-05-16 23:03:01 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-16 03:40:37 -------- d-----w- c:\documents and settings\david higginbotham\application data\Malwarebytes
2012-05-16 03:39:35 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-05-16 03:39:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-15 03:15:10 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlc4CF.tmp
2012-05-14 23:28:45 -------- d-----w- c:\documents and settings\all users\application data\PurePlay
2012-05-14 16:13:46 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-14 16:13:46 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-14 15:29:40 -------- d-----w- c:\documents and settings\david higginbotham\local settings\application data\Adobe
2012-05-14 10:47:23 -------- d-----w- c:\windows\ServicePackFiles
2012-05-14 03:24:40 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-05-14 03:24:40 3072 ------w- c:\windows\system32\iacenc.dll
2012-05-14 03:21:27 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2012-05-14 03:17:31 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2012-05-14 02:53:58 -------- d-----w- c:\program files\Launch Manager
2012-05-09 19:10:21 -------- d-----w- c:\program files\Dell
2012-05-05 06:23:12 -------- d-----w- c:\windows\pss
2012-05-04 16:05:56 -------- d-----w- c:\program files\Conduit
2012-05-04 16:05:54 -------- d-----w- c:\documents and settings\david higginbotham\local settings\application data\Conduit_Apps
2012-05-04 16:05:52 -------- d-----w- c:\documents and settings\david higginbotham\local settings\application data\Conduit
2012-05-02 17:21:51 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlc10.tmp
.
==================== Find3M ====================
.
2012-05-20 13:01:57 56 ----a-w- c:\windows\system32\SupportTool.exe.bat
2012-04-20 15:03:59 2942 ----a-w- c:\windows\CLEANUP.CMD
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k(2)(2).sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 17:55:57.95 ===============



[font=Verdana][size=4][color=#660000]"Observed knowledge is lost if it isn't shared!"

#4 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:54 AM

Posted 01 June 2012 - 04:36 AM

Hi there,





Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.






Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#5 phulltillt

phulltillt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southern California, USA
  • Local time:05:54 PM

Posted 01 June 2012 - 05:28 AM

:busy: Here's the COMBOFIX.log...

ComboFix 12-06-01.01 - David Higginbotham 06/01/2012 3:00.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.566 [GMT -7:00]
Running from: c:\documents and settings\David Higginbotham\Desktop\ComboFix.exe
AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Start Menu\Windows Live Messenger .lnk
.
.
((((((((((((((((((((((((( Files Created from 2012-05-01 to 2012-06-01 )))))))))))))))))))))))))))))))
.
.
2012-05-30 14:54 . 2012-05-30 14:54 -------- d-----w- c:\documents and settings\David Higginbotham\Application Data\Template
2012-05-28 15:39 . 2012-05-20 12:55 84752 ----a-w- c:\windows\system32\drivers\tmeext.sys
2012-05-28 15:39 . 2012-05-20 12:55 171280 ----a-w- c:\windows\system32\drivers\tmnciesc.sys
2012-05-28 03:52 . 2012-05-28 03:52 -------- d-----w- c:\documents and settings\David Higginbotham\Local Settings\Application Data\Windows Live Writer
2012-05-28 03:52 . 2012-05-28 03:52 -------- d-----w- c:\documents and settings\David Higginbotham\Application Data\Windows Live Writer
2012-05-26 00:26 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2012-05-26 00:26 . 2008-04-14 12:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2012-05-26 00:26 . 2008-04-14 07:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-05-26 00:26 . 2008-04-14 07:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-05-25 06:55 . 2012-05-25 06:55 -------- d-----w- c:\program files\PurePlay
2012-05-24 04:35 . 2012-05-24 04:35 -------- d-----w- c:\program files\Microsoft
2012-05-23 16:32 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-05-22 11:11 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-21 21:28 . 2012-05-21 21:28 -------- d-----w- c:\documents and settings\David Higginbotham\Local Settings\Application Data\Sun
2012-05-21 02:20 . 2012-05-21 02:20 -------- d-----w- c:\program files\Common Files\Java
2012-05-21 02:18 . 2012-05-21 02:18 -------- d-----w- c:\program files\Oracle
2012-05-21 02:18 . 2012-05-21 02:18 -------- d-----w- c:\documents and settings\David Higginbotham\Application Data\Oracle
2012-05-21 02:18 . 2012-04-05 01:47 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-21 02:18 . 2012-04-05 01:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-21 02:18 . 2012-04-05 01:47 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-21 02:17 . 2012-05-21 02:17 -------- d-----w- c:\program files\Java
2012-05-20 13:03 . 2012-05-20 12:55 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2012-05-20 13:03 . 2012-05-20 12:55 81168 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2012-05-20 13:03 . 2012-05-20 12:55 68368 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-05-20 13:03 . 2012-05-20 12:55 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-05-19 10:09 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-05-19 10:08 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-05-19 10:08 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-05-19 10:08 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-05-19 10:08 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2012-05-19 10:08 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-05-19 10:08 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-05-19 10:08 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2012-05-19 10:08 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-05-19 10:08 . 2012-05-19 10:09 -------- d-----w- C:\4203e670695b65b7867d89
2012-05-19 10:01 . 2012-05-19 10:01 -------- d-----w- C:\98c51fe54d96a39d6b
2012-05-19 10:00 . 2012-05-19 10:01 -------- d-----w- C:\86dd3b853a00526e1e3fe4163712b4
2012-05-17 23:11 . 2012-05-17 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\blekko toolbars
2012-05-17 23:11 . 2012-05-17 23:48 -------- d-----w- c:\documents and settings\David Higginbotham\Application Data\searchcom_001
2012-05-17 23:11 . 2012-05-17 23:11 -------- d-----w- c:\program files\searchcom_001
2012-05-17 23:11 . 2012-05-17 23:11 -------- d-----w- c:\documents and settings\David Higginbotham\Local Settings\Application Data\searchcom_001
2012-05-17 23:11 . 2012-06-01 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor
2012-05-17 23:11 . 2012-05-17 23:11 -------- d-----w- c:\program files\Yontoo
2012-05-17 23:10 . 2012-05-17 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2012-05-16 23:03 . 2012-05-16 23:03 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-16 03:40 . 2012-05-16 03:40 -------- d-----w- c:\documents and settings\David Higginbotham\Application Data\Malwarebytes
2012-05-16 03:39 . 2012-05-16 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-05-16 03:39 . 2012-05-22 11:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-15 03:15 . 2012-05-15 03:15 83249512 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlc4CF.tmp
2012-05-14 23:28 . 2012-05-14 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PurePlay
2012-05-14 16:13 . 2012-05-14 16:27 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-14 16:13 . 2012-05-14 16:27 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-14 15:29 . 2012-06-01 00:14 -------- d-----w- c:\documents and settings\David Higginbotham\Local Settings\Application Data\Adobe
2012-05-14 14:50 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2012-05-14 10:47 . 2012-05-14 10:47 -------- d-----w- c:\windows\ServicePackFiles
2012-05-14 03:24 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-05-14 03:24 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-05-14 03:21 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2012-05-14 03:17 . 2008-04-14 12:00 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2012-05-14 02:53 . 2012-05-14 02:53 -------- d-----w- c:\program files\Launch Manager
2012-05-09 19:10 . 2012-05-09 19:10 -------- d-----w- c:\program files\Dell
2012-05-04 16:05 . 2012-05-14 02:57 -------- d-----w- c:\program files\Conduit
2012-05-04 16:05 . 2012-05-14 02:57 -------- d-----w- c:\documents and settings\David Higginbotham\Local Settings\Application Data\Conduit
2012-05-02 17:21 . 2012-05-02 17:21 83249512 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlc10.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-20 13:01 . 2012-04-20 17:47 56 ----a-w- c:\windows\system32\SupportTool.exe.bat
2012-04-20 15:03 . 2009-06-17 17:49 2942 ----a-w- c:\windows\CLEANUP.CMD
2012-04-11 13:14 . 2008-04-14 00:54 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2009-06-17 17:48 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:12 . 2009-06-17 17:48 1862272 ----a-w- c:\windows\system32\win32k(2)(2).sys
2012-04-11 12:35 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-03-21 1523512]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{80987362-6216-49bc-98e4-77e6cf71a5d7}]
2012-03-01 21:00 85288 ----a-w- c:\program files\searchcom_001\searchcom_001X.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{80987362-6216-49bc-98e4-77e6cf71a5d7}"= "c:\program files\searchcom_001\searchcom_001X.dll" [2012-03-01 85288]
.
[HKEY_CLASSES_ROOT\clsid\{80987362-6216-49bc-98e4-77e6cf71a5d7}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-24 17529856]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2009-01-17 862728]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2009-02-17 196608]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-03-01 232616]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 133424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\documents and settings\David Higginbotham\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
R1 tmeext;tmeext;c:\windows\system32\drivers\tmeext.sys [5/28/2012 8:39 AM 84752]
R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [5/20/2012 6:03 AM 68368]
R2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\QDLService\QDLService.exe [11/10/2008 12:43 AM 345336]
R2 tmnciesc;tmnciesc;c:\windows\system32\drivers\tmnciesc.sys [5/28/2012 8:39 AM 171280]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [6/17/2009 10:49 AM 38912]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [5/20/2012 6:01 AM 200632]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/17/2009 11:25 AM 1684736]
S3 QCFilterGAD;Gobi AD USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterGAD.sys [4/20/2012 8:02 AM 5248]
S3 qcusbnetGAD;Gobi AD USB-NDIS miniport;c:\windows\system32\drivers\qcusbnetGAD.sys [4/20/2012 8:02 AM 115200]
S3 qcusbserGAD;Gobi AD USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserGAD.sys [4/20/2012 8:02 AM 103680]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [6/17/2009 11:24 AM 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 7:03 PM 32408]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - kfddakod
*Deregistered* - MBAMSwissArmy
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 16:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-01 03:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1161744426-4065617495-2210005112-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2012-06-01 03:23:10
ComboFix-quarantined-files.txt 2012-06-01 10:23
.
Pre-Run: 113,191,874,560 bytes free
Post-Run: 114,339,827,712 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - E966F3D8145AD0C8C2C64B7A50B8D3F9


The computer is still slow and only a restart will speed it up...for a time.

Judie


909090...J

[font=Verdana][size=4][color=#660000]"Observed knowledge is lost if it isn't shared!"

#6 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:54 AM

Posted 02 June 2012 - 06:29 AM

Hi there,



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:


Folder::
c:\documents and settings\all users\application data\blekko toolbars
c:\documents and settings\david higginbotham\application data\searchcom_001
c:\program files\searchcom_001
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{80987362-6216-49bc-98e4-77e6cf71a5d7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{80987362-6216-49bc-98e4-77e6cf71a5d7}"=-

[-HKEY_CLASSES_ROOT\clsid\{80987362-6216-49bc-98e4-77e6cf71a5d7}]





Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.






Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#7 phulltillt

phulltillt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southern California, USA
  • Local time:05:54 PM

Posted 02 June 2012 - 12:31 PM

Good Morning Elle,

In the last four days several of my puter pals have said I am not the only one with these same symptoms and from the head count we all subscribe to Verizon's economy DSL service. I haven't noticed any real improvement and caught a quick flash of a redirector page.

Thanks for all your help :busy:

Judie


909090...J

ADDED...a quick question...are we doing anything that would cause my IE settings to change every day from default level to custom???

ComboFix 12-06-01.01 - David Higginbotham 06/02/2012 9:57.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.622 [GMT -7:00]
Running from: c:\documents and settings\David Higginbotham\Desktop\ComboFix.exe
AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-02 to 2012-06-02 )))))))))))))))))))))))))))))))
.
.
2012-06-01 23:19 . 2012-06-01 23:19 -------- d-----w- c:\documents and settings\Judie
2012-05-30 14:54 . 2012-05-30 14:54 -------- d-----w- c:\documents and settings\David Higginbotham\Application Data\Template
2012-05-28 15:39 . 2012-05-20 12:55 84752 ----a-w- c:\windows\system32\drivers\tmeext.sys
2012-05-28 15:39 . 2012-05-20 12:55 171280 ----a-w- c:\windows\system32\drivers\tmnciesc.sys
2012-05-28 03:52 . 2012-05-28 03:52 -------- d-----w- c:\documents and settings\David Higginbotham\Local Settings\Application Data\Windows Live Writer
2012-05-28 03:52 . 2012-05-28 03:52 -------- d-----w- c:\documents and settings\David Higginbotham\Application Data\Windows Live Writer
2012-05-26 00:26 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2012-05-26 00:26 . 2008-04-14 12:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2012-05-26 00:26 . 2008-04-14 07:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-05-26 00:26 . 2008-04-14 07:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-05-25 06:55 . 2012-05-25 06:55 -------- d-----w- c:\program files\PurePlay
2012-05-24 04:35 . 2012-05-24 04:35 -------- d-----w- c:\program files\Microsoft
2012-05-23 16:32 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-05-22 11:11 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-21 21:28 . 2012-05-21 21:28 -------- d-----w- c:\documents and settings\David Higginbotham\Local Settings\Application Data\Sun
2012-05-21 02:20 . 2012-05-21 02:20 -------- d-----w- c:\program files\Common Files\Java
2012-05-21 02:18 . 2012-05-21 02:18 -------- d-----w- c:\program files\Oracle
2012-05-21 02:18 . 2012-05-21 02:18 -------- d-----w- c:\documents and settings\David Higginbotham\Application Data\Oracle
2012-05-21 02:18 . 2012-04-05 01:47 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-21 02:18 . 2012-04-05 01:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-21 02:18 . 2012-04-05 01:47 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-21 02:17 . 2012-05-21 02:17 -------- d-----w- c:\program files\Java
2012-05-20 13:03 . 2012-05-20 12:55 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2012-05-20 13:03 . 2012-05-20 12:55 81168 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2012-05-20 13:03 . 2012-05-20 12:55 68368 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-05-20 13:03 . 2012-05-20 12:55 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-05-19 10:09 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-05-19 10:08 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-05-19 10:08 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-05-19 10:08 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-05-19 10:08 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2012-05-19 10:08 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-05-19 10:08 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-05-19 10:08 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2012-05-19 10:08 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-05-19 10:08 . 2012-05-19 10:09 -------- d-----w- C:\4203e670695b65b7867d89
2012-05-19 10:01 . 2012-05-19 10:01 -------- d-----w- C:\98c51fe54d96a39d6b
2012-05-19 10:00 . 2012-05-19 10:01 -------- d-----w- C:\86dd3b853a00526e1e3fe4163712b4
2012-05-17 23:11 . 2012-05-17 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\blekko toolbars
2012-05-17 23:11 . 2012-05-17 23:48 -------- d-----w- c:\documents and settings\David Higginbotham\Application Data\searchcom_001
2012-05-17 23:11 . 2012-05-17 23:11 -------- d-----w- c:\program files\searchcom_001
2012-05-17 23:11 . 2012-05-17 23:11 -------- d-----w- c:\documents and settings\David Higginbotham\Local Settings\Application Data\searchcom_001
2012-05-17 23:11 . 2012-06-01 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor
2012-05-17 23:11 . 2012-05-17 23:11 -------- d-----w- c:\program files\Yontoo
2012-05-17 23:10 . 2012-05-17 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2012-05-16 23:03 . 2012-05-16 23:03 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-16 03:40 . 2012-05-16 03:40 -------- d-----w- c:\documents and settings\David Higginbotham\Application Data\Malwarebytes
2012-05-16 03:39 . 2012-05-16 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-05-16 03:39 . 2012-05-22 11:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-15 03:15 . 2012-05-15 03:15 83249512 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlc4CF.tmp
2012-05-14 23:28 . 2012-05-14 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PurePlay
2012-05-14 16:13 . 2012-05-14 16:27 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-14 16:13 . 2012-05-14 16:27 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-14 15:29 . 2012-06-01 00:14 -------- d-----w- c:\documents and settings\David Higginbotham\Local Settings\Application Data\Adobe
2012-05-14 14:50 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2012-05-14 10:47 . 2012-05-14 10:47 -------- d-----w- c:\windows\ServicePackFiles
2012-05-14 03:24 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-05-14 03:24 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-05-14 03:21 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2012-05-14 03:17 . 2008-04-14 12:00 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2012-05-14 02:53 . 2012-05-14 02:53 -------- d-----w- c:\program files\Launch Manager
2012-05-09 19:10 . 2012-05-09 19:10 -------- d-----w- c:\program files\Dell
2012-05-04 16:05 . 2012-05-14 02:57 -------- d-----w- c:\program files\Conduit
2012-05-04 16:05 . 2012-05-14 02:57 -------- d-----w- c:\documents and settings\David Higginbotham\Local Settings\Application Data\Conduit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-20 13:01 . 2012-04-20 17:47 56 ----a-w- c:\windows\system32\SupportTool.exe.bat
2012-04-20 15:03 . 2009-06-17 17:49 2942 ----a-w- c:\windows\CLEANUP.CMD
2012-04-11 13:14 . 2008-04-14 00:54 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2009-06-17 17:48 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:12 . 2009-06-17 17:48 1862272 ----a-w- c:\windows\system32\win32k(2)(2).sys
2012-04-11 12:35 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-01_10.17.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-02 00:32 . 2012-06-02 00:32 16384 c:\windows\Temp\Perflib_Perfdata_7cc.dat
+ 2012-06-02 00:32 . 2012-06-02 00:32 16384 c:\windows\Temp\Perflib_Perfdata_1b8.dat
+ 2009-06-17 17:48 . 2012-06-02 04:45 588238 c:\windows\system32\perfh009.dat
- 2009-06-17 17:48 . 2012-06-01 00:38 588238 c:\windows\system32\perfh009.dat
+ 2009-06-17 17:48 . 2012-06-02 04:45 118186 c:\windows\system32\perfc009.dat
- 2009-06-17 17:48 . 2012-06-01 00:38 118186 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-03-21 1523512]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{80987362-6216-49bc-98e4-77e6cf71a5d7}]
2012-03-01 21:00 85288 ----a-w- c:\program files\searchcom_001\searchcom_001X.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{80987362-6216-49bc-98e4-77e6cf71a5d7}"= "c:\program files\searchcom_001\searchcom_001X.dll" [2012-03-01 85288]
.
[HKEY_CLASSES_ROOT\clsid\{80987362-6216-49bc-98e4-77e6cf71a5d7}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-24 17529856]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2009-01-17 862728]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2009-02-17 196608]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-03-01 232616]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 133424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\documents and settings\David Higginbotham\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
R1 tmeext;tmeext;c:\windows\system32\drivers\tmeext.sys [5/28/2012 8:39 AM 84752]
R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [5/20/2012 6:03 AM 68368]
R2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\QDLService\QDLService.exe [11/10/2008 12:43 AM 345336]
R2 tmnciesc;tmnciesc;c:\windows\system32\drivers\tmnciesc.sys [5/28/2012 8:39 AM 171280]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [6/17/2009 10:49 AM 38912]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [6/17/2009 11:24 AM 162816]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [5/20/2012 6:01 AM 200632]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/17/2009 11:25 AM 1684736]
S3 QCFilterGAD;Gobi AD USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterGAD.sys [4/20/2012 8:02 AM 5248]
S3 qcusbnetGAD;Gobi AD USB-NDIS miniport;c:\windows\system32\drivers\qcusbnetGAD.sys [4/20/2012 8:02 AM 115200]
S3 qcusbserGAD;Gobi AD USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserGAD.sys [4/20/2012 8:02 AM 103680]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 7:03 PM 32408]
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 16:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-02 10:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1161744426-4065617495-2210005112-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2564)
c:\windows\system32\WININET.dll
c:\program files\Trend Micro\Titanium\Plugin\TMAS\TMAS_OE\TMAS_OEHook.dll
c:\windows\system32\ieframe.dll
c:\program files\Trend Micro\Titanium\plugin\TmvExt.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
c:\program files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-06-02 10:09:20
ComboFix-quarantined-files.txt 2012-06-02 17:09
ComboFix2.txt 2012-06-01 10:23
.
Pre-Run: 113,992,404,992 bytes free
Post-Run: 114,097,258,496 bytes free
.
- - End Of File - - C39CFECF9EC159D8C7A976762BEFE270

Edited by phulltillt, 02 June 2012 - 12:55 PM.

[font=Verdana][size=4][color=#660000]"Observed knowledge is lost if it isn't shared!"

#8 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:54 AM

Posted 04 June 2012 - 11:12 AM

Hi there,




You haven't created the CFScript.txt file and therefore nothing could be fixed. You need to drag the created CFScript.txt over Combofix.exe as instructed above. Please follow the instructions above as they are given. :)



ADDED...a quick question...are we doing anything that would cause my IE settings to change every day from default level to custom???

ComboFix might actually reset some settings so it may cause such changes. :) We will see after we're done with it.





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#9 phulltillt

phulltillt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southern California, USA
  • Local time:05:54 PM

Posted 05 June 2012 - 04:05 AM

Hi Elle,

I was replying and had typed about 12 lines when suddenly this window refreshed? itself and cleared this window. I'll try again using notepad.

I thought I had done exactly as you instructed but I left while it was scanning so this time I stayed and watched what was going on. As it was running the first thing was...


A purple box with the heading "Microsoft Visual C++ Runtime Library" that contained

Runtime Error!

Program:C::\ProgramFiles\Yahoo\Messenger\YahooMessenger.exe

R6025
=pure virtual function call


I ignored it and minutes later the "Yahoo has encountered an error and needs to close" report to box appeared and I ignored it as well. I am certain I closed all messengers before I started your instructions.

Your instructions stated I would find the log file to post in the "C:\Combofix" folder however I checked and the folder was empty. I copied the file it generated and it follows.

added: Ihave no idea where these "Norton" files came from.



Again thanks for your help,

Judie :busy:



ComboFix 12-06-04.03 - David Higginbotham 06/05/2012 1:00.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.676 [GMT -7:00]
Running from: c:\documents and settings\David Higginbotham\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\David Higginbotham\Desktop\CFScript.txt
AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\all users\application data\blekko toolbars
c:\documents and settings\all users\application data\blekko toolbars\toolbar.txt
c:\documents and settings\All Users\Start Menu\Windows Live Messenger .lnk
c:\documents and settings\david higginbotham\application data\searchcom_001
c:\documents and settings\david higginbotham\application data\searchcom_001\dtx.ini
c:\documents and settings\david higginbotham\application data\searchcom_001\geodata.xml
c:\documents and settings\david higginbotham\application data\searchcom_001\geoip.xml
c:\documents and settings\david higginbotham\application data\searchcom_001\guid.dat
c:\documents and settings\david higginbotham\application data\searchcom_001\log.txt
c:\documents and settings\david higginbotham\application data\searchcom_001\preferences.dat
c:\documents and settings\david higginbotham\application data\searchcom_001\stats.dat
c:\documents and settings\david higginbotham\application data\searchcom_001\uninstallIE.dat
c:\documents and settings\david higginbotham\application data\searchcom_001\weather\b6851ed81e1ec92c0333ab1d7c7a8261
c:\documents and settings\david higginbotham\application data\searchcom_001\weather\d493cf3528f64366b0f7571729c05499
c:\documents and settings\david higginbotham\application data\searchcom_001\weather\forecasts_cache.xml
c:\documents and settings\david higginbotham\application data\searchcom_001\weather\observations_cache.xml
c:\documents and settings\david higginbotham\application data\searchcom_001\weatherbutton_prefs.xml
c:\documents and settings\david higginbotham\application data\searchcom_001\widgets_cache\2e9e737918522502191ba1e5c2911c4e
c:\documents and settings\david higginbotham\application data\searchcom_001\widgets_cache\2ec930b950f265ff889d17199fda9ea5
c:\documents and settings\david higginbotham\application data\searchcom_001\widgets_cache\category_cache.xml
c:\documents and settings\david higginbotham\application data\searchcom_001\widgets_cache\widget_cache.xml
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\catalog.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120529230809-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120529230809-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120529233816-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120529233816-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530000825-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530000825-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530003850-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530003850-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530004317-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530004317-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530011000-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530011000-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530011318-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530011318-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530014011-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530014011-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530014330-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530014330-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530021031-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530021031-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530024036-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530024036-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530024354-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530024354-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530031118-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530031118-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530031438-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530031438-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530034133-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530034133-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530041150-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530041150-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530041509-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530041509-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530044203-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530044203-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530051217-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530051217-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530051535-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530051535-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530054318-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530054318-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530061331-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530061331-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530061649-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530061649-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530064407-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530064407-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530064726-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530064726-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530071507-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530071507-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530081552-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530081552-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530084601-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530084601-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530084941-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530084941-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530091646-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530091646-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530092006-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530092006-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530094745-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530094745-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530095105-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530095105-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530101816-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530101816-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530102137-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530102137-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530111934-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530111934-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530112253-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530112253-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530114010-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530114010-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530114949-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530114949-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530122031-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530122031-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530125056-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530125056-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530132139-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530132139-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530135544-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530135544-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530142159-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530142159-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530145215-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530145215-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530152243-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530152243-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530152709-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530152709-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530155320-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530155320-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530155745-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530155745-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530162022-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530162022-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530162342-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530162342-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530162807-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530162807-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530172441-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530172441-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530175531-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530175531-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530175957-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530175957-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530185636-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530185636-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530190103-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530190103-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530192734-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530192734-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530202836-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530202836-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530203302-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530203302-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530205909-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530205909-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530212949-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530212949-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530213419-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530213419-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530220032-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530220032-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530222031-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530222031-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530223132-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530223132-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530223557-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530223557-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530233246-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530233246-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530233712-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120530233712-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531000324-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531000324-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531003426-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531003426-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531010916-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531010916-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531013601-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531013601-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531013922-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531013922-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531020639-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531020639-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531024043-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531024043-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531030757-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531030757-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531033840-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531033840-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531040908-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531040908-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531041231-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531041231-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531044018-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531044018-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531050940-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531050940-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531051407-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531051407-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531054046-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531054046-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531054511-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531054511-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531061122-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531061122-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531064136-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531064136-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531064707-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531064707-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531071218-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531071218-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531074318-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531074318-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531074850-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531074850-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531080148-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531080148-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531081340-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531081340-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531081905-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531081905-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531084403-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531084403-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531084930-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531084930-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531091416-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531091416-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531094429-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531094429-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531101515-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531101515-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531102039-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531102039-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531104611-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531104611-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531111634-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531111634-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531112156-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531112156-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531121806-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531121806-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531124029-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531124029-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531124859-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531124859-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531135002-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531135002-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531135524-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531135524-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531142014-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531142014-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531145617-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531145617-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531162208-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531162208-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531162729-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531162729-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531172354-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531172354-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531172838-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531172838-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531182058-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531182058-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531182512-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531182512-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531183038-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531183038-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531190138-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531190138-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531192611-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531192611-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531200329-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531200329-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531202316-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531202316-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531212450-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531212450-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531215529-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531215529-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531222625-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531222625-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531232801-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120531232801-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601002934-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601002934-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601013039-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601013039-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601020126-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601020126-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601030257-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601030257-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601040428-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601040428-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601042024-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601042024-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601043524-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601043524-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601044047-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601044047-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601050608-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601050608-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601053701-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601053701-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601060741-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601060741-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601064040-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601064040-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601070913-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601070913-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601080111-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601080111-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601081044-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601081044-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601082018-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601082018-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601091209-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601091209-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601094300-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601094300-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601101338-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601101338-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601111512-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601111512-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601121640-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601121640-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601131809-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601131809-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601134901-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601134901-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601141944-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120601141944-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120604191524-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120604191524-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120604191636-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120604191636-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120604194739-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120604194739-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120604201810-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120604201810-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120604211823-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120604211823-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120604221851-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120605022123-f.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120605042356-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120605042356-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120605044000-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120605044000-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120605045449-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120605045449-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120605055519-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120605055519-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120605062533-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120605062533-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120605072725-l.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\120605072725-m.list
c:\documents and settings\david higginbotham\local settings\application data\searchcom_001\data\temp.zip
c:\program files\searchcom_001
c:\program files\searchcom_001\chrome\content\lib\about.xml
c:\program files\searchcom_001\chrome\content\lib\dtxpanel.xul
c:\program files\searchcom_001\chrome\content\lib\dtxpaneltransparent.xul
c:\program files\searchcom_001\chrome\content\lib\dtxpanelwin.xul
c:\program files\searchcom_001\chrome\content\lib\dtxprefwin.xul
c:\program files\searchcom_001\chrome\content\lib\dtxtransparentwin.xul
c:\program files\searchcom_001\chrome\content\lib\dtxwin.xul
c:\program files\searchcom_001\chrome\content\lib\emailnotifierproviders.xml
c:\program files\searchcom_001\chrome\content\lib\external.js
c:\program files\searchcom_001\chrome\content\lib\neterror.xhtml
c:\program files\searchcom_001\chrome\content\lib\rsspreview.html
c:\program files\searchcom_001\chrome\content\lib\rsswin.xml
c:\program files\searchcom_001\chrome\content\lib\rsswin.xsl
c:\program files\searchcom_001\chrome\content\lib\vmncode.js
c:\program files\searchcom_001\chrome\content\lib\wmpstreamer.html
c:\program files\searchcom_001\chrome\content\modules\datastore.jsm
c:\program files\searchcom_001\chrome\content\modules\nsDragAndDrop.js
c:\program files\searchcom_001\chrome\content\neterror.xhtml
c:\program files\searchcom_001\chrome\content\newtab\images\btn_search.gif
c:\program files\searchcom_001\chrome\content\newtab\images\bullet.gif
c:\program files\searchcom_001\chrome\content\newtab\images\field_bg.gif
c:\program files\searchcom_001\chrome\content\newtab\images\powered_by_yahoo.gif
c:\program files\searchcom_001\chrome\content\newtab\newtab.html
c:\program files\searchcom_001\chrome\content\newtab\newtab_mystart.html
c:\program files\searchcom_001\chrome\content\newtab\newtab_yahoo.html
c:\program files\searchcom_001\chrome\content\preferences.xml
c:\program files\searchcom_001\chrome\content\searchdomain.xml
c:\program files\searchcom_001\chrome\content\sourceid.xml
c:\program files\searchcom_001\chrome\content\template.xml
c:\program files\searchcom_001\chrome\content\toolbar.htm
c:\program files\searchcom_001\chrome\content\toolbar.xul
c:\program files\searchcom_001\chrome\content\vmncode.js
c:\program files\searchcom_001\chrome\content\vmnrsswin.xml
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.BlekkoMap\css\dialog.css
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrow-grey.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrows_grey-left.gif
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrows_grey-right.gif
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.BlekkoMap\images\bg.gif
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.BlekkoMap\images\btn-search-over.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.BlekkoMap\images\btn-search.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.BlekkoMap\images\throbber.gif
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.BlekkoMap\index.html
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\css\dialog.css
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\1x1_transparent.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\bg.gif
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-search.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-wide-close-over.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-wide-close.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn_close_x.gif
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\default.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\transparent.gif
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-left.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-mdl.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-right-resize.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-right.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\main.html
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\scripts\defscript.js
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.BlekkoMap\tb_icon.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.BlekkoMap\widget.js
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.BlekkoMap\widget.xml
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.BlekkoMap\widget_version.txt
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\.cvsignore
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\css\dialog.css
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrow-grey.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-left.gif
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-right.gif
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\back.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search-over.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\delete.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-disable.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-down.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-disable.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-down.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow-hover.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-l.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-r.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-l.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-r.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-l.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-r.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-left.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-mdl.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-right.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-left.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-mdl.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-right.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\throbber.gif
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\vid-bg.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\youtube.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\index.html
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\function.js
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\jquery-1.4.2.min.js
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\JSON.js
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css\dialog.css
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\bg-facebook.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\blank.gif
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close-over.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\default.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\transparent.gif
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-left.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-mdl.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right-resize.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\main.html
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\defscript.js
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\jquery-1.4.2.min.js
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\tb_icon.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.js
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.xml
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget_version.txt
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\css\twitter.css
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login-over.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\images\btn-submit.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\images\loginbg.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\images\refresh-over.gif
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\images\refresh.gif
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-disable.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-down.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-over.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-disable.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-down.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-over.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-l.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-r.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-l.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-r.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\images\throbber.gif
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\images\twitter-logo48.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\images\twitter_top.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\index.html
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\js\defscript.js
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\js\jquery.js
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\js\scripts.js
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\login.html
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\skin\css\dialog.css
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\skin\images\bg.gif
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close-over.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\skin\images\default.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\skin\images\transparent.gif
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-left.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-mdl.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right-resize.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\skin\main.html
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts\defscript.js
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\tb_icon.png
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\widget.js
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\widget.xml
c:\program files\searchcom_001\chrome\content\widgets\net.vmn.www.Twitter\widget_version.txt
c:\program files\searchcom_001\chrome\data\dynamicElements\vmntoolbar.xsl
c:\program files\searchcom_001\chrome\data\rss\rss.xml
c:\program files\searchcom_001\chrome\data\search\engines.xml
c:\program files\searchcom_001\chrome\data\search\search.xsl
c:\program files\searchcom_001\chrome\data\weather\icons.xml
c:\program files\searchcom_001\chrome\locale\lib\de.js
c:\program files\searchcom_001\chrome\locale\lib\en.js
c:\program files\searchcom_001\chrome\locale\lib\es.js
c:\program files\searchcom_001\chrome\locale\lib\fr.js
c:\program files\searchcom_001\chrome\locale\lib\it.js
c:\program files\searchcom_001\chrome\locale\locale.js
c:\program files\searchcom_001\chrome\skin\about.gif
c:\program files\searchcom_001\chrome\skin\about_logo.png
c:\program files\searchcom_001\chrome\skin\babylon_logo.png
c:\program files\searchcom_001\chrome\skin\blekko16.png
c:\program files\searchcom_001\chrome\skin\blogger.png
c:\program files\searchcom_001\chrome\skin\bluelite.gif
c:\program files\searchcom_001\chrome\skin\bluesky.gif
c:\program files\searchcom_001\chrome\skin\btn-search-over.png
c:\program files\searchcom_001\chrome\skin\btn-search.png
c:\program files\searchcom_001\chrome\skin\btn-settings-over.png
c:\program files\searchcom_001\chrome\skin\btn-settings.png
c:\program files\searchcom_001\chrome\skin\btn-widgets-over.png
c:\program files\searchcom_001\chrome\skin\btn-widgets.png
c:\program files\searchcom_001\chrome\skin\btn_settings.png
c:\program files\searchcom_001\chrome\skin\ca.png
c:\program files\searchcom_001\chrome\skin\coupons-hover.png
c:\program files\searchcom_001\chrome\skin\coupons.png
c:\program files\searchcom_001\chrome\skin\custom.css
c:\program files\searchcom_001\chrome\skin\dictionary.png
c:\program files\searchcom_001\chrome\skin\divider.png
c:\program files\searchcom_001\chrome\skin\downloadcom.png
c:\program files\searchcom_001\chrome\skin\dtxlogo.png
c:\program files\searchcom_001\chrome\skin\email.png
c:\program files\searchcom_001\chrome\skin\email_on.png
c:\program files\searchcom_001\chrome\skin\facebook-blekko-hover.png
c:\program files\searchcom_001\chrome\skin\facebook-blekko.png
c:\program files\searchcom_001\chrome\skin\facebook-hover.png
c:\program files\searchcom_001\chrome\skin\facebook.png
c:\program files\searchcom_001\chrome\skin\fb.png
c:\program files\searchcom_001\chrome\skin\games.png
c:\program files\searchcom_001\chrome\skin\google.png
c:\program files\searchcom_001\chrome\skin\graphna.png
c:\program files\searchcom_001\chrome\skin\graphred0.png
c:\program files\searchcom_001\chrome\skin\graphred0_5.png
c:\program files\searchcom_001\chrome\skin\graphred1.png
c:\program files\searchcom_001\chrome\skin\graphred1_5.png
c:\program files\searchcom_001\chrome\skin\graphred2.png
c:\program files\searchcom_001\chrome\skin\graphred2_5.png
c:\program files\searchcom_001\chrome\skin\graphred3.png
c:\program files\searchcom_001\chrome\skin\graphred3_5.png
c:\program files\searchcom_001\chrome\skin\graphred4.png
c:\program files\searchcom_001\chrome\skin\graphred4_5.png
c:\program files\searchcom_001\chrome\skin\graphred5.png
c:\program files\searchcom_001\chrome\skin\graphredna.png
c:\program files\searchcom_001\chrome\skin\grey.gif
c:\program files\searchcom_001\chrome\skin\ico-digg.png
c:\program files\searchcom_001\chrome\skin\ico-shield.png
c:\program files\searchcom_001\chrome\skin\images.png
c:\program files\searchcom_001\chrome\skin\lib\add.png
c:\program files\searchcom_001\chrome\skin\lib\alexabutton.css
c:\program files\searchcom_001\chrome\skin\lib\aol.png
c:\program files\searchcom_001\chrome\skin\lib\arrow-dn.gif
c:\program files\searchcom_001\chrome\skin\lib\arrow-right-disabled.gif
c:\program files\searchcom_001\chrome\skin\lib\arrow-right.gif
c:\program files\searchcom_001\chrome\skin\lib\arrow-up.gif
c:\program files\searchcom_001\chrome\skin\lib\bg-btn-divider.png
c:\program files\searchcom_001\chrome\skin\lib\bg-btn-end.png
c:\program files\searchcom_001\chrome\skin\lib\bg-btn-mdl.png
c:\program files\searchcom_001\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files\searchcom_001\chrome\skin\lib\bg-btn-start.png
c:\program files\searchcom_001\chrome\skin\lib\bg-btnover-divider.png
c:\program files\searchcom_001\chrome\skin\lib\bg-btnover-end.png
c:\program files\searchcom_001\chrome\skin\lib\bg-btnover-mdl.png
c:\program files\searchcom_001\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files\searchcom_001\chrome\skin\lib\bg-btnover-start.png
c:\program files\searchcom_001\chrome\skin\lib\blank.gif
c:\program files\searchcom_001\chrome\skin\lib\btn-widgets-over.png
c:\program files\searchcom_001\chrome\skin\lib\btn-widgets.png
c:\program files\searchcom_001\chrome\skin\lib\btn_slider.png
c:\program files\searchcom_001\chrome\skin\lib\btnback-down-vista.png
c:\program files\searchcom_001\chrome\skin\lib\btnback-vista.png
c:\program files\searchcom_001\chrome\skin\lib\btnleft-down-vista.png
c:\program files\searchcom_001\chrome\skin\lib\btnleft-vista.png
c:\program files\searchcom_001\chrome\skin\lib\btnright-down-vista.png
c:\program files\searchcom_001\chrome\skin\lib\btnright-vista.png
c:\program files\searchcom_001\chrome\skin\lib\button-splitter-down-vista.png
c:\program files\searchcom_001\chrome\skin\lib\button-splitter-vista.png
c:\program files\searchcom_001\chrome\skin\lib\button-splitter.png
c:\program files\searchcom_001\chrome\skin\lib\checkmark.png
c:\program files\searchcom_001\chrome\skin\lib\chevron.png
c:\program files\searchcom_001\chrome\skin\lib\collapse.png
c:\program files\searchcom_001\chrome\skin\lib\comcast.png
c:\program files\searchcom_001\chrome\skin\lib\debugbar\debug.html
c:\program files\searchcom_001\chrome\skin\lib\dtx-test.css
c:\program files\searchcom_001\chrome\skin\lib\dtx.css
c:\program files\searchcom_001\chrome\skin\lib\edit-back-hot.png
c:\program files\searchcom_001\chrome\skin\lib\edit-back.png
c:\program files\searchcom_001\chrome\skin\lib\embarq.png
c:\program files\searchcom_001\chrome\skin\lib\expand.png
c:\program files\searchcom_001\chrome\skin\lib\fast.png
c:\program files\searchcom_001\chrome\skin\lib\found.png
c:\program files\searchcom_001\chrome\skin\lib\gmail.png
c:\program files\searchcom_001\chrome\skin\lib\gripper.png
c:\program files\searchcom_001\chrome\skin\lib\highlight.png
c:\program files\searchcom_001\chrome\skin\lib\highlight_blue.png
c:\program files\searchcom_001\chrome\skin\lib\highlight_cyan.png
c:\program files\searchcom_001\chrome\skin\lib\highlight_lime.png
c:\program files\searchcom_001\chrome\skin\lib\highlight_magenta.png
c:\program files\searchcom_001\chrome\skin\lib\highlight_yellow.png
c:\program files\searchcom_001\chrome\skin\lib\hotmail.png
c:\program files\searchcom_001\chrome\skin\lib\ico-check.png
c:\program files\searchcom_001\chrome\skin\lib\imap.png
c:\program files\searchcom_001\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files\searchcom_001\chrome\skin\lib\launchers.css
c:\program files\searchcom_001\chrome\skin\lib\loadingMid.gif
c:\program files\searchcom_001\chrome\skin\lib\lock.png
c:\program files\searchcom_001\chrome\skin\lib\logo-separator.png
c:\program files\searchcom_001\chrome\skin\lib\mailcom.png
c:\program files\searchcom_001\chrome\skin\lib\menu_bg-basic.png
c:\program files\searchcom_001\chrome\skin\lib\menu_separator_bar.png
c:\program files\searchcom_001\chrome\skin\lib\menu_separator_white.png
c:\program files\searchcom_001\chrome\skin\lib\menuitem-splitter.png
c:\program files\searchcom_001\chrome\skin\lib\menuitemback-down-vista.png
c:\program files\searchcom_001\chrome\skin\lib\menuitemback-vista.png
c:\program files\searchcom_001\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files\searchcom_001\chrome\skin\lib\menuitemleft-vista.png
c:\program files\searchcom_001\chrome\skin\lib\menuitemleft.png
c:\program files\searchcom_001\chrome\skin\lib\menuitemright-down-vista.png
c:\program files\searchcom_001\chrome\skin\lib\menuitemright-vista.png
c:\program files\searchcom_001\chrome\skin\lib\minus.gif
c:\program files\searchcom_001\chrome\skin\lib\modify.png
c:\program files\searchcom_001\chrome\skin\lib\move.gif
c:\program files\searchcom_001\chrome\skin\lib\movetarget.png
c:\program files\searchcom_001\chrome\skin\lib\newsitem.gif
c:\program files\searchcom_001\chrome\skin\lib\panels\css\panels.css
c:\program files\searchcom_001\chrome\skin\lib\panels\css\popupAbout.css
c:\program files\searchcom_001\chrome\skin\lib\panels\css\popupGames.css
c:\program files\searchcom_001\chrome\skin\lib\panels\css\popupRSS.css
c:\program files\searchcom_001\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files\searchcom_001\chrome\skin\lib\panels\default\css\dialog.css
c:\program files\searchcom_001\chrome\skin\lib\panels\default\images\bg.gif
c:\program files\searchcom_001\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files\searchcom_001\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files\searchcom_001\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files\searchcom_001\chrome\skin\lib\panels\default\images\default.png
c:\program files\searchcom_001\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files\searchcom_001\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files\searchcom_001\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files\searchcom_001\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files\searchcom_001\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files\searchcom_001\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files\searchcom_001\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files\searchcom_001\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files\searchcom_001\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files\searchcom_001\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files\searchcom_001\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files\searchcom_001\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files\searchcom_001\chrome\skin\lib\panels\default\images\win-left.png
c:\program files\searchcom_001\chrome\skin\lib\panels\default\images\win-right.png
c:\program files\searchcom_001\chrome\skin\lib\panels\default\main.html
c:\program files\searchcom_001\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files\searchcom_001\chrome\skin\lib\panels\footer.htm
c:\program files\searchcom_001\chrome\skin\lib\panels\gamecategory.xsl
c:\program files\searchcom_001\chrome\skin\lib\panels\gameData.js
c:\program files\searchcom_001\chrome\skin\lib\panels\gameList.xsl
c:\program files\searchcom_001\chrome\skin\lib\panels\games.xsl
c:\program files\searchcom_001\chrome\skin\lib\panels\gametype.xsl
c:\program files\searchcom_001\chrome\skin\lib\panels\images\.#btn-search-pnlbtm-over.png.1.1
c:\program files\searchcom_001\chrome\skin\lib\panels\images\.#btn-search-pnlbtm.png.1.1
c:\program files\searchcom_001\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files\searchcom_001\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files\searchcom_001\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\btn-back.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\btn-drag.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\btn-next.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\btn-previous.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files\searchcom_001\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\ico-download.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\ico-news24.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\ico-play.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\ico-tags.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\icon-Add.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\icon-download.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\icon-Info.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\icon-play.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\icon-shop.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\scrollb.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\scrollt.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\throbber.gif
c:\program files\searchcom_001\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files\searchcom_001\chrome\skin\lib\panels\images\widgets.png
c:\program files\searchcom_001\chrome\skin\lib\panels\initHTML.html
c:\program files\searchcom_001\chrome\skin\lib\panels\popupGames.html
c:\program files\searchcom_001\chrome\skin\lib\panels\popupHTML.html
c:\program files\searchcom_001\chrome\skin\lib\panels\popupRSS.html
c:\program files\searchcom_001\chrome\skin\lib\panels\popupWidgets.html
c:\program files\searchcom_001\chrome\skin\lib\panels\scroll.png
c:\program files\searchcom_001\chrome\skin\lib\plus.gif
c:\program files\searchcom_001\chrome\skin\lib\pop.png
c:\program files\searchcom_001\chrome\skin\lib\radio.png
c:\program files\searchcom_001\chrome\skin\lib\radio\css\manager.css
c:\program files\searchcom_001\chrome\skin\lib\radio\css\slider.css
c:\program files\searchcom_001\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files\searchcom_001\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files\searchcom_001\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files\searchcom_001\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files\searchcom_001\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files\searchcom_001\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files\searchcom_001\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files\searchcom_001\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files\searchcom_001\chrome\skin\lib\radio\images\ico-radio.png
c:\program files\searchcom_001\chrome\skin\lib\radio\images\music-note.png
c:\program files\searchcom_001\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files\searchcom_001\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files\searchcom_001\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files\searchcom_001\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files\searchcom_001\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files\searchcom_001\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files\searchcom_001\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files\searchcom_001\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files\searchcom_001\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files\searchcom_001\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files\searchcom_001\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files\searchcom_001\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files\searchcom_001\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files\searchcom_001\chrome\skin\lib\radio\images\radio-options.png
c:\program files\searchcom_001\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files\searchcom_001\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files\searchcom_001\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files\searchcom_001\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files\searchcom_001\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files\searchcom_001\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files\searchcom_001\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files\searchcom_001\chrome\skin\lib\radio\images\slider.png
c:\program files\searchcom_001\chrome\skin\lib\radio\images\slideron.png
c:\program files\searchcom_001\chrome\skin\lib\radio\images\track.png
c:\program files\searchcom_001\chrome\skin\lib\radio\managerpanel.html
c:\program files\searchcom_001\chrome\skin\lib\radio\volumeslider.html
c:\program files\searchcom_001\chrome\skin\lib\rank0.png
c:\program files\searchcom_001\chrome\skin\lib\rank0_5.png
c:\program files\searchcom_001\chrome\skin\lib\rank1.png
c:\program files\searchcom_001\chrome\skin\lib\rank1_5.png
c:\program files\searchcom_001\chrome\skin\lib\rank2.png
c:\program files\searchcom_001\chrome\skin\lib\rank2_5.png
c:\program files\searchcom_001\chrome\skin\lib\rank3.png
c:\program files\searchcom_001\chrome\skin\lib\rank3_5.png
c:\program files\searchcom_001\chrome\skin\lib\rank4.png
c:\program files\searchcom_001\chrome\skin\lib\rank4_5.png
c:\program files\searchcom_001\chrome\skin\lib\rank5.png
c:\program files\searchcom_001\chrome\skin\lib\rankna.png
c:\program files\searchcom_001\chrome\skin\lib\reload.png
c:\program files\searchcom_001\chrome\skin\lib\remove.png
c:\program files\searchcom_001\chrome\skin\lib\rename.gif
c:\program files\searchcom_001\chrome\skin\lib\resize-box.gif
c:\program files\searchcom_001\chrome\skin\lib\rss.png
c:\program files\searchcom_001\chrome\skin\lib\rsschannelback.png
c:\program files\searchcom_001\chrome\skin\lib\RSSLogo.png
c:\program files\searchcom_001\chrome\skin\lib\rsstabdivider.gif
c:\program files\searchcom_001\chrome\skin\lib\scroll-left.png
c:\program files\searchcom_001\chrome\skin\lib\scroll-right.png
c:\program files\searchcom_001\chrome\skin\lib\search-go.png
c:\program files\searchcom_001\chrome\skin\lib\search.png
c:\program files\searchcom_001\chrome\skin\lib\separator.png
c:\program files\searchcom_001\chrome\skin\lib\text-ellipsis.xml
c:\program files\searchcom_001\chrome\skin\lib\throbber.gif
c:\program files\searchcom_001\chrome\skin\lib\toolbarsplitter.gif
c:\program files\searchcom_001\chrome\skin\lib\transparent_1px.gif
c:\program files\searchcom_001\chrome\skin\lib\uwa\border_02.png
c:\program files\searchcom_001\chrome\skin\lib\uwa\border_03.png
c:\program files\searchcom_001\chrome\skin\lib\uwa\border_04.png
c:\program files\searchcom_001\chrome\skin\lib\uwa\border_06.png
c:\program files\searchcom_001\chrome\skin\lib\uwa\border_07.png
c:\program files\searchcom_001\chrome\skin\lib\uwa\border_08.png
c:\program files\searchcom_001\chrome\skin\lib\uwa\border_09.png
c:\program files\searchcom_001\chrome\skin\lib\uwa\border_10.png
c:\program files\searchcom_001\chrome\skin\lib\uwa\border_11.png
c:\program files\searchcom_001\chrome\skin\lib\uwa\border_12.png
c:\program files\searchcom_001\chrome\skin\lib\uwa\border_13.png
c:\program files\searchcom_001\chrome\skin\lib\uwa\border_14.png
c:\program files\searchcom_001\chrome\skin\lib\uwa\border_15.png
c:\program files\searchcom_001\chrome\skin\lib\uwa\border_16.png
c:\program files\searchcom_001\chrome\skin\lib\uwa\border_18.png
c:\program files\searchcom_001\chrome\skin\lib\uwa\border_19.png
c:\program files\searchcom_001\chrome\skin\lib\uwa\border_20.png
c:\program files\searchcom_001\chrome\skin\lib\uwa\border_21.png
c:\program files\searchcom_001\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files\searchcom_001\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files\searchcom_001\chrome\skin\lib\uwa\close-hot.png
c:\program files\searchcom_001\chrome\skin\lib\uwa\close-normal.png
c:\program files\searchcom_001\chrome\skin\lib\uwa\loadingMid.gif
c:\program files\searchcom_001\chrome\skin\lib\uwa\paneltemplate.html
c:\program files\searchcom_001\chrome\skin\lib\uwa\proxy.html
c:\program files\searchcom_001\chrome\skin\lib\uwa\template.html
c:\program files\searchcom_001\chrome\skin\lib\uwa\template.xml
c:\program files\searchcom_001\chrome\skin\lib\uwa\templateFF.html
c:\program files\searchcom_001\chrome\skin\lib\uwa\throbber.gif
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton.css
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files\searchcom_001\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files\searchcom_001\chrome\skin\lib\websiteinspector-highrisk-user.gif
c:\program files\searchcom_001\chrome\skin\lib\websiteinspector-highrisk.gif
c:\program files\searchcom_001\chrome\skin\lib\websiteinspector-lowrisk.gif
c:\program files\searchcom_001\chrome\skin\lib\websiteinspector-norating.gif
c:\program files\searchcom_001\chrome\skin\lib\websiteinspector-verified-user.gif
c:\program files\searchcom_001\chrome\skin\lib\websiteinspector-verified.gif
c:\program files\searchcom_001\chrome\skin\lib\websiteinspector-verifying.gif
c:\program files\searchcom_001\chrome\skin\lib\yahoo.png
c:\program files\searchcom_001\chrome\skin\lichen.gif
c:\program files\searchcom_001\chrome\skin\local-deals-hover.png
c:\program files\searchcom_001\chrome\skin\local-deals.png
c:\program files\searchcom_001\chrome\skin\logo-about.png
c:\program files\searchcom_001\chrome\skin\logo-over.png
c:\program files\searchcom_001\chrome\skin\logo-separator.png
c:\program files\searchcom_001\chrome\skin\logo.png
c:\program files\searchcom_001\chrome\skin\mail-blekko-hover.png
c:\program files\searchcom_001\chrome\skin\mail-blekko-new-hover.png
c:\program files\searchcom_001\chrome\skin\mail-blekko-new.png
c:\program files\searchcom_001\chrome\skin\mail-blekko.png
c:\program files\searchcom_001\chrome\skin\mail-hover.png
c:\program files\searchcom_001\chrome\skin\mail.png
c:\program files\searchcom_001\chrome\skin\menuseparatorback.gif
c:\program files\searchcom_001\chrome\skin\modify-save.png
c:\program files\searchcom_001\chrome\skin\modify.png
c:\program files\searchcom_001\chrome\skin\modifyhot.png
c:\program files\searchcom_001\chrome\skin\music.png
c:\program files\searchcom_001\chrome\skin\myspace.png
c:\program files\searchcom_001\chrome\skin\namespacetoolbar.css
c:\program files\searchcom_001\chrome\skin\news.png
c:\program files\searchcom_001\chrome\skin\options-main.png
c:\program files\searchcom_001\chrome\skin\options-search.png
c:\program files\searchcom_001\chrome\skin\options\options-main.png
c:\program files\searchcom_001\chrome\skin\options\options-search.png
c:\program files\searchcom_001\chrome\skin\options\options-weather.gif
c:\program files\searchcom_001\chrome\skin\options\options-weather.png
c:\program files\searchcom_001\chrome\skin\options\options-widgets.png
c:\program files\searchcom_001\chrome\skin\orange.gif
c:\program files\searchcom_001\chrome\skin\p_yahoo.png
c:\program files\searchcom_001\chrome\skin\pixsy.png
c:\program files\searchcom_001\chrome\skin\ppcbully.png
c:\program files\searchcom_001\chrome\skin\protect-id.png
c:\program files\searchcom_001\chrome\skin\relatedlinks.png
c:\program files\searchcom_001\chrome\skin\rss-collapse.png
c:\program files\searchcom_001\chrome\skin\rss-delete.png
c:\program files\searchcom_001\chrome\skin\rss-expand.png
c:\program files\searchcom_001\chrome\skin\rss-feed.png
c:\program files\searchcom_001\chrome\skin\rss-folder-remove.png
c:\program files\searchcom_001\chrome\skin\rss-folder-rename.png
c:\program files\searchcom_001\chrome\skin\rss-folder.png
c:\program files\searchcom_001\chrome\skin\rss-found.png
c:\program files\searchcom_001\chrome\skin\rss-reload.png
c:\program files\searchcom_001\chrome\skin\rss-subscribe.png
c:\program files\searchcom_001\chrome\skin\rss.png
c:\program files\searchcom_001\chrome\skin\rssback.gif
c:\program files\searchcom_001\chrome\skin\rsstopback.gif
c:\program files\searchcom_001\chrome\skin\search-over.png
c:\program files\searchcom_001\chrome\skin\search.png
c:\program files\searchcom_001\chrome\skin\searchbar\searchbar-background-left.png
c:\program files\searchcom_001\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files\searchcom_001\chrome\skin\searchbar\searchbar-background-right.png
c:\program files\searchcom_001\chrome\skin\searchcom-logo.png
c:\program files\searchcom_001\chrome\skin\searchcom-logo_tb.png
c:\program files\searchcom_001\chrome\skin\settings.png
c:\program files\searchcom_001\chrome\skin\shopping.png
c:\program files\searchcom_001\chrome\skin\siteinfo.png
c:\program files\searchcom_001\chrome\skin\skin-bluelite.png
c:\program files\searchcom_001\chrome\skin\skin-bluesky.png
c:\program files\searchcom_001\chrome\skin\skin-grey.png
c:\program files\searchcom_001\chrome\skin\skin-lichen.png
c:\program files\searchcom_001\chrome\skin\skin-orange.png
c:\program files\searchcom_001\chrome\skin\skin-yellow.png
c:\program files\searchcom_001\chrome\skin\skin.xml
c:\program files\searchcom_001\chrome\skin\social_delicious.png
c:\program files\searchcom_001\chrome\skin\social_stumbleupon.png
c:\program files\searchcom_001\chrome\skin\technorati.png
c:\program files\searchcom_001\chrome\skin\throbber.gif
c:\program files\searchcom_001\chrome\skin\toolbarsplitter.png
c:\program files\searchcom_001\chrome\skin\translate.png
c:\program files\searchcom_001\chrome\skin\TRUSTe_about.png
c:\program files\searchcom_001\chrome\skin\twitter-blekko-hover.png
c:\program files\searchcom_001\chrome\skin\twitter-blekko.png
c:\program files\searchcom_001\chrome\skin\twitter-hover.png
c:\program files\searchcom_001\chrome\skin\twitter.png
c:\program files\searchcom_001\chrome\skin\vmn.css
c:\program files\searchcom_001\chrome\skin\vmn.png
c:\program files\searchcom_001\chrome\skin\web.png
c:\program files\searchcom_001\chrome\skin\websearch.png
c:\program files\searchcom_001\chrome\skin\wikipedia.png
c:\program files\searchcom_001\chrome\skin\yahoosearch.png
c:\program files\searchcom_001\chrome\skin\yellow.gif
c:\program files\searchcom_001\chrome\skin\youtube.png
c:\program files\searchcom_001\chrome\skin\zoom.png
c:\program files\searchcom_001\components\windowmediator.js
c:\program files\searchcom_001\install.ico
c:\program files\searchcom_001\manifest.xml
c:\program files\searchcom_001\search.ico
c:\program files\searchcom_001\searchcom_001.dll
c:\program files\searchcom_001\searchcom_001X.dll
c:\program files\searchcom_001\toolbar.xml
c:\program files\searchcom_001\uninstall.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-05 to 2012-06-05 )))))))))))))))))))))))))))))))
.
.
2012-06-01 23:19 . 2012-06-01 23:19 -------- d-----w- c:\documents and settings\Judie
2012-05-30 14:54 . 2012-05-30 14:54 -------- d-----w- c:\documents and settings\David Higginbotham\Application Data\Template
2012-05-28 15:39 . 2012-05-20 12:55 84752 ----a-w- c:\windows\system32\drivers\tmeext.sys
2012-05-28 15:39 . 2012-05-20 12:55 171280 ----a-w- c:\windows\system32\drivers\tmnciesc.sys
2012-05-28 03:52 . 2012-05-28 03:52 -------- d-----w- c:\documents and settings\David Higginbotham\Local Settings\Application Data\Windows Live Writer
2012-05-28 03:52 . 2012-05-28 03:52 -------- d-----w- c:\documents and settings\David Higginbotham\Application Data\Windows Live Writer
2012-05-26 00:26 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2012-05-26 00:26 . 2008-04-14 12:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2012-05-26 00:26 . 2008-04-14 07:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-05-26 00:26 . 2008-04-14 07:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-05-25 06:55 . 2012-05-25 06:55 -------- d-----w- c:\program files\PurePlay
2012-05-24 04:35 . 2012-05-24 04:35 -------- d-----w- c:\program files\Microsoft
2012-05-23 16:32 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-05-22 11:11 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-21 21:28 . 2012-05-21 21:28 -------- d-----w- c:\documents and settings\David Higginbotham\Local Settings\Application Data\Sun
2012-05-21 02:20 . 2012-05-21 02:20 -------- d-----w- c:\program files\Common Files\Java
2012-05-21 02:18 . 2012-05-21 02:18 -------- d-----w- c:\program files\Oracle
2012-05-21 02:18 . 2012-05-21 02:18 -------- d-----w- c:\documents and settings\David Higginbotham\Application Data\Oracle
2012-05-21 02:18 . 2012-04-05 01:47 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-21 02:18 . 2012-04-05 01:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-21 02:18 . 2012-04-05 01:47 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-21 02:17 . 2012-05-21 02:17 -------- d-----w- c:\program files\Java
2012-05-20 13:03 . 2012-05-20 12:55 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2012-05-20 13:03 . 2012-05-20 12:55 81168 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2012-05-20 13:03 . 2012-05-20 12:55 68368 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-05-20 13:03 . 2012-05-20 12:55 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-05-19 10:09 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-05-19 10:08 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-05-19 10:08 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-05-19 10:08 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-05-19 10:08 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2012-05-19 10:08 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-05-19 10:08 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-05-19 10:08 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2012-05-19 10:08 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-05-19 10:08 . 2012-05-19 10:09 -------- d-----w- C:\4203e670695b65b7867d89
2012-05-19 10:01 . 2012-05-19 10:01 -------- d-----w- C:\98c51fe54d96a39d6b
2012-05-19 10:00 . 2012-05-19 10:01 -------- d-----w- C:\86dd3b853a00526e1e3fe4163712b4
2012-05-17 23:11 . 2012-06-04 03:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor
2012-05-17 23:11 . 2012-05-17 23:11 -------- d-----w- c:\program files\Yontoo
2012-05-17 23:10 . 2012-05-17 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2012-05-16 23:03 . 2012-05-16 23:03 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-16 03:40 . 2012-05-16 03:40 -------- d-----w- c:\documents and settings\David Higginbotham\Application Data\Malwarebytes
2012-05-16 03:39 . 2012-05-16 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-05-16 03:39 . 2012-05-22 11:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-15 03:15 . 2012-05-15 03:15 83249512 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlc4CF.tmp
2012-05-14 23:28 . 2012-05-14 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PurePlay
2012-05-14 16:13 . 2012-05-14 16:27 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-14 16:13 . 2012-05-14 16:27 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-14 15:29 . 2012-06-01 00:14 -------- d-----w- c:\documents and settings\David Higginbotham\Local Settings\Application Data\Adobe
2012-05-14 14:50 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2012-05-14 10:47 . 2012-05-14 10:47 -------- d-----w- c:\windows\ServicePackFiles
2012-05-14 03:24 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-05-14 03:24 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-05-14 03:21 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2012-05-14 03:17 . 2008-04-14 12:00 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2012-05-14 02:53 . 2012-05-14 02:53 -------- d-----w- c:\program files\Launch Manager
2012-05-09 19:10 . 2012-05-09 19:10 -------- d-----w- c:\program files\Dell
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-20 13:01 . 2012-04-20 17:47 56 ----a-w- c:\windows\system32\SupportTool.exe.bat
2012-04-20 15:03 . 2009-06-17 17:49 2942 ----a-w- c:\windows\CLEANUP.CMD
2012-04-11 13:14 . 2008-04-14 00:54 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2009-06-17 17:48 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:12 . 2009-06-17 17:48 1862272 ----a-w- c:\windows\system32\win32k(2)(2).sys
2012-04-11 12:35 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-01_10.17.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-04 03:35 . 2012-06-04 03:35 16384 c:\windows\Temp\Perflib_Perfdata_7dc.dat
+ 2012-06-04 03:35 . 2012-06-04 03:35 16384 c:\windows\Temp\Perflib_Perfdata_230.dat
+ 2009-06-17 17:48 . 2012-06-04 03:43 588238 c:\windows\system32\perfh009.dat
- 2009-06-17 17:48 . 2012-06-01 00:38 588238 c:\windows\system32\perfh009.dat
+ 2009-06-17 17:48 . 2012-06-04 03:43 118186 c:\windows\system32\perfc009.dat
- 2009-06-17 17:48 . 2012-06-01 00:38 118186 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-03-21 1523512]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-24 17529856]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2009-01-17 862728]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2009-02-17 196608]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-03-01 232616]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 133424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\documents and settings\David Higginbotham\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
R1 tmeext;tmeext;c:\windows\system32\drivers\tmeext.sys [5/28/2012 8:39 AM 84752]
R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [5/20/2012 6:03 AM 68368]
R2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\QDLService\QDLService.exe [11/10/2008 12:43 AM 345336]
R2 tmnciesc;tmnciesc;c:\windows\system32\drivers\tmnciesc.sys [5/28/2012 8:39 AM 171280]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [6/17/2009 10:49 AM 38912]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [5/20/2012 6:01 AM 200632]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/17/2009 11:25 AM 1684736]
S3 QCFilterGAD;Gobi AD USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterGAD.sys [4/20/2012 8:02 AM 5248]
S3 qcusbnetGAD;Gobi AD USB-NDIS miniport;c:\windows\system32\drivers\qcusbnetGAD.sys [4/20/2012 8:02 AM 115200]
S3 qcusbserGAD;Gobi AD USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserGAD.sys [4/20/2012 8:02 AM 103680]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [6/17/2009 11:24 AM 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 7:03 PM 32408]
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 16:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-searchcom_001 - c:\program files\searchcom_001\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-05 01:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1161744426-4065617495-2210005112-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2012-06-05 01:15:26
ComboFix-quarantined-files.txt 2012-06-05 08:15
ComboFix2.txt 2012-06-02 17:09
ComboFix3.txt 2012-06-01 10:23
.
Pre-Run: 113,932,718,080 bytes free
Post-Run: 114,033,045,504 bytes free
.
- - End Of File - - 727F9519CCD26A81508224B8C12225E6






Edited by phulltillt, 05 June 2012 - 04:11 AM.

[font=Verdana][size=4][color=#660000]"Observed knowledge is lost if it isn't shared!"

#10 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:54 AM

Posted 06 June 2012 - 11:53 AM

Can you please tell us how is your system working?





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#11 phulltillt

phulltillt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southern California, USA
  • Local time:05:54 PM

Posted 06 June 2012 - 05:18 PM

:busy: Hi Elle.

This computer seems to be running a tad faster without that feeling of eminent crash.

When accessing the Internet directly from the start menu, I continue to get the error "Internet Explorer cannot display the webpage" with the "Diagnose connection problems" button. Each time I find there is no reason as the DSL connection is active on my other systems.

The settings in random programs continue to change by themselves and in Internet Explorer they change daily from default to Custom. Right now on this page only half the "emoticons" are displayed and the others are displaying the Java little red X in several different ways. I am noticing this is happening more often and due to our work "fix"ing I have done nothing to attempt to correct it.

Your thoughts??? Once more, Thank You for your help!

Judie


909090...J

[font=Verdana][size=4][color=#660000]"Observed knowledge is lost if it isn't shared!"

#12 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:54 AM

Posted 08 June 2012 - 07:05 AM

Hi there :)


We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized




Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#13 phulltillt

phulltillt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southern California, USA
  • Local time:05:54 PM

Posted 08 June 2012 - 01:59 PM

Good Morning :busy:

Here ya go!!!


OTL logfile created on: 6/8/2012 11:47:26 AM - Run 1
OTL by OldTimer - Version 3.2.47.0 Folder = C:\Documents and Settings\David Higginbotham\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.87 Mb Total Physical Memory | 453.91 Mb Available Physical Memory | 44.77% Memory free
2.39 Gb Paging File | 1.70 Gb Available in Paging File | 71.25% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 105.82 Gb Free Space | 76.11% Space Free | Partition Type: NTFS

Computer Name: GATEWAY-53AB983 | User Name: David Higginbotham | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/08 11:46:29 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Higginbotham\Desktop\OTL.exe
PRC - [2012/06/07 21:44:57 | 054,476,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\David Higginbotham\Local Settings\temp\AdbeRdr1013_en_US.exe
PRC - [2012/05/20 05:55:38 | 000,233,592 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_OE\TMAS_OEMon.exe
PRC - [2012/05/20 05:55:38 | 000,159,432 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe
PRC - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012/04/04 04:17:36 | 000,342,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA1000000001}\setup.exe
PRC - [2012/02/27 06:44:06 | 000,133,424 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
PRC - [2012/02/22 20:49:58 | 006,591,800 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2008/11/10 00:43:44 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) -- C:\QUALCOMM\QDLService\QDLService.exe
PRC - [2008/07/03 15:58:22 | 000,094,208 | ---- | M] (sonix) -- C:\WINDOWS\PLFSetL.exe
PRC - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/20 05:55:41 | 000,081,152 | ---- | M] () -- C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_OE\TMAS_OEHook.dll
MOD - [2012/05/20 05:55:09 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
MOD - [2012/05/20 05:55:09 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
MOD - [2012/02/22 20:49:56 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2012/02/22 20:49:38 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll
MOD - [2011/11/03 08:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/14 05:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 05:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 -- (Norton Internet Security)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/02/11 04:05:16 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/11/10 00:43:44 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\QUALCOMM\QDLService\QDLService.exe -- (QDLService)
SRV - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts5161ccid.sys -- (USBCCID)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX)
DRV - File not found [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (Rts516xIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\DAVIDH~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/05/20 05:55:14 | 000,205,072 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2012/05/20 05:55:14 | 000,171,280 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmnciesc.sys -- (tmnciesc)
DRV - [2012/05/20 05:55:14 | 000,092,432 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2012/05/20 05:55:14 | 000,084,752 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmeext.sys -- (tmeext)
DRV - [2012/05/20 05:55:14 | 000,081,168 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2012/05/20 05:55:14 | 000,068,368 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2009/06/21 21:59:26 | 001,574,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/05/06 18:15:38 | 001,759,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/03/20 19:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2009/03/01 22:03:48 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/24 01:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/02/02 23:42:30 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2008/11/10 00:37:34 | 000,115,200 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcusbnetGAD.sys -- (qcusbnetGAD)
DRV - [2008/11/10 00:37:34 | 000,103,680 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcusbserGAD.sys -- (qcusbserGAD)
DRV - [2008/11/10 00:37:34 | 000,005,248 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcfilterGAD.sys -- (QCFilterGAD)
DRV - [2008/08/05 05:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2006/11/02 06:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/01/04 00:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1161744426-4065617495-2210005112-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1161744426-4065617495-2210005112-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1161744426-4065617495-2210005112-1006\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1161744426-4065617495-2210005112-1006\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1161744426-4065617495-2210005112-1006\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = https://search.blekko.com/ws/?source=5a76da41&tbp=rbox&toolbarid=searchcom_001&u=20120517025A421697B901325F709D94&q={searchTerms}
IE - HKU\S-1-5-21-1161744426-4065617495-2210005112-1006\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS480
IE - HKU\S-1-5-21-1161744426-4065617495-2210005112-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\firefoxextension [2012/05/20 06:20:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012/05/20 06:21:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2012/05/20 06:02:29 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/06/05 01:12:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1161744426-4065617495-2210005112-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.dll ( )
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1161744426-4065617495-2210005112-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1161744426-4065617495-2210005112-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1161744426-4065617495-2210005112-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1161744426-4065617495-2210005112-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22A9790C-3E9F-4C31-8E97-FB7766F4D9F9}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\David Higginbotham\My Documents\My Pictures\list.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\David Higginbotham\My Documents\My Pictures\list.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/17 10:07:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/08 11:46:23 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David Higginbotham\Desktop\OTL.exe
[2012/06/07 21:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/06/06 15:16:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2012/06/05 17:51:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Higginbotham\My Documents\PAMA MANAGMENT
[2012/06/05 16:01:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/06/05 15:56:48 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2012/06/05 00:58:21 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/06/01 02:57:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/06/01 02:53:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/06/01 02:53:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/06/01 02:53:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/06/01 02:53:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/06/01 02:53:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/06/01 02:52:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/01 02:52:18 | 004,537,193 | R--- | C] (Swearware) -- C:\Documents and Settings\David Higginbotham\Desktop\ComboFix.exe
[2012/05/30 17:50:59 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\David Higginbotham\Desktop\dds.scr
[2012/05/30 07:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Higginbotham\Application Data\Template
[2012/05/28 08:39:23 | 000,084,752 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmeext.sys
[2012/05/28 08:39:20 | 000,171,280 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmnciesc.sys
[2012/05/27 20:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Higginbotham\Local Settings\Application Data\Windows Live Writer
[2012/05/27 20:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Higginbotham\Application Data\Windows Live Writer
[2012/05/27 20:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Higginbotham\My Documents\My Weblog Posts
[2012/05/27 18:25:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Higginbotham\Desktop\gmer
[2012/05/27 17:21:46 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\David Higginbotham\My Documents\My Stationery
[2012/05/25 17:26:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2012/05/25 17:26:13 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2012/05/25 17:26:12 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2012/05/24 23:55:03 | 000,000,000 | ---D | C] -- C:\Program Files\PurePlay
[2012/05/24 16:32:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Higginbotham\My Documents\for D I A N A
[2012/05/23 21:35:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012/05/23 21:08:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2012/05/23 21:08:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2012/05/23 21:08:50 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2012/05/23 21:08:50 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2012/05/23 21:08:46 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2012/05/23 21:08:45 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2012/05/23 21:08:45 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2012/05/23 21:08:45 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2012/05/23 21:08:45 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2012/05/23 21:08:44 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\evntwin.exe
[2012/05/23 21:08:44 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2012/05/23 21:08:44 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2012/05/23 21:08:44 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\evntcmd.exe
[2012/05/23 21:08:44 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2012/05/23 21:08:44 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2012/05/23 21:08:43 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\evntagnt.dll
[2012/05/23 21:08:43 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2012/05/23 21:08:43 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hostmib.dll
[2012/05/23 21:08:43 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2012/05/23 21:08:43 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\snmpmib.dll
[2012/05/23 21:08:43 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2012/05/23 21:08:37 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lmmib2.dll
[2012/05/23 21:08:37 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2012/05/23 20:48:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Higginbotham\My Documents\Downloads
[2012/05/22 04:11:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/22 04:11:27 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/21 14:44:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\David Higginbotham\My Documents\My Videos
[2012/05/21 14:44:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/05/21 14:44:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\David Higginbotham\Start Menu\Programs\Administrative Tools
[2012/05/21 14:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Higginbotham\Local Settings\Application Data\Sun
[2012/05/20 19:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/05/20 19:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/05/20 19:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/05/20 19:18:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Higginbotham\Application Data\Oracle
[2012/05/20 19:18:28 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/05/20 19:18:28 | 000,687,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/05/20 19:18:28 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/05/20 19:18:28 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/05/20 19:18:05 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/05/20 19:18:05 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/05/20 19:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/05/20 19:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Higginbotham\Application Data\Sun
[2012/05/20 06:04:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Higginbotham\Start Menu\Programs\Trend Micro Titanium Maximum Security 2012
[2012/05/20 06:03:21 | 000,092,432 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys
[2012/05/20 06:03:17 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2012/05/20 06:03:17 | 000,081,168 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2012/05/20 06:03:17 | 000,068,368 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2012/05/19 03:08:39 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2012/05/19 03:08:39 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2012/05/19 03:08:39 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2012/05/19 03:08:39 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2012/05/19 03:08:38 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2012/05/19 03:08:38 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2012/05/19 03:08:35 | 000,000,000 | ---D | C] -- C:\4203e670695b65b7867d89
[2012/05/19 03:01:10 | 000,000,000 | ---D | C] -- C:\98c51fe54d96a39d6b
[2012/05/19 03:00:36 | 000,000,000 | ---D | C] -- C:\86dd3b853a00526e1e3fe4163712b4
[2012/05/17 16:44:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Higginbotham\My Documents\XP DOOT DISKS
[2012/05/17 16:11:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor
[2012/05/17 16:11:02 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2012/05/17 16:10:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/05/15 20:40:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Higginbotham\Application Data\Malwarebytes
[2012/05/15 20:39:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/05/15 20:39:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/14 16:28:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PurePlay
[2012/05/14 10:18:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Higginbotham\Application Data\WinRAR
[2012/05/14 09:13:46 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/14 09:13:46 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/05/14 09:12:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2012/05/14 08:29:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Higginbotham\Local Settings\Application Data\Adobe
[2012/05/14 03:47:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2012/05/13 20:17:31 | 000,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2012/05/13 19:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\Launch Manager
[2012/05/09 12:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/08 11:46:29 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Higginbotham\Desktop\OTL.exe
[2012/06/08 11:22:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/06 15:15:26 | 000,001,128 | ---- | M] () -- C:\Documents and Settings\David Higginbotham\Desktop\Install ieSpell.lnk
[2012/06/05 16:08:52 | 000,000,419 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2012/06/05 01:12:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/05 00:57:53 | 004,537,193 | R--- | M] (Swearware) -- C:\Documents and Settings\David Higginbotham\Desktop\ComboFix.exe
[2012/06/04 18:36:09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/04 18:09:40 | 000,008,608 | ---- | M] () -- C:\Documents and Settings\David Higginbotham\My Documents\C A L L ATT data miwi.rtf
[2012/06/03 20:43:24 | 000,588,238 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/03 20:43:24 | 000,118,186 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/03 20:35:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/01 02:57:32 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/05/30 18:04:16 | 000,003,780 | ---- | M] () -- C:\Documents and Settings\David Higginbotham\Desktop\attach2.zip
[2012/05/30 17:51:02 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\David Higginbotham\Desktop\dds.scr
[2012/05/30 08:57:05 | 000,008,608 | ---- | M] () -- C:\Documents and Settings\David Higginbotham\My Documents\data miwi.rtf
[2012/05/28 15:14:44 | 000,021,959 | ---- | M] () -- C:\Documents and Settings\David Higginbotham\My Documents\tecra_8100 tech sheet.pdf
[2012/05/28 14:47:48 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\David Higginbotham\Application Data\wklnhst.dat
[2012/05/27 18:25:09 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\David Higginbotham\Desktop\gmer.zip
[2012/05/27 18:20:33 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\David Higginbotham\Desktop\sz012ouw.exe
[2012/05/24 23:55:06 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PurePlay Poker.lnk
[2012/05/23 21:12:16 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/23 21:07:51 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2012/05/23 20:57:10 | 000,001,513 | ---- | M] () -- C:\Documents and Settings\David Higginbotham\Desktop\Resume Windows Live Messenger download.lnk
[2012/05/23 09:32:35 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\David Higginbotham\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/05/23 09:32:34 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\David Higginbotham\Desktop\Windows Media Player.lnk
[2012/05/22 04:11:53 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/21 14:08:17 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\David Higginbotham\defogger_reenable
[2012/05/21 13:26:58 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/05/20 19:17:34 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/05/20 19:17:33 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/05/20 06:04:47 | 000,000,934 | R--- | M] () -- C:\Documents and Settings\David Higginbotham\Desktop\Trend Micro Titanium Maximum Security 2012.lnk
[2012/05/20 06:01:57 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\SupportTool.exe.bat
[2012/05/20 05:55:14 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2012/05/20 05:55:14 | 000,171,280 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmnciesc.sys
[2012/05/20 05:55:14 | 000,092,432 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys
[2012/05/20 05:55:14 | 000,084,752 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmeext.sys
[2012/05/20 05:55:14 | 000,081,168 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2012/05/20 05:55:14 | 000,068,368 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2012/05/19 08:04:49 | 000,249,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/18 04:26:04 | 000,000,156 | ---- | M] () -- C:\Documents and Settings\David Higginbotham\My Documents\Files named blekko containing text blekko.fnd
[2012/05/17 16:10:15 | 000,249,826 | ---- | M] () -- C:\Documents and Settings\David Higginbotham\My Documents\free_disk_wipe.zip
[2012/05/14 14:51:56 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\David Higginbotham\Desktop\Mah Jong Medley.lnk
[2012/05/14 11:15:48 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\David Higginbotham\Desktop\GameHouse Solitaire Challenge.lnk
[2012/05/14 09:27:57 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/14 09:27:57 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/05/14 09:13:00 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\David Higginbotham\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/05/14 09:13:00 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2012/05/14 03:36:47 | 000,000,884 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Works.lnk
[2012/05/14 00:33:10 | 000,001,837 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Gateway Games.lnk
[2012/05/13 23:49:52 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\David Higginbotham\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/06 15:15:26 | 000,001,128 | ---- | C] () -- C:\Documents and Settings\David Higginbotham\Desktop\Install ieSpell.lnk
[2012/06/05 16:08:52 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2012/06/04 18:09:39 | 000,008,608 | ---- | C] () -- C:\Documents and Settings\David Higginbotham\My Documents\C A L L ATT data miwi.rtf
[2012/06/01 02:57:32 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/06/01 02:57:27 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/06/01 02:53:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/06/01 02:53:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/06/01 02:53:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/06/01 02:53:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/06/01 02:53:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/05/30 18:04:16 | 000,003,780 | ---- | C] () -- C:\Documents and Settings\David Higginbotham\Desktop\attach2.zip
[2012/05/30 08:57:05 | 000,008,608 | ---- | C] () -- C:\Documents and Settings\David Higginbotham\My Documents\data miwi.rtf
[2012/05/28 15:14:44 | 000,021,959 | ---- | C] () -- C:\Documents and Settings\David Higginbotham\My Documents\tecra_8100 tech sheet.pdf
[2012/05/28 14:47:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\David Higginbotham\Application Data\wklnhst.dat
[2012/05/27 18:25:02 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\David Higginbotham\Desktop\gmer.zip
[2012/05/27 18:20:21 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\David Higginbotham\Desktop\sz012ouw.exe
[2012/05/24 23:55:06 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PurePlay Poker.lnk
[2012/05/24 23:55:06 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PurePlay Poker.lnk
[2012/05/23 21:08:49 | 000,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib
[2012/05/23 21:08:49 | 000,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib
[2012/05/23 21:08:49 | 000,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib
[2012/05/23 21:08:49 | 000,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib
[2012/05/23 21:08:48 | 000,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib
[2012/05/23 21:08:48 | 000,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib
[2012/05/23 21:08:48 | 000,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib
[2012/05/23 21:08:48 | 000,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib
[2012/05/23 21:08:48 | 000,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib
[2012/05/23 21:08:47 | 000,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib
[2012/05/23 21:08:47 | 000,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib
[2012/05/23 21:08:47 | 000,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib
[2012/05/23 21:08:47 | 000,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib
[2012/05/23 21:08:47 | 000,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib
[2012/05/23 21:08:46 | 000,016,617 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib
[2012/05/23 21:08:46 | 000,015,597 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib
[2012/05/23 21:08:46 | 000,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib
[2012/05/23 20:57:10 | 000,001,513 | ---- | C] () -- C:\Documents and Settings\David Higginbotham\Desktop\Resume Windows Live Messenger download.lnk
[2012/05/23 09:32:35 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\David Higginbotham\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/05/22 04:11:53 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/21 14:08:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\David Higginbotham\defogger_reenable
[2012/05/20 06:04:28 | 000,000,934 | R--- | C] () -- C:\Documents and Settings\David Higginbotham\Desktop\Trend Micro Titanium Maximum Security 2012.lnk
[2012/05/18 04:26:04 | 000,000,156 | ---- | C] () -- C:\Documents and Settings\David Higginbotham\My Documents\Files named blekko containing text blekko.fnd
[2012/05/17 16:10:32 | 000,249,826 | ---- | C] () -- C:\Documents and Settings\David Higginbotham\My Documents\free_disk_wipe.zip
[2012/05/14 14:51:56 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\David Higginbotham\Desktop\Mah Jong Medley.lnk
[2012/05/14 11:15:48 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\David Higginbotham\Desktop\GameHouse Solitaire Challenge.lnk
[2012/05/14 09:13:00 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\David Higginbotham\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/05/14 09:13:00 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2012/05/14 00:33:10 | 000,001,837 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Gateway Games.lnk
[2012/05/13 23:49:52 | 000,000,949 | ---- | C] () -- C:\Documents and Settings\David Higginbotham\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/05/13 20:24:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/05/13 20:24:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/04/27 22:26:56 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2012/04/20 10:47:22 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\SupportTool.exe.bat
[2012/04/20 08:01:54 | 001,759,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2012/04/20 08:01:54 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2012/04/20 08:01:54 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2012/04/20 08:01:54 | 000,000,323 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2012/04/20 08:01:50 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll


< End of report >



++++++++++++++++++++++++++++++++++++++++++


OTL Extras logfile created on: 6/8/2012 11:47:26 AM - Run 1
OTL by OldTimer - Version 3.2.47.0 Folder = C:\Documents and Settings\David Higginbotham\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.87 Mb Total Physical Memory | 453.91 Mb Available Physical Memory | 44.77% Memory free
2.39 Gb Paging File | 1.70 Gb Available in Paging File | 71.25% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 105.82 Gb Free Space | 76.11% Space Free | Partition Type: NTFS

Computer Name: GATEWAY-53AB983 | User Name: David Higginbotham | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{29FE5C24-85FB-4A25-B23A-2B4E18D5BD5D}" = Qualcomm Gobi Images
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = WebCam
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{60EB76E2-DF31-477B-A28C-2303ADE6629D}" = PurePlay Poker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75208262-E5D6-47C3-AD69-79DC6ADE77BF}" = VZAccess Manager
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Titanium Maximum Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B38A008F-21AA-4478-AE9C-D53976959F6E}" = Qualcomm Gobi Driver Package
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"amg-gamehousesolitairechallenge" = GameHouse Solitaire Challenge
"am-mahjongmedley" = Mah Jong Medley
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Gateway Screensaver" = Gateway ScreenSaver
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2007b" = Microsoft Money Essentials
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WildTangent gateway Master Uninstall" = Gateway Games
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/5/2012 4:16:17 AM | Computer Name = GATEWAY-53AB983 | Source = Application Error | ID = 1001
Description = Fault bucket -1406120665.

Error - 6/5/2012 5:51:52 AM | Computer Name = GATEWAY-53AB983 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/5/2012 5:52:07 AM | Computer Name = GATEWAY-53AB983 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 6/5/2012 6:08:49 AM | Computer Name = GATEWAY-53AB983 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/7/2012 5:21:42 PM | Computer Name = GATEWAY-53AB983 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/7/2012 5:21:50 PM | Computer Name = GATEWAY-53AB983 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 6/8/2012 12:35:31 AM | Computer Name = GATEWAY-53AB983 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/8/2012 12:35:48 AM | Computer Name = GATEWAY-53AB983 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 6/8/2012 6:47:58 AM | Computer Name = GATEWAY-53AB983 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/8/2012 6:48:07 AM | Computer Name = GATEWAY-53AB983 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

[ Application Events ]
Error - 6/5/2012 4:16:17 AM | Computer Name = GATEWAY-53AB983 | Source = Application Error | ID = 1001
Description = Fault bucket -1406120665.

Error - 6/5/2012 5:51:52 AM | Computer Name = GATEWAY-53AB983 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/5/2012 5:52:07 AM | Computer Name = GATEWAY-53AB983 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 6/5/2012 6:08:49 AM | Computer Name = GATEWAY-53AB983 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/7/2012 5:21:42 PM | Computer Name = GATEWAY-53AB983 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/7/2012 5:21:50 PM | Computer Name = GATEWAY-53AB983 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 6/8/2012 12:35:31 AM | Computer Name = GATEWAY-53AB983 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/8/2012 12:35:48 AM | Computer Name = GATEWAY-53AB983 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 6/8/2012 6:47:58 AM | Computer Name = GATEWAY-53AB983 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/8/2012 6:48:07 AM | Computer Name = GATEWAY-53AB983 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

[ System Events ]
Error - 6/1/2012 8:35:22 AM | Computer Name = GATEWAY-53AB983 | Source = Service Control Manager | ID = 7000
Description = The Norton Internet Security service failed to start due to the following
error: %%3

Error - 6/1/2012 8:35:23 AM | Computer Name = GATEWAY-53AB983 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SRTSP SRTSPX

Error - 6/1/2012 6:00:58 PM | Computer Name = GATEWAY-53AB983 | Source = Service Control Manager | ID = 7000
Description = The Norton Internet Security service failed to start due to the following
error: %%3

Error - 6/1/2012 6:00:59 PM | Computer Name = GATEWAY-53AB983 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SRTSP SRTSPX

Error - 6/1/2012 7:10:40 PM | Computer Name = GATEWAY-53AB983 | Source = Service Control Manager | ID = 7000
Description = The Norton Internet Security service failed to start due to the following
error: %%3

Error - 6/1/2012 7:10:40 PM | Computer Name = GATEWAY-53AB983 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SRTSP SRTSPX

Error - 6/1/2012 8:32:57 PM | Computer Name = GATEWAY-53AB983 | Source = Service Control Manager | ID = 7000
Description = The Norton Internet Security service failed to start due to the following
error: %%3

Error - 6/1/2012 8:32:58 PM | Computer Name = GATEWAY-53AB983 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SRTSP SRTSPX

Error - 6/3/2012 11:35:30 PM | Computer Name = GATEWAY-53AB983 | Source = Service Control Manager | ID = 7000
Description = The Norton Internet Security service failed to start due to the following
error: %%3

Error - 6/3/2012 11:35:31 PM | Computer Name = GATEWAY-53AB983 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SRTSP SRTSPX


< End of report >



[font=Verdana][size=4][color=#660000]"Observed knowledge is lost if it isn't shared!"

#14 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:54 AM

Posted 09 June 2012 - 08:49 AM

Hi there,





We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    IE - HKU\S-1-5-21-1161744426-4065617495-2210005112-1006\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = https://search.blekko.com/ws/?source=5a76da41&tbp=rbox&toolbarid=searchcom_001&u=20120517025A421697B901325F709D94&q={searchTerms}
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKU\S-1-5-21-1161744426-4065617495-2210005112-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    :Commands
    [EMPTYTEMP]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.


How is your system working now?


Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#15 phulltillt

phulltillt
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southern California, USA
  • Local time:05:54 PM

Posted 10 June 2012 - 02:28 AM

Hi Elle,

:busy: Still having "Internet Explorer Not Responding" and "Internet Explorer can't display the web page" problems but over all it seems to be running stronger.

Here's the scan...

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1161744426-4065617495-2210005112-1006\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-1161744426-4065617495-2210005112-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: David Higginbotham
->Temp folder emptied: 123373709 bytes
->Temporary Internet Files folder emptied: 49956724 bytes
->Flash cache emptied: 8776313 bytes

User: Default User
->Temp folder emptied: 13509035 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 396 bytes

User: Judie
->Temp folder emptied: 13515203 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 396 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1006893 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33438 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 201.00 mb


OTL by OldTimer - Version 3.2.47.0 log created on 06102012_000631


Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\David Higginbotham\Local Settings\Temp\Temporary Internet Files\Content.IE5\SFOQ9GU7\QJcP4eqyoa5.ZPEKNRhsXhH2L9mWn9M2bVxRY.Sl6CMTDjbH1lDHMVQappZtaJSy_40Vfc4j2PyHiS7o4H9t.6PqdDJRsu5yxCOdWJckc0pQClqRVNFkteG6vPDHcgXYXWNidZJR1anC9s8[1].jpg not found!
File\Folder C:\Documents and Settings\David Higginbotham\Local Settings\Temp\Temporary Internet Files\Content.IE5\SFOQ9GU7\uoN09SGyoa6tS23o4xyZjZAFx8ffB6CTx3g6nBnlJKiXOcdLqJwPicDBq2zkgoNCJTKEv4SfQm3_j4nDINXivCSiJY7lTVA712qL8Z7cR_Nwj7Pt7rkRuVxrYf9_i1vGn1lRrp5NWrwb_DnIClQ-[1].jpg not found!
File\Folder C:\Documents and Settings\David Higginbotham\Local Settings\Temp\Temporary Internet Files\Content.IE5\OXISZKPI\core.config_core.io_core.json_core.legacy_core.log_core.prefs_core.util_globals_l10n-en-US_opensocial-data_rpc_shindig.auth_yahoo.credits_yahoo.internal.urlrewrite_yahoo.l10n[1] not found!
File\Folder C:\Documents and Settings\David Higginbotham\Local Settings\Temp\Temporary Internet Files\Content.IE5\8ETNVO1I\7YWnY96yoa79KffwaUTQer7tZljOf8ynnVvadSeOMQWswzCS_i0YsUEcQpoEJrm5UQPMpRhDpgV8RtKAzZ32BB0yb3ZBtj8lq8Csz2K5vy9Oz_3IMUFjeZLZSod9tBCi2ZYqSX7Yhc6PaBqugLH6YyMVcedC9lKP[1].jpg not found!
File\Folder C:\Documents and Settings\David Higginbotham\Local Settings\Temp\Temporary Internet Files\Content.IE5\8ETNVO1I\HKGwG0yyoa5NQdnmivCFHNJm8bfDOw3txYzlN14AvGK86HwpZawCtrsPRVPIPoUtCREpe5qpMSH0aql3zfmFrjwXG2s3xCBdxZ5tssPi73ICfLyhkcktnkMDDTYuQBErdcoCbrKMQjjbr0PXCd6f3g--[1].jpg not found!
C:\Documents and Settings\David Higginbotham\Local Settings\Temp\REG3D1.tmp moved successfully.
C:\Documents and Settings\David Higginbotham\Local Settings\Temp\REG3D2.tmp moved successfully.
C:\Documents and Settings\David Higginbotham\Local Settings\Temporary Internet Files\Content.IE5\5ZVJ98IT\topic455078[1].html moved successfully.
C:\Documents and Settings\David Higginbotham\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_230.dat moved successfully.


Registry entries deleted on Reboot...


Thanks for your help!

Judie


909090...J



[font=Verdana][size=4][color=#660000]"Observed knowledge is lost if it isn't shared!"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users