Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: AdWare.Win32.Zwangi.v


(!)

SCAREFACE5's Avatar
SCAREFACE5 SCAREFACE5 is offline
Computer Specs
Member with 14 posts.
THREAD STARTER
 
Join Date: Jun 2012
Experience: Beginner
29-Jun-2012, 03:16 PM #1
AdWare.Win32.Zwangi.v
Avast found this during a complete scan and put it in chest: AdWare.Win32.Zwangi.v
This is my first post in your forum and wpop-upsould appreciate your help.Symptoms are slow computer,random freeze,pop-ups,strange behavior.


Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista™ Home Premium, Service Pack 2, 32 bit
Processor: AMD Athlon(tm) X2 Dual-Core QL-64, x64 Family 17 Model 3 Stepping 1
Processor Count: 2
RAM: 2813 Mb
Graphics Card: ATI Radeon HD 3200 Graphics, 256 Mb
Hard Drives: C: Total - 228472 MB, Free - 109687 MB;
Motherboard: Acer, JV50PU
Antivirus: avast! Antivirus, Updated and Enabled

As requested in your instructions here are my logs

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:03:29 PM, on 6/29/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Users\Phil\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\PLFSetI.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\Dwm.exe
C:\Users\Phil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...&m=aspire_5536
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/defaultf.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...&m=aspire_5536
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?st=2&barid=...0-001F16AAA148}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
R3 - URLSearchHook: Elf 1.13 Toolbar - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf0.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\sdhelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: blekko search bar - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files\blekkotb_031\blekkotb_019X.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Elf 1.13 - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Elf 1.13 Toolbar - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf0.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: blekko search bar - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files\blekkotb_031\blekkotb_019X.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Phil\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Search Image on TinEye - file://C:\Users\Phil\Documents\TinEye 1.0\TinEye.js
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\sdhelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\sdhelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://elklake.viewnetcam.com:50000/SysCamInst.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01...PUplden-ca.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1ca66305065ca40) (gupdate1ca66305065ca40) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 12255 bytes

DDS.TXT

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Phil at 14:23:48 on 2012-06-29
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1584 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Users\Phil\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\PLFSetI.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.sympatico.ca/defaultf.aspx
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0809&m=aspire_5536
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0809&m=aspire_5536
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0809&m=aspire_5536
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
uURLSearchHooks: Elf 1.13 Toolbar: {b80f591e-fe9a-46cf-a13e-180377240586} - c:\program files\elf_1.13\prxtbElf0.dll
mURLSearchHooks: Elf 1.13 Toolbar: {b80f591e-fe9a-46cf-a13e-180377240586} - c:\program files\elf_1.13\prxtbElf0.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\sdhelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: blekko search bar: {8769adce-dba5-48e9-afb5-67b12cdf2e61} - c:\program files\blekkotb_031\blekkotb_019X.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Elf 1.13 Toolbar: {b80f591e-fe9a-46cf-a13e-180377240586} - c:\program files\elf_1.13\prxtbElf0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: Elf 1.13 Toolbar: {b80f591e-fe9a-46cf-a13e-180377240586} - c:\program files\elf_1.13\prxtbElf0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: blekko search bar: {8769adce-dba5-48e9-afb5-67b12cdf2e61} - c:\program files\blekkotb_031\blekkotb_019X.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [msnmsgr] ~"c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\users\phil\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [BackupManagerTray] "c:\program files\newtech infosystems\acer backup manager\BackupManagerTray.exe" -k
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Anti-phishing Domain Advisor] "c:\programdata\anti-phishing domain advisor\visicom_antiphishing.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Search Image on TinEye - file://c:\users\phil\documents\tineye 1.0\TinEye.js
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\sdhelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://elklake.viewnetcam.com:50000/SysCamInst.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-ca.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{14D842BA-F967-4AB2-8F57-6CA2466D98EA} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{40BB3828-1431-4235-9BEA-51467DE7403D} : DhcpNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-23 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-10-4 337880]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-4 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-10-4 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-24 44768]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2009-8-8 653856]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2008-1-20 21504]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-4-1 54528]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-10-9 2358656]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-9-4 223232]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-8-8 22072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca66305065ca40;Google Update Service (gupdate1ca66305065ca40);c:\program files\google\update\GoogleUpdate.exe [2009-11-15 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-2 257696]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-20 179712]
S3 cpuz134;cpuz134;c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys [2011-1-3 20328]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-4-16 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-8-8 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-15 133104]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-06-29 17:27:22 -------- d-----w- c:\users\phil\appdata\local\{E881403B-32D7-4069-B8F4-562E9C23ED74}
2012-06-29 17:27:19 -------- d-----w- c:\users\phil\appdata\local\{BD6D1C2C-1A9E-4FD6-AB1D-2858D136C4A6}
2012-06-29 15:45:06 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{55f3d795-0aac-42a9-a429-74da165954c0}\mpengine.dll
2012-06-28 19:39:36 -------- d-----w- c:\users\phil\appdata\local\{CC1DCA66-39DF-41E2-89B5-E3C77C467661}
2012-06-28 19:39:31 -------- d-----w- c:\users\phil\appdata\local\{F6DB95A5-009F-4DA9-BC5D-038000B14EBE}
2012-06-28 15:05:58 -------- d-----w- c:\users\phil\appdata\local\{3EFD9FBA-3B4A-44EA-8ACD-6D415DD0D27B}
2012-06-27 14:17:20 -------- d-----w- c:\users\phil\appdata\local\{B566A19E-DF32-4C4F-8379-503875FE69B7}
2012-06-27 14:17:17 -------- d-----w- c:\users\phil\appdata\local\{41561D94-D9A4-4588-8329-E045D76461E8}
2012-06-27 13:47:23 -------- d-----w- c:\program files\Oracle
2012-06-27 13:46:34 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-26 15:52:15 -------- d-----w- c:\users\phil\appdata\roaming\Canneverbe Limited
2012-06-26 15:52:15 -------- d-----w- c:\programdata\Canneverbe Limited
2012-06-26 02:11:35 -------- d-----w- c:\users\phil\appdata\local\{35EE7985-A110-4400-95C5-918F22B89384}
2012-06-26 02:11:33 -------- d-----w- c:\users\phil\appdata\local\{38F214B4-2A1F-4BD5-9351-B1C071217EAA}
2012-06-26 01:47:02 -------- d-----w- c:\users\phil\appdata\local\{F412997C-9967-404F-9E69-5E8D056B9144}
2012-06-25 17:33:01 -------- d-----w- c:\programdata\blekko toolbars
2012-06-25 17:32:57 -------- d-----w- c:\program files\Yontoo
2012-06-25 17:32:54 -------- d-----w- c:\program files\blekkotb_031
2012-06-25 17:32:51 -------- d-----w- c:\programdata\Tarma Installer
2012-06-25 17:32:50 -------- d-----w- c:\users\phil\appdata\local\blekkotb_031
2012-06-25 17:32:46 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2012-06-21 13:44:19 -------- d-----w- c:\users\phil\appdata\local\{69B6C912-A0C6-4F03-AE9F-90ADA5A06222}
2012-06-21 13:44:17 -------- d-----w- c:\users\phil\appdata\local\{2B574878-8717-4953-A324-EAA07A7B7380}
2012-06-19 15:48:41 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 15:47:59 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 15:47:40 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 15:47:40 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-18 20:14:49 -------- d-----w- c:\users\phil\appdata\local\{C83A0BEE-02C5-4665-A9E2-8AC1D7E3BFB9}
2012-06-18 20:14:45 -------- d-----w- c:\users\phil\appdata\local\{C0537E5C-8EF2-4EED-8E83-070BB5490768}
2012-06-14 01:27:54 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 01:27:54 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 01:27:53 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 01:27:36 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 01:27:34 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 01:24:06 -------- d-----w- c:\users\phil\appdata\local\{25AFBE34-46A7-424B-B6F8-AFB54B4F49CD}
2012-06-14 01:23:51 -------- d-----w- c:\users\phil\appdata\local\{979788EC-9B80-480C-93A0-347355E0F200}
2012-06-13 00:20:48 -------- d-----w- c:\users\phil\appdata\local\{0F7BC9D3-C3DC-4B3E-B7EB-5DBDC2A46EAE}
2012-06-13 00:20:45 -------- d-----w- c:\users\phil\appdata\local\{0D5B6DD9-918A-4CA5-B7AE-D87DD8E35917}
2012-06-11 21:26:49 -------- d-----w- c:\users\phil\appdata\local\{1E5D2B47-C581-43F7-A62B-37724F5CF772}
2012-06-11 21:26:44 -------- d-----w- c:\users\phil\appdata\local\{37E90820-F2DB-4279-A0FD-3E5C405BEC1B}
2012-06-11 11:07:59 -------- d-----w- c:\users\phil\appdata\local\{2EA1DCC9-A4F5-475C-A1CE-BE8C3BA19BEC}
2012-06-11 11:07:52 -------- d-----w- c:\users\phil\appdata\local\{6834FFBF-9007-445D-8C3A-2C266548D1E5}
2012-06-10 20:22:46 -------- d-----w- c:\users\phil\appdata\local\{2FC1EA94-F4D4-419F-9959-730DCC1D5FC3}
2012-06-10 20:22:43 -------- d-----w- c:\users\phil\appdata\local\{A1DA3AE3-ECF3-4CC3-9972-BEA273D5BB0C}
2012-06-10 00:08:07 -------- d-----w- c:\users\phil\appdata\local\{394C5B99-3E31-46AA-82B2-B4F62C0FB92B}
2012-06-10 00:07:59 -------- d-----w- c:\users\phil\appdata\local\{BA1E22E3-CD72-4BFD-BE17-3E650B79EC1F}
2012-06-08 14:35:38 -------- d-----w- c:\users\phil\appdata\local\{0ED82A53-A434-4268-B8BF-75F8060A6CDB}
2012-06-08 14:35:35 -------- d-----w- c:\users\phil\appdata\local\{0A99AF5A-A6C5-42E7-9A40-5D61E524FE63}
2012-06-07 16:37:49 -------- d-----w- c:\users\phil\appdata\local\{BED26DE1-3A2F-4DB6-892E-1995A4D2D91D}
2012-06-07 16:37:47 -------- d-----w- c:\users\phil\appdata\local\{640C698A-AC10-4CA3-AA1B-B1F0A847AB3A}
2012-06-06 22:00:23 -------- d-----w- c:\users\phil\appdata\local\{37DEAF08-F2BD-41C0-A630-03AF1A1006E8}
2012-06-06 22:00:22 -------- d-----w- c:\users\phil\appdata\local\{3A86F3F0-FD71-4F41-A38C-A6A64E1770F6}
2012-06-04 15:08:57 -------- d-----w- c:\users\phil\appdata\local\{B9C94088-259F-45DA-B99B-0F3C40F027BC}
2012-06-04 15:08:55 -------- d-----w- c:\users\phil\appdata\local\{5C3BF608-08F8-4C57-B724-52611D470167}
2012-06-03 17:13:33 -------- d-----w- c:\users\phil\appdata\local\{BD6068D4-80C5-4E40-B6AE-8F254887C636}
2012-06-03 17:13:31 -------- d-----w- c:\users\phil\appdata\local\{9326B342-E66B-4B32-A771-E9660715C409}
2012-06-02 13:26:19 -------- d-----w- c:\users\phil\appdata\local\{E429902F-8BAD-421D-99E8-ACFEB4B98123}
2012-06-02 13:26:16 -------- d-----w- c:\users\phil\appdata\local\{78B73113-A0E3-4572-BDA7-01B35B8DDCDC}
2012-06-01 19:48:31 -------- d-----w- c:\users\phil\appdata\local\{C76FA1A4-314A-4D02-BABC-574817969919}
2012-06-01 19:48:28 -------- d-----w- c:\users\phil\appdata\local\{0BA1AB8E-85D4-463B-968D-888D645208F5}
2012-05-31 16:08:12 -------- d-----w- c:\users\phil\appdata\local\{C0610ABA-2E20-4B22-B2DD-3B4D635B548B}
2012-05-31 16:08:09 -------- d-----w- c:\users\phil\appdata\local\{9817B92D-86F7-4226-AF9C-D7C4494F5860}
.
==================== Find3M ====================
.
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-05 20:57:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 20:57:07 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 23:29:16 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
============= FINISH: 14:26:01.47 ===============

dds.att

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/8/2009 2:22:46 AM
System Uptime: 6/29/2012 11:32:48 AM (3 hours ago)
.
Motherboard: Acer | | JV50PU
Processor: AMD Athlon(tm) X2 Dual-Core QL-64 | Socket S1G2 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 107.126 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP799: 6/19/2012 11:47:09 AM - Windows Update
RP800: 6/19/2012 12:01:35 PM - Windows Update
RP801: 6/21/2012 4:31:39 PM - Scheduled Checkpoint
RP802: 6/22/2012 12:11:10 PM - Scheduled Checkpoint
RP803: 6/24/2012 9:39:47 AM - Scheduled Checkpoint
RP804: 6/25/2012 3:35:25 PM - Scheduled Checkpoint
RP805: 6/26/2012 9:31:48 AM - Windows Update
RP806: 6/27/2012 9:44:52 AM - Installed Java(TM) 7 Update 5
RP807: 6/27/2012 9:46:45 AM - Installed JavaFX 2.1.1
RP808: 6/27/2012 9:57:58 AM - Removed QuickTime
RP809: 6/28/2012 3:23:01 PM - Scheduled Checkpoint
RP810: 6/29/2012 11:43:47 AM - Windows Update
.
==== Installed Programs ======================
.
Acer Backup Manager
Acer Crystal Eye webcam Ver:1.1.74.216
Acer ePower Management
Acer eRecovery Management
Acer GridVista
Acer Registration
Acer ScreenSaver
Acrobat.com
Adobe Acrobat 4.0
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 2.0
Adobe Reader 9.5.1
AMD USB Audio Driver Filter
Anti-phishing Domain Advisor
ATI Catalyst Install Manager
Auslogics Disk Defrag
avast! Free Antivirus
Backup Manager Basic
blekko search bar
Broadcom Gigabit NetLink Controller
Canon ScanGear Toolbox 3.1
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CDBurnerXP
Chinese Simplified Fonts Support For Adobe Reader 9
Compatibility Pack for the 2007 Office system
Conduit Engine
D3DX10
Elf 1.13 Toolbar
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
GPL Ghostscript 8.70
HDAUDIO Soft Data Fax Modem with SmartCP
HiJackThis
honestech VHS to DVD 5.0 Deluxe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Inkscape 0.46
Japanese Fonts Support For Adobe Reader 9
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 7 Update 5
JavaFX 2.1.1
Junk Mail filter update
Launch Manager
Luxor Deluxe
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office PowerPoint Viewer 2007 (French)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
OGA Notifier 2.0.0048.0
PC Wizard 2010.1.96
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Scan Manager 5.2
Scribus 1.3.3.13
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Segoe UI
Skype Click to Call
Skype™ 5.5
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
SpywareBlaster 4.4
SUPERAntiSpyware
SweetIM for Messenger 3.6
SweetIM Toolbar for Internet Explorer 4.2
Synaptics Pointing Device Driver
TeamViewer 6
TinEye Internet Explorer plugin 1.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
USB2.0 VIDBOX NW03
VLC media player 1.1.5
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPatrol 2009
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar
Yontoo 1.10.02
Zylom Games Player Plugin
.
==== Event Viewer Messages From Past Week ========
.
6/29/2012 11:34:36 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 0017C499B723 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
6/29/2012 11:34:03 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/29/2012 1:49:41 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 0017C499B723 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
6/26/2012 9:14:03 AM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0017C499B723. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
6/22/2012 9:08:28 AM, Error: disk [11] - The driver detected a controller error on \Device\Harddisk0\DR0.
.
==== End Of File ===========================

GMER LOG

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-06-29 14:38:57
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000005e WDC_WD25 rev.11.0
Running: ezqscncu.exe; Driver: C:\Users\Phil\AppData\Local\Temp\kgldapod.sys

---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x9087ED92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,458 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
29-Jun-2012, 04:03 PM #2
Run the following and post the logs please:

Download OTL from any of the following links and save to your desktop.

Link 1
Link 2
Link3

Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)
  • Please check the box next to "LOP check" and "Purtiy check"
  • Click Run Scan and let the program run uninterrupted.
  • When the scan is complete, two text files will be created on your Desktop.
  • OTL.Txt <- this one will be opened
  • Extras.txt <- this one will be minimized

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

Kevin..
SCAREFACE5's Avatar
SCAREFACE5 SCAREFACE5 is offline
Computer Specs
Member with 14 posts.
THREAD STARTER
 
Join Date: Jun 2012
Experience: Beginner
29-Jun-2012, 05:14 PM #3
kevinf80 Thanks for your prompt response,here are the logs.

OTL logfile created on: 6/29/2012 4:38:33 PM - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Phil\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 54.44% Memory free
5.72 Gb Paging File | 4.19 Gb Available in Paging File | 73.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.12 Gb Total Space | 107.11 Gb Free Space | 48.01% Space Free | Partition Type: NTFS

Computer Name: PHIL-PC | User Name: Phil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/29 16:37:32 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Phil\Downloads\OTL.com
PRC - [2012/06/28 19:31:18 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Phil\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2012/06/20 19:23:58 | 003,905,408 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/05/05 16:57:06 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
PRC - [2012/05/03 14:07:40 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2012/03/06 20:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/03/06 20:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/02/25 13:33:05 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/08/30 12:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2009/10/10 17:07:08 | 000,320,832 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2009/08/08 14:48:21 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/01 21:06:08 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/04/01 21:06:02 | 000,054,528 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/02/18 23:42:50 | 000,866,824 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2009/02/06 12:07:06 | 000,653,856 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/29 11:34:25 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/06/29 11:34:23 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/06/15 17:02:11 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf2 0ff12c7f440837b\System.Web.ni.dll
MOD - [2012/06/14 08:29:15 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cf a7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 08:29:03 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c 657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/05/11 09:37:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf 2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/11 09:36:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaa a03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/11 09:36:38 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a03114 5849bc48c11b2cfe58\Accessibility.ni.dll
MOD - [2012/05/11 09:17:08 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9 056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/11 09:14:57 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31 935ef7d001b\System.ni.dll
MOD - [2012/05/11 09:14:47 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444 f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/11/02 13:13:26 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/11/02 13:13:26 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2009/09/14 18:36:08 | 000,506,711 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2009/08/08 14:48:21 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009/08/08 02:22:30 | 001,728,512 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0 .3364.37101__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dl l
MOD - [2009/08/08 02:22:30 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3364. 37179__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009/08/08 02:22:30 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3364.37083__90b a9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009/08/08 02:22:30 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3364 .37103__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009/08/08 02:22:30 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3364. 37160__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009/08/08 02:22:30 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3364.37091__9 0ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009/08/08 02:22:30 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3364. 37141__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009/08/08 02:22:30 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3364.37097__90ba 9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009/08/08 02:22:30 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0 .3364.37128__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dl l
MOD - [2009/08/08 02:22:30 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2. 0.3364.37092__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime. dll
MOD - [2009/08/08 02:22:29 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3364 .37130__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009/08/08 02:22:29 | 000,712,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\ 2.0.3364.37092__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashbo ard.dll
MOD - [2009/08/08 02:22:29 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\ 2.0.3364.37104__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashbo ard.dll
MOD - [2009/08/08 02:22:29 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3364.37 155__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009/08/08 02:22:29 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.336 4.37146__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009/08/08 02:22:29 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3 364.37103__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009/08/08 02:22:29 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2. 0.3364.37179__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard. dll
MOD - [2009/08/08 02:22:29 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3364 .37180__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009/08/08 02:22:29 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\ 2.0.3364.37139__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashbo ard.dll
MOD - [2009/08/08 02:22:29 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3364.3 7147__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009/08/08 02:22:29 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3364.3 7129__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009/08/08 02:22:29 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3364. 37146__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009/08/08 02:22:29 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0. 3364.37178__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2009/08/08 02:22:29 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2. 0.3364.37107__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime. dll
MOD - [2009/08/08 02:22:29 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2. 0.3364.37138__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime. dll
MOD - [2009/08/08 02:22:28 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.33 64.37129__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009/08/08 02:22:28 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.33 64.37140__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2009/08/08 02:22:28 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3364. 37108__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2009/08/08 02:22:28 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762 e\CLI.Foundation.dll
MOD - [2009/08/08 02:22:28 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3364 .37128__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009/08/08 02:22:28 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba 9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009/08/08 02:22:28 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f84 6762e\DEM.Graphics.I0601.dll
MOD - [2009/08/08 02:22:28 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3364 .37129__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009/08/08 02:22:28 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762 e\LOG.Foundation.dll
MOD - [2009/08/08 02:22:28 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3364 .37140__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009/08/08 02:22:28 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846 762e\NEWAEM.Foundation.dll
MOD - [2009/08/08 02:22:28 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9 c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009/08/08 02:22:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\ DEM.OS.I0602.dll
MOD - [2009/08/08 02:22:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90 ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009/08/08 02:22:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617_ _90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009/08/08 02:22:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90 ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009/08/08 02:22:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba 9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009/08/08 02:22:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c 70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009/08/08 02:22:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762 e\MOM.Foundation.dll
MOD - [2009/08/08 02:22:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS .dll
MOD - [2009/08/08 02:22:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f84 6762e\DEM.Graphics.I0706.dll
MOD - [2009/08/08 02:22:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\ DEM.Graphics.dll
MOD - [2009/08/08 02:22:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762 e\DEM.Foundation.dll
MOD - [2009/08/08 02:22:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__9 0ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009/08/08 02:22:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.2863 1__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009/08/08 02:22:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.2 8630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009/08/08 02:22:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__ 90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2009/08/08 02:22:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70 f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2009/08/08 02:22:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f 846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009/08/08 02:22:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70 f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009/08/08 02:22:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c7 0f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009/08/08 02:22:28 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dl l
MOD - [2009/08/08 02:22:27 | 000,503,808 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2 .0.3364.37207__90ba9c70f846762e\ResourceManagement.Foundation.Implementatio n.dll
MOD - [2009/08/08 02:22:27 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3364.37174__90ba9c70f84 6762e\MOM.Implementation.dll
MOD - [2009/08/08 02:22:27 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.2 8636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009/08/08 02:22:27 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3364.37172__ 90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009/08/08 02:22:27 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.2 8636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009/08/08 02:22:27 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28 634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009/08/08 02:22:27 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309. 28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009/08/08 02:22:27 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309. 28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009/08/08 02:22:27 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3364.37188__9 0ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009/08/08 02:22:27 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309. 28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009/08/08 02:22:27 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.2 8636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009/08/08 02:22:27 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c7 0f846762e\LOG.Foundation.Private.dll
MOD - [2009/08/08 02:22:27 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0. 3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009/08/08 02:22:27 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3 309.28644__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2009/08/08 02:22:27 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0 .3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dl l
MOD - [2009/08/08 02:22:27 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309. 28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009/08/08 02:22:27 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3 309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009/08/08 02:22:27 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0 .3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dl l
MOD - [2009/08/08 02:22:27 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.1 7685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2009/08/08 02:22:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309 .28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2009/08/08 02:22:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309 .28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009/08/08 02:22:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0 .3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dl l
MOD - [2009/08/08 02:22:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762 e\APM.Foundation.dll
MOD - [2009/08/08 02:22:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846 762e\AEM.Server.Shared.dll
MOD - [2009/08/08 02:22:27 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\A xInterop.WBOCXLib.dll
MOD - [2009/08/08 02:22:27 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop. WBOCXLib.dll
MOD - [2009/08/08 02:22:27 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3364.3 7078__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009/08/08 02:22:26 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3364.37087__90ba9c 70f846762e\CLI.Component.Dashboard.dll
MOD - [2009/08/08 02:22:26 | 000,544,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3364.37168__90ba9 c70f846762e\CLI.Component.Systemtray.dll
MOD - [2009/08/08 02:22:26 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3364.37097__90ba9c70f 846762e\CLI.Component.Wizard.dll
MOD - [2009/08/08 02:22:26 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3364.37080__90ba9c70 f846762e\CLI.Component.Runtime.dll
MOD - [2009/08/08 02:22:26 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3364.37081__90ba9c70f846762e\ATID EMOS.dll
MOD - [2009/08/08 02:22:26 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3364.37080__90ba9c70f846762e\AP M.Server.dll
MOD - [2009/08/08 02:22:26 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3364.37082__90ba 9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2009/08/08 02:22:26 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309. 28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009/08/08 02:22:26 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3364.37079__90ba9c70f846762e\AE M.Server.dll
MOD - [2009/08/08 02:22:26 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c7 0f846762e\CLI.Foundation.Private.dll
MOD - [2009/08/08 02:22:26 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.2 8621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009/08/08 02:22:26 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dl l
MOD - [2009/08/08 02:22:26 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3364.37173__90ba9c70f84 6762e\CCC.Implementation.dll
MOD - [2009/08/08 02:22:26 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.2 8627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009/08/08 02:22:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.330 9.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009/08/08 02:22:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0. 3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009/03/18 23:16:10 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2009/02/02 17:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2009/01/26 14:56:58 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2003/06/07 17:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/05/05 16:57:11 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/06 20:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/30 12:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2009/04/01 21:06:02 | 000,054,528 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/02/06 12:07:06 | 000,653,856 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009/01/16 14:53:30 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Phil\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Phil\AppData\Local\Temp\kgldapod.sys -- (kgldapod)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/03/06 20:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 20:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 20:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 20:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 20:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/06 20:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/07/09 13:18:56 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys -- (cpuz134)
DRV - [2009/09/30 07:53:12 | 001,184,768 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/03/19 00:06:28 | 004,386,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/02/20 22:10:00 | 000,153,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009/01/16 14:53:32 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/10/03 13:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2008/09/04 00:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008/05/28 17:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2008/04/28 10:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2007/06/22 18:59:24 | 000,479,232 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007/02/06 17:38:02 | 000,028,288 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...&m=aspire_5536
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=...&m=aspire_5536
IE - HKLM\..\URLSearchHook: {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourcei...g}&rlz=1I7ACAW

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...&m=aspire_5536
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/defaultf.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {54656EAD-A161-4E79-AA8F-7EEFF0BD6AA0}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=WLET...c=IE-SearchBox
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348dd...q={searchTerms}
IE - HKCU\..\SearchScopes\{54656EAD-A161-4E79-AA8F-7EEFF0BD6AA0}: "URL" = http://www.google.ca/search?q={searc...W_enCA339CA340
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourcei...g}&rlz=1I7ACAW
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear...}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Phil\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Phil\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Blekko (Enabled)
CHR - default_search_provider: search_url = http://blekko.com/ws/?source=c3348dd...q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Phil\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogle NaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Phil\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Phil\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32. dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSky peChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Skype Click to Call = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Gmail = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/11 11:59:29 | 000,441,503 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15177 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\sdhelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files\blekkotb_031\blekkotb_019X.dll ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Elf 1.13 Toolbar) - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf0.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files\blekkotb_031\blekkotb_019X.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Elf 1.13 Toolbar) - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Elf 1.13 Toolbar) - {B80F591E-FE9A-46CF-A13E-180377240586} - C:\Program Files\Elf_1.13\prxtbElf0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Search Image on TinEye - file://C:\Users\Phil\Documents\TinEye 1.0\TinEye.js File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\sdhelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite....x/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} http://elklake.viewnetcam.com:50000/SysCamInst.cab (Panasonic Network Camera)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.0.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01...PUplden-ca.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14D842BA-F967-4AB2-8F57-6CA2466D98EA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40BB3828-1431-4235-9BEA-51467DE7403D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Phil\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Phil\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9695b8c8-8685-11de-8058-001f16aaa148}\Shell - "" = AutoRun
O33 - MountPoints2\{9695b8c8-8685-11de-8058-001f16aaa148}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/29 13:27:22 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{E881403B-32D7-4069-B8F4-562E9C23ED74}
[2012/06/29 13:27:19 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{BD6D1C2C-1A9E-4FD6-AB1D-2858D136C4A6}
[2012/06/28 15:39:36 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{CC1DCA66-39DF-41E2-89B5-E3C77C467661}
[2012/06/28 15:39:31 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{F6DB95A5-009F-4DA9-BC5D-038000B14EBE}
[2012/06/28 11:05:58 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{3EFD9FBA-3B4A-44EA-8ACD-6D415DD0D27B}
[2012/06/27 10:17:20 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{B566A19E-DF32-4C4F-8379-503875FE69B7}
[2012/06/27 10:17:17 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{41561D94-D9A4-4588-8329-E045D76461E8}
[2012/06/27 09:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/27 09:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/06/27 09:46:34 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/06/27 09:46:34 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/06/27 09:45:54 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/06/27 09:45:54 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/06/26 11:52:15 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Roaming\Canneverbe Limited
[2012/06/26 11:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2012/06/26 11:51:45 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2012/06/25 22:11:35 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{35EE7985-A110-4400-95C5-918F22B89384}
[2012/06/25 22:11:33 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{38F214B4-2A1F-4BD5-9351-B1C071217EAA}
[2012/06/25 21:47:02 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{F412997C-9967-404F-9E69-5E8D056B9144}
[2012/06/25 13:49:14 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Roaming\dvdcss
[2012/06/25 13:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2012/06/25 13:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2012/06/25 13:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\blekkotb_031
[2012/06/25 13:32:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/06/25 13:32:50 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\blekkotb_031
[2012/06/25 13:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Anti-phishing Domain Advisor
[2012/06/21 09:44:19 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{69B6C912-A0C6-4F03-AE9F-90ADA5A06222}
[2012/06/21 09:44:17 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{2B574878-8717-4953-A324-EAA07A7B7380}
[2012/06/19 11:48:41 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/19 11:48:41 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/19 11:47:59 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/19 11:47:59 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/19 11:47:59 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/19 11:47:40 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/19 11:47:40 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/18 16:14:49 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{C83A0BEE-02C5-4665-A9E2-8AC1D7E3BFB9}
[2012/06/18 16:14:45 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{C0537E5C-8EF2-4EED-8E83-070BB5490768}
[2012/06/13 21:58:11 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/13 21:58:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/13 21:58:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/13 21:58:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/13 21:58:05 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/13 21:58:05 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/13 21:58:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/13 21:27:34 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/13 21:24:06 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{25AFBE34-46A7-424B-B6F8-AFB54B4F49CD}
[2012/06/13 21:23:51 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{979788EC-9B80-480C-93A0-347355E0F200}
[2012/06/12 20:20:48 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{0F7BC9D3-C3DC-4B3E-B7EB-5DBDC2A46EAE}
[2012/06/12 20:20:45 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{0D5B6DD9-918A-4CA5-B7AE-D87DD8E35917}
[2012/06/12 20:09:54 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/06/11 17:26:49 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{1E5D2B47-C581-43F7-A62B-37724F5CF772}
[2012/06/11 17:26:44 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{37E90820-F2DB-4279-A0FD-3E5C405BEC1B}
[2012/06/11 07:07:59 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{2EA1DCC9-A4F5-475C-A1CE-BE8C3BA19BEC}
[2012/06/11 07:07:52 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{6834FFBF-9007-445D-8C3A-2C266548D1E5}
[2012/06/10 16:22:46 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{2FC1EA94-F4D4-419F-9959-730DCC1D5FC3}
[2012/06/10 16:22:43 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{A1DA3AE3-ECF3-4CC3-9972-BEA273D5BB0C}
[2012/06/09 20:08:07 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{394C5B99-3E31-46AA-82B2-B4F62C0FB92B}
[2012/06/09 20:07:59 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{BA1E22E3-CD72-4BFD-BE17-3E650B79EC1F}
[2012/06/08 10:35:38 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{0ED82A53-A434-4268-B8BF-75F8060A6CDB}
[2012/06/08 10:35:35 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{0A99AF5A-A6C5-42E7-9A40-5D61E524FE63}
[2012/06/07 12:37:49 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{BED26DE1-3A2F-4DB6-892E-1995A4D2D91D}
[2012/06/07 12:37:47 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{640C698A-AC10-4CA3-AA1B-B1F0A847AB3A}
[2012/06/06 18:00:23 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{37DEAF08-F2BD-41C0-A630-03AF1A1006E8}
[2012/06/06 18:00:22 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{3A86F3F0-FD71-4F41-A38C-A6A64E1770F6}
[2012/06/04 11:08:57 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{B9C94088-259F-45DA-B99B-0F3C40F027BC}
[2012/06/04 11:08:55 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{5C3BF608-08F8-4C57-B724-52611D470167}
[2012/06/03 13:13:33 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{BD6068D4-80C5-4E40-B6AE-8F254887C636}
[2012/06/03 13:13:31 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{9326B342-E66B-4B32-A771-E9660715C409}
[2012/06/02 09:26:19 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{E429902F-8BAD-421D-99E8-ACFEB4B98123}
[2012/06/02 09:26:16 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{78B73113-A0E3-4572-BDA7-01B35B8DDCDC}
[2012/06/01 15:48:31 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{C76FA1A4-314A-4D02-BABC-574817969919}
[2012/06/01 15:48:28 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{0BA1AB8E-85D4-463B-968D-888D645208F5}
[2012/05/31 12:08:12 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{C0610ABA-2E20-4B22-B2DD-3B4D635B548B}
[2012/05/31 12:08:09 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{9817B92D-86F7-4226-AF9C-D7C4494F5860}
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/29 16:37:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/29 16:18:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2820552551-3219308499-3261675547-1000UA.job
[2012/06/29 16:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/29 15:36:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/29 15:36:41 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/29 15:36:41 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/29 14:00:45 | 000,002,521 | ---- | M] () -- C:\Users\Phil\Desktop\HiJackThis.lnk
[2012/06/29 11:33:24 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/29 11:33:09 | 2951,069,696 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/28 22:48:57 | 000,157,696 | ---- | M] () -- C:\Users\Phil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/28 17:18:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2820552551-3219308499-3261675547-1000Core.job
[2012/06/27 09:45:35 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/06/27 09:45:35 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/06/26 12:28:38 | 000,001,723 | ---- | M] () -- C:\Users\Phil\Documents\Mes souvenirs (GRAVURE EXTRA).dxp
[2012/06/26 11:52:00 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012/06/25 16:34:55 | 3567,321,088 | ---- | M] () -- C:\Users\Phil\Documents\VHS to DVD.iso
[2012/06/21 09:02:42 | 000,001,356 | ---- | M] () -- C:\Users\Phil\AppData\Local\d3d9caps.dat
[2012/06/14 08:24:20 | 000,294,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/13 22:07:11 | 000,608,644 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/13 22:07:11 | 000,106,114 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/13 07:28:40 | 000,001,383 | ---- | M] () -- C:\Users\Phil\Desktop\Google Chrome - Shortcut.lnk
[2012/06/11 16:05:49 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/10 22:40:27 | 000,025,552 | ---- | M] () -- C:\Users\Phil\Documents\cc_20120610_224019.reg
[2012/06/06 17:35:21 | 000,000,218 | ---- | M] () -- C:\Users\Phil\.recently-used.xbel
[2012/06/02 18:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/02 18:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/02 18:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/02 18:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/02 18:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/01 16:15:54 | 000,002,643 | ---- | M] () -- C:\Users\Phil\Documents\Base du mur de brique a reparer(1).lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/26 12:28:37 | 000,001,723 | ---- | C] () -- C:\Users\Phil\Documents\Mes souvenirs (GRAVURE EXTRA).dxp
[2012/06/26 11:52:00 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012/06/26 11:52:00 | 000,001,688 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012/06/25 16:31:49 | 3567,321,088 | ---- | C] () -- C:\Users\Phil\Documents\VHS to DVD.iso
[2012/06/13 07:28:40 | 000,001,383 | ---- | C] () -- C:\Users\Phil\Desktop\Google Chrome - Shortcut.lnk
[2012/06/12 20:07:42 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2820552551-3219308499-3261675547-1000UA.job
[2012/06/12 20:07:41 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2820552551-3219308499-3261675547-1000Core.job
[2012/06/10 22:40:22 | 000,025,552 | ---- | C] () -- C:\Users\Phil\Documents\cc_20120610_224019.reg
[2012/06/06 17:35:21 | 000,000,218 | ---- | C] () -- C:\Users\Phil\.recently-used.xbel
[2012/06/01 16:22:57 | 000,002,643 | ---- | C] () -- C:\Users\Phil\Documents\Base du mur de brique a reparer(1).lnk
[2012/02/11 12:33:21 | 000,000,109 | ---- | C] () -- C:\Windows\wininit.ini
[2011/10/20 10:36:06 | 000,000,000 | ---- | C] () -- C:\Users\Phil\AppData\Local\{365354EA-B50B-4FBC-B8DA-741C69AD9959}
[2011/10/20 10:34:07 | 000,000,000 | ---- | C] () -- C:\Users\Phil\AppData\Local\{07CDB7FF-0FA0-4CA5-830D-0A2233F6A134}
[2011/10/19 09:45:30 | 000,000,000 | ---- | C] () -- C:\Users\Phil\AppData\Local\{AFA8D902-5D60-44CD-8148-1F31A80D35A1}
[2011/10/19 09:43:30 | 000,000,000 | ---- | C] () -- C:\Users\Phil\AppData\Local\{53417C61-8AE2-4874-9F5F-A034279B8067}
[2011/03/10 17:34:19 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/02/11 15:15:03 | 000,008,575 | ---- | C] () -- C:\Windows\System32\D125UFW.INI

========== LOP Check ==========

[2010/03/02 12:15:50 | 000,000,000 | -HSD | M] -- C:\Users\Phil\AppData\Roaming\.#
[2009/08/08 15:07:49 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Acer
[2009/03/10 19:11:17 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Acer GameZone Console
[2011/01/29 14:16:04 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Auslogics
[2012/01/20 15:28:46 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Babylon
[2012/06/26 11:52:15 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Canneverbe Limited
[2012/06/28 16:27:40 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Canon
[2011/12/29 12:19:08 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B 320485DF8CE.1
[2009/08/17 12:09:36 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\eSobi
[2009/12/25 00:02:42 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\GARMIN
[2012/06/06 17:35:19 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\gtk-2.0
[2009/11/12 12:03:48 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Inkscape
[2011/03/14 19:21:32 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\iWin
[2009/08/19 21:01:23 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\PlayFirst
[2010/02/21 15:12:56 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\SoftDMA
[2011/01/11 14:53:12 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\TeamViewer
[2009/12/27 17:44:05 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\vghd
[2010/10/27 17:48:04 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Windows Live Writer
[2009/10/12 17:35:22 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\WinPatrol
[2009/11/21 18:29:50 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Zylom
[2012/06/28 22:59:39 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TempCAF903C
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:B203B914
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:131C0EE9
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:BB24555F
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:B623B5B8
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:9E22BBE8
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:4F636E25
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:F7862839
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:CE0A077E
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:35759C73
< End of report >

Extras.txt

OTL Extras logfile created on: 6/29/2012 4:38:33 PM - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Phil\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 54.44% Memory free
5.72 Gb Paging File | 4.19 Gb Available in Paging File | 73.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.12 Gb Total Space | 107.11 Gb Free Space | 48.01% Space Free | Partition Type: NTFS

Computer Name: PHIL-PC | User Name: Phil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{3FF2E6DE-DCF5-49C4-B5C7-B889FC7B3184}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7E14CEDC-3630-4628-A0E7-A1FDBF1E7187}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9F79B550-88EB-4B06-B8F9-54949A47D12E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D9BD4C74-881A-4E84-8D01-E00E64838BB4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{147DB11A-C89B-4177-B961-E82EDADC60EB}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{1EF24757-9A3B-4EEE-B6E1-ECF19CAF0AA1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{33DF161A-B6B7-4BD5-9623-4463E9A4FF12}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{521715EA-F444-45B4-BC7F-5C573B2254E7}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{59F2996D-918C-4F50-90BE-73F25CEC9A3B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{5AB1E77D-BF2A-4BD3-A28F-86EC236BBAA8}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{5C6AFF0F-8709-47FB-8D1A-C532F1D8F327}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{83F61862-263A-48AA-B222-AF051374B8F9}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{A5AB86D5-46A8-440B-B80A-64998C1264E5}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{B6966198-6324-4B7D-9377-545DDA34F3F0}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{CD58066D-1BB8-4CB1-9ADB-679315F6B029}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E9AC64B3-DE72-497A-9BD3-37148530301F}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"TCP Query User{2C801EDD-FAAD-4318-B199-E5BB76EAC64A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{EFBA8E87-C7A4-4DDE-80D5-EBE0BD7D7C22}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{082EF4D3-37D3-2ABE-8108-95B605157DBC}" = Catalyst Control Center Localization All
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F727AEE-3992-AAD9-E8A7-560BF4F92999}" = CCC Help Chinese Standard
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB2.0 VIDBOX NW03
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{31AC282F-3EF7-B239-9BBA-DB606B248F2A}" = CCC Help Spanish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33FA7D12-4740-D665-D17C-F5F25EA6EEA6}" = CCC Help Portuguese
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3F5677C0-9871-0BEF-12DD-9E157C1ABA2E}" = CCC Help Dutch
"{44FF002B-5AB3-4447-8F98-614387B63EE6}" = honestech VHS to DVD 5.0 Deluxe
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AEAC717-86F8-DE21-3933-8E4377797AEF}" = CCC Help Japanese
"{52BF91FE-7B2F-E26C-7A78-42C056B4461C}" = ccc-utility
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5BF3F950-BDAF-C801-0BE4-6319CB412F9D}" = Catalyst Control Center InstallProxy
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5FC61CFC-1CAA-7650-2755-721FFD78F8D4}" = CCC Help Swedish
"{61C770D4-6F09-52EA-5C84-FF58F324B62B}" = CCC Help Czech
"{63617A9B-A0EE-319B-2478-16CCDA8C945C}" = Catalyst Control Center Graphics Light
"{65EBA8F2-A7A0-E1A8-0986-BADCE1694362}" = Catalyst Control Center Core Implementation
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69567CE7-08A6-F984-3BA1-9AE068EC7AAF}" = ATI Catalyst Install Manager
"{6D9D1582-2E8C-491B-C337-63B6810A4426}" = CCC Help Finnish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77411C79-3B2E-342F-D803-AB964746CE1D}" = CCC Help Italian
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7A745642-3020-E403-B67A-C19BF008687A}" = CCC Help Turkish
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{877D85BD-71AA-4BC0-5314-03B8D15F95A9}" = Catalyst Control Center Graphics Full Existing
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B542C2E-D2AC-4460-B9F2-BA5A907A544F}" = honestech VHS to DVD 5.0 Deluxe
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92ABBA93-EE00-41C7-8D44-67D0C9DEF51E}" = Catalyst Control Center - Branding
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9B8ACEA2-BA21-4A91-A950-144FED3ED133}" = TinEye Internet Explorer plugin 1.0
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A5AC5F3C-9C4B-136A-5A21-5ADFF12B9657}" = ccc-core-static
"{A6F8719C-479C-4656-BFF7-393584B2034A}" = CCC Help German
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2
"{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D73C82-714E-1E99-2A85-43E649F51F18}" = Catalyst Control Center Graphics Full New
"{B7C690A8-80D8-D09B-B35F-1201AA6B6FDE}" = CCC Help French
"{B8BE463A-E21C-8E7E-399D-CC9724283682}" = CCC Help Polish
"{B9587DFD-225C-1B2B-4FA1-E27768140EFC}" = CCC Help Russian
"{BB50C649-9BB5-BF21-E8C1-0CFFE263C866}" = CCC Help Chinese Traditional
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CBD9E015-4A3C-A3DF-6FCF-C636251DF0C8}" = CCC Help Greek
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.74.216
"{D0F0DEFD-538E-8B1C-A2B7-12FB5135BA21}" = CCC Help Danish
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6E5E642-5975-C402-5EDC-181E0AAD10ED}" = CCC Help Korean
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0A1559B-9886-11D4-8D06-0050DA284A39}" = Scan Manager 5.2
"{E12E7096-E796-BB35-02BD-C7720978E481}" = CCC Help English
"{E48A7361-D746-8706-5221-F49A207A6DD8}" = CCC Help Thai
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ECF195B6-D7F0-B206-7A04-9F83284E9412}" = CCC Help Hungarian
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE3455C6-26CE-71F7-FC1B-7405C83451B7}" = CCC Help Norwegian
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"avast" = avast! Free Antivirus
"blekkotb_031" = blekko search bar
"Canon ScanGear Toolbox 3.1" = Canon ScanGear Toolbox 3.1
"CCleaner" = CCleaner
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"Elf_1.13 Toolbar" = Elf 1.13 Toolbar
"Google Desktop" = Google Desktop
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"GridVista" = Acer GridVista
"Inkscape" = Inkscape 0.46
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PC Wizard 2010_is1" = PC Wizard 2010.1.96
"Scribus 1.3.3.13" = Scribus 1.3.3.13
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 6" = TeamViewer 6
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite" = Windows Live Essentials
"WinPatrol" = WinPatrol 2009
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"Zylom Games Player Plugin" = Zylom Games Player Plugin

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Luxor Deluxe" = Luxor Deluxe

========== Last 20 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/12/2009 2:54:34 PM | Computer Name = Phil-PC | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 5/26/2011 10:06:05 PM | Computer Name = Phil-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 5/27/2011 9:55:03 AM | Computer Name = Phil-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/27/2011 9:56:03 AM | Computer Name = Phil-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 5/28/2011 11:52:20 AM | Computer Name = Phil-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/28/2011 10:43:41 PM | Computer Name = Phil-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 5/29/2011 9:35:07 AM | Computer Name = Phil-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/29/2011 10:58:54 PM | Computer Name = Phil-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 5/29/2011 10:58:54 PM | Computer Name = Phil-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 5/29/2011 11:00:47 PM | Computer Name = Phil-PC | Source = EventSystem | ID = 4621
Description =

Error - 5/30/2011 1:02:22 PM | Computer Name = Phil-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 6/28/2012 1:23:11 PM | Computer Name = Phil-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 6/28/2012 5:04:57 PM | Computer Name = Phil-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 0017C499B723 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/28/2012 5:57:45 PM | Computer Name = Phil-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 0017C499B723 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/28/2012 5:58:15 PM | Computer Name = Phil-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/28/2012 7:31:20 PM | Computer Name = Phil-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/28/2012 9:30:52 PM | Computer Name = Phil-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/28/2012 10:49:12 PM | Computer Name = Phil-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/29/2012 11:34:03 AM | Computer Name = Phil-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/29/2012 11:34:36 AM | Computer Name = Phil-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 0017C499B723 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/29/2012 1:49:41 PM | Computer Name = Phil-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 0017C499B723 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,458 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
29-Jun-2012, 06:06 PM #4
Thanks for the logs, run the following please :-

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2
  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available Here if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin
SCAREFACE5's Avatar
SCAREFACE5 SCAREFACE5 is offline
Computer Specs
Member with 14 posts.
THREAD STARTER
 
Join Date: Jun 2012
Experience: Beginner
29-Jun-2012, 07:38 PM #5
Combofix log

ComboFix 12-06-28.03 - Phil 06/29/2012 19:20:30.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1464 [GMT -4:00]
Running from: c:\users\Phil\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Phil\AppData\Roaming\.#
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-29 )))))))))))))))))))))))))))))))
.
.
2012-06-29 23:29 . 2012-06-29 23:29 -------- d-----w- c:\users\Phil\AppData\Local\temp
2012-06-29 23:29 . 2012-06-29 23:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-29 15:45 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{55F3D795-0AAC-42A9-A429-74DA165954C0}\mpengine.dll
2012-06-27 13:52 . 2012-06-27 13:52 -------- d-----w- c:\program files\Common Files\Java
2012-06-27 13:47 . 2012-06-27 13:47 -------- d-----w- c:\program files\Oracle
2012-06-27 13:46 . 2012-05-04 23:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-26 15:52 . 2012-06-26 15:52 -------- d-----w- c:\users\Phil\AppData\Roaming\Canneverbe Limited
2012-06-26 15:52 . 2012-06-26 15:52 -------- d-----w- c:\programdata\Canneverbe Limited
2012-06-26 15:51 . 2012-06-26 15:52 -------- d-----w- c:\program files\CDBurnerXP
2012-06-25 17:49 . 2012-06-25 17:49 -------- d-----w- c:\users\Phil\AppData\Roaming\dvdcss
2012-06-25 17:33 . 2012-06-25 17:33 -------- d-----w- c:\programdata\blekko toolbars
2012-06-25 17:32 . 2012-06-25 17:32 -------- d-----w- c:\program files\Yontoo
2012-06-25 17:32 . 2012-06-25 17:33 -------- d-----w- c:\program files\blekkotb_031
2012-06-25 17:32 . 2012-06-25 17:32 -------- d-----w- c:\programdata\Tarma Installer
2012-06-25 17:32 . 2012-06-25 17:33 -------- d-----w- c:\users\Phil\AppData\Local\blekkotb_031
2012-06-25 17:32 . 2012-06-25 17:32 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2012-06-19 15:48 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 15:48 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 15:48 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 15:48 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 15:47 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-19 15:47 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 15:47 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 15:47 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 15:47 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 01:27 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 01:27 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 01:27 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 01:27 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 01:27 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 20:57 . 2012-05-02 13:44 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 20:57 . 2011-05-17 15:26 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-04 23:29 . 2010-06-02 00:13 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56 . 2010-11-16 20:45 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:16 . 2012-05-10 18:10 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-10 18:10 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b80f591e-fe9a-46cf-a13e-180377240586}"= "c:\program files\Elf_1.13\prxtbElf0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{b80f591e-fe9a-46cf-a13e-180377240586}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8769adce-dba5-48e9-afb5-67b12cdf2e61}]
2012-05-18 19:44 85288 ----a-w- c:\program files\blekkotb_031\blekkotb_019X.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b80f591e-fe9a-46cf-a13e-180377240586}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Elf_1.13\prxtbElf0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b80f591e-fe9a-46cf-a13e-180377240586}"= "c:\program files\Elf_1.13\prxtbElf0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{8769adce-dba5-48e9-afb5-67b12cdf2e61}"= "c:\program files\blekkotb_031\blekkotb_019X.dll" [2012-05-18 85288]
.
[HKEY_CLASSES_ROOT\clsid\{b80f591e-fe9a-46cf-a13e-180377240586}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{8769adce-dba5-48e9-afb5-67b12cdf2e61}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B80F591E-FE9A-46CF-A13E-180377240586}"= "c:\program files\Elf_1.13\prxtbElf0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{b80f591e-fe9a-46cf-a13e-180377240586}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-08 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-20 3905408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-11 6957600]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-07 4241512]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-02 249600]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-08-08 30192]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-19 866824]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-08-08 200704]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-11 1833504]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-19 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePower Management]
2009-02-06 16:07 686624 ----a-w- c:\program files\Acer\Acer ePower Management\ePowerTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
2007-11-26 18:21 3387392 ----a-w- c:\program files\Acer\Acer Registration\ACE1.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 15:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-03-08 22:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - KGLDAPOD
*Deregistered* - kgldapod
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 20:57]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 20:14]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 20:14]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2820552551-3219308499-3261675547-1000Core.job
- c:\users\Phil\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-13 21:32]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2820552551-3219308499-3261675547-1000UA.job
- c:\users\Phil\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-13 21:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sympatico.ca/defaultf.aspx
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0809&m=aspire_5536
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Search Image on TinEye - file://c:\users\Phil\Documents\TinEye 1.0\TinEye.js
TCP: DhcpNameServer = 192.168.2.1
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://elklake.viewnetcam.com:50000/SysCamInst.cab
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-ArcadeDeluxeAgent - c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
MSConfigStartUp-CLMLServer - c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
MSConfigStartUp-PlayMovie - c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-29 19:29
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5728)
c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.dll
.
Completion time: 2012-06-29 19:31:48
ComboFix-quarantined-files.txt 2012-06-29 23:31
.
Pre-Run: 114,822,848,512 bytes free
Post-Run: 114,715,648,000 bytes free
.
- - End Of File - - E868E479E3E2576517EF9D7C42C58682
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,458 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
30-Jun-2012, 05:24 AM #6
Thanks for the log, do the following please:

Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code:
KillAll::
ClearJavaCache::
Folder::
c:\programdata\blekko toolbars
c:\program files\Yontoo
c:\program files\blekkotb_031
c:\programdata\Tarma Installer
c:\users\Phil\AppData\Local\blekkotb_031
c:\program files\Elf_1.13
c:\program files\ConduitEngine
c:\program files\blekkotb_031
File::
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b80f591e-fe9a-46cf-a13e-180377240586}"=-
[-HKEY_CLASSES_ROOT\clsid\{b80f591e-fe9a-46cf-a13e-180377240586}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8769adce-dba5-48e9-afb5-67b12cdf2e61}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b80f591e-fe9a-46cf-a13e-180377240586}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b80f591e-fe9a-46cf-a13e-180377240586}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
"{8769adce-dba5-48e9-afb5-67b12cdf2e61}"=-
[-HKEY_CLASSES_ROOT\clsid\{b80f591e-fe9a-46cf-a13e-180377240586}]
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[-HKEY_CLASSES_ROOT\clsid\{8769adce-dba5-48e9-afb5-67b12cdf2e61}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B80F591E-FE9A-46CF-A13E-180377240586}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2

Run ESET Online Scan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Leave the tick out of remove found threats
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
You can refer to this animation by neomage if needed.
Frequently asked questions available Here Please read them before running the scan.

Also be aware this scan can take several hours to complete depending on the size of your system.

ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

Let me see those two logs...

Kevin
SCAREFACE5's Avatar
SCAREFACE5 SCAREFACE5 is offline
Computer Specs
Member with 14 posts.
THREAD STARTER
 
Join Date: Jun 2012
Experience: Beginner
30-Jun-2012, 09:19 AM #7
kevinf80
will post your request as I need help from a friend. asap thanks for your help and patience.
SCAREFACE5's Avatar
SCAREFACE5 SCAREFACE5 is offline
Computer Specs
Member with 14 posts.
THREAD STARTER
 
Join Date: Jun 2012
Experience: Beginner
30-Jun-2012, 01:06 PM #8
Kevinf80
I'm having trouble with ComboFix. I download it to Desktop ok.
the script on notepad to desktop ok.
When try to merge the following message appears;
"THE directory name is invalid". C:\Users\Phil\Desktop\ComboFix.exe
Both combo and script have same paths. Would appreciate your directives.
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,458 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
30-Jun-2012, 03:14 PM #9
When you copy the script to notepad did you save it as CFScript.txt also file type All Files If you did that the location has to be the same, both on the Desktop, but because the names are different it should work when you drag/drop the script into the Cat.... Check the name of the script....
SCAREFACE5's Avatar
SCAREFACE5 SCAREFACE5 is offline
Computer Specs
Member with 14 posts.
THREAD STARTER
 
Join Date: Jun 2012
Experience: Beginner
30-Jun-2012, 03:43 PM #10
Finally! a simple reboot did the trick.Here's the log,Eset will be coming up.

ComboFix 12-06-28.03 - Phil 06/30/2012 15:17:38.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1951 [GMT -4:00]
Running from: c:\users\Phil\Desktop\ComboFix.exe
Command switches used :: c:\users\Phil\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\blekkotb_031
c:\program files\blekkotb_031\blekkotb_019.dll
c:\program files\blekkotb_031\blekkotb_019X.dll
c:\program files\blekkotb_031\chrome\content\custom.js
c:\program files\blekkotb_031\chrome\content\lib\about.xml
c:\program files\blekkotb_031\chrome\content\lib\dtxpanel.xul
c:\program files\blekkotb_031\chrome\content\lib\dtxpaneltransparent.xul
c:\program files\blekkotb_031\chrome\content\lib\dtxpanelwin.xul
c:\program files\blekkotb_031\chrome\content\lib\dtxprefwin.xul
c:\program files\blekkotb_031\chrome\content\lib\dtxtransparentwin.xul
c:\program files\blekkotb_031\chrome\content\lib\dtxwin.xul
c:\program files\blekkotb_031\chrome\content\lib\emailnotifierproviders.xml
c:\program files\blekkotb_031\chrome\content\lib\external.js
c:\program files\blekkotb_031\chrome\content\lib\neterror.xhtml
c:\program files\blekkotb_031\chrome\content\lib\rsspreview.html
c:\program files\blekkotb_031\chrome\content\lib\rsswin.xml
c:\program files\blekkotb_031\chrome\content\lib\rsswin.xsl
c:\program files\blekkotb_031\chrome\content\lib\vmncode.js
c:\program files\blekkotb_031\chrome\content\lib\wmpstreamer.html
c:\program files\blekkotb_031\chrome\content\modules\datastore.jsm
c:\program files\blekkotb_031\chrome\content\modules\nsDragAndDrop.js
c:\program files\blekkotb_031\chrome\content\neterror.xhtml
c:\program files\blekkotb_031\chrome\content\newtab\images\btn_search.gif
c:\program files\blekkotb_031\chrome\content\newtab\images\bullet.gif
c:\program files\blekkotb_031\chrome\content\newtab\images\field_bg.gif
c:\program files\blekkotb_031\chrome\content\newtab\images\powered_by_yahoo.gif
c:\program files\blekkotb_031\chrome\content\newtab\newtab.html
c:\program files\blekkotb_031\chrome\content\newtab\newtab_mystart.html
c:\program files\blekkotb_031\chrome\content\newtab\newtab_yahoo.html
c:\program files\blekkotb_031\chrome\content\preferences.xml
c:\program files\blekkotb_031\chrome\content\sourceid.xml
c:\program files\blekkotb_031\chrome\content\template.xml
c:\program files\blekkotb_031\chrome\content\toolbar.htm
c:\program files\blekkotb_031\chrome\content\toolbar.xul
c:\program files\blekkotb_031\chrome\content\vmncode.js
c:\program files\blekkotb_031\chrome\content\vmnrsswin.xml
c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\css\dialog.css
c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrow-grey.png
c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrows_grey-left.gif
c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrows_grey-right.gif
c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\images\bg.gif
c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\images\btn-search-over.png
c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\images\btn-search.png
c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\images\throbber.gif
c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\index.html
c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\css\dialog.css
c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\1x1_transparent.png
c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\bg.gif
c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-search.png
c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.http://www.BlekkoMap\skin\images\btn...close-over.png
c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-wide-close.png
c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn_close_x.gif
c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\default.png
c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\transparent.gif
c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-left.png
c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-mdl.png
c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.http://www.BlekkoMap\skin\images\win...ght-resize.png
c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-right.png
c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\main.html
c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\scripts\defscript.js
c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\tb_icon.png
c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\widget.js
c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\widget.xml
c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\widget_version.txt
c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.FacebookShortcut\tb_icon.ico
c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.FacebookShortcut\tb_icon.png
c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.FacebookShortcut\widget.js
c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.FacebookShortcut\widget.xml
c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.TwitterShortcut\tb_icon.ico
c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.TwitterShortcut\tb_icon.png
c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.TwitterShortcut\widget.js
c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.TwitterShortcut\widget.xml
c:\program files\blekkotb_031\chrome\data\dynamicElements\vmntoolbar.xsl
c:\program files\blekkotb_031\chrome\data\rss\rss.xml
c:\program files\blekkotb_031\chrome\data\search\engines.xml
c:\program files\blekkotb_031\chrome\data\search\search.xsl
c:\program files\blekkotb_031\chrome\data\weather\icons.xml
c:\program files\blekkotb_031\chrome\locale\lib\de.js
c:\program files\blekkotb_031\chrome\locale\lib\en.js
c:\program files\blekkotb_031\chrome\locale\lib\es.js
c:\program files\blekkotb_031\chrome\locale\lib\fr.js
c:\program files\blekkotb_031\chrome\locale\lib\it.js
c:\program files\blekkotb_031\chrome\locale\locale.js
c:\program files\blekkotb_031\chrome\skin\about.gif
c:\program files\blekkotb_031\chrome\skin\about_logo.png
c:\program files\blekkotb_031\chrome\skin\babylon_logo.png
c:\program files\blekkotb_031\chrome\skin\blekko16.png
c:\program files\blekkotb_031\chrome\skin\blogger.png
c:\program files\blekkotb_031\chrome\skin\bluelite.gif
c:\program files\blekkotb_031\chrome\skin\bluesky.gif
c:\program files\blekkotb_031\chrome\skin\btn-search-over.png
c:\program files\blekkotb_031\chrome\skin\btn-search.png
c:\program files\blekkotb_031\chrome\skin\btn-settings-over.png
c:\program files\blekkotb_031\chrome\skin\btn-settings.png
c:\program files\blekkotb_031\chrome\skin\btn-widgets-over.png
c:\program files\blekkotb_031\chrome\skin\btn-widgets.png
c:\program files\blekkotb_031\chrome\skin\btn_settings.png
c:\program files\blekkotb_031\chrome\skin\ca.png
c:\program files\blekkotb_031\chrome\skin\coupons-hover.png
c:\program files\blekkotb_031\chrome\skin\coupons.png
c:\program files\blekkotb_031\chrome\skin\custom.css
c:\program files\blekkotb_031\chrome\skin\dictionary.png
c:\program files\blekkotb_031\chrome\skin\divider.png
c:\program files\blekkotb_031\chrome\skin\downloadcom.png
c:\program files\blekkotb_031\chrome\skin\dtxlogo.png
c:\program files\blekkotb_031\chrome\skin\email.png
c:\program files\blekkotb_031\chrome\skin\email_on.png
c:\program files\blekkotb_031\chrome\skin\facebook-blekko-hover.png
c:\program files\blekkotb_031\chrome\skin\facebook-blekko.png
c:\program files\blekkotb_031\chrome\skin\facebook-hover.png
c:\program files\blekkotb_031\chrome\skin\facebook.png
c:\program files\blekkotb_031\chrome\skin\fb.png
c:\program files\blekkotb_031\chrome\skin\games.png
c:\program files\blekkotb_031\chrome\skin\google.png
c:\program files\blekkotb_031\chrome\skin\graphna.png
c:\program files\blekkotb_031\chrome\skin\graphred0.png
c:\program files\blekkotb_031\chrome\skin\graphred0_5.png
c:\program files\blekkotb_031\chrome\skin\graphred1.png
c:\program files\blekkotb_031\chrome\skin\graphred1_5.png
c:\program files\blekkotb_031\chrome\skin\graphred2.png
c:\program files\blekkotb_031\chrome\skin\graphred2_5.png
c:\program files\blekkotb_031\chrome\skin\graphred3.png
c:\program files\blekkotb_031\chrome\skin\graphred3_5.png
c:\program files\blekkotb_031\chrome\skin\graphred4.png
c:\program files\blekkotb_031\chrome\skin\graphred4_5.png
c:\program files\blekkotb_031\chrome\skin\graphred5.png
c:\program files\blekkotb_031\chrome\skin\graphredna.png
c:\program files\blekkotb_031\chrome\skin\grey.gif
c:\program files\blekkotb_031\chrome\skin\ico-digg.png
c:\program files\blekkotb_031\chrome\skin\ico-shield.png
c:\program files\blekkotb_031\chrome\skin\images.png
c:\program files\blekkotb_031\chrome\skin\lib\add.png
c:\program files\blekkotb_031\chrome\skin\lib\alexabutton.css
c:\program files\blekkotb_031\chrome\skin\lib\aol.png
c:\program files\blekkotb_031\chrome\skin\lib\arrow-dn.gif
c:\program files\blekkotb_031\chrome\skin\lib\arrow-right-disabled.gif
c:\program files\blekkotb_031\chrome\skin\lib\arrow-right.gif
c:\program files\blekkotb_031\chrome\skin\lib\arrow-up.gif
c:\program files\blekkotb_031\chrome\skin\lib\bg-btn-divider.png
c:\program files\blekkotb_031\chrome\skin\lib\bg-btn-end.png
c:\program files\blekkotb_031\chrome\skin\lib\bg-btn-mdl.png
c:\program files\blekkotb_031\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files\blekkotb_031\chrome\skin\lib\bg-btn-start.png
c:\program files\blekkotb_031\chrome\skin\lib\bg-btnover-divider.png
c:\program files\blekkotb_031\chrome\skin\lib\bg-btnover-end.png
c:\program files\blekkotb_031\chrome\skin\lib\bg-btnover-mdl.png
c:\program files\blekkotb_031\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files\blekkotb_031\chrome\skin\lib\bg-btnover-start.png
c:\program files\blekkotb_031\chrome\skin\lib\blank.gif
c:\program files\blekkotb_031\chrome\skin\lib\btn-widgets-over.png
c:\program files\blekkotb_031\chrome\skin\lib\btn-widgets.png
c:\program files\blekkotb_031\chrome\skin\lib\btn_slider.png
c:\program files\blekkotb_031\chrome\skin\lib\btnback-down-vista.png
c:\program files\blekkotb_031\chrome\skin\lib\btnback-vista.png
c:\program files\blekkotb_031\chrome\skin\lib\btnleft-down-vista.png
c:\program files\blekkotb_031\chrome\skin\lib\btnleft-vista.png
c:\program files\blekkotb_031\chrome\skin\lib\btnright-down-vista.png
c:\program files\blekkotb_031\chrome\skin\lib\btnright-vista.png
c:\program files\blekkotb_031\chrome\skin\lib\button-splitter-down-vista.png
c:\program files\blekkotb_031\chrome\skin\lib\button-splitter-vista.png
c:\program files\blekkotb_031\chrome\skin\lib\button-splitter.png
c:\program files\blekkotb_031\chrome\skin\lib\checkmark.png
c:\program files\blekkotb_031\chrome\skin\lib\chevron.png
c:\program files\blekkotb_031\chrome\skin\lib\collapse.png
c:\program files\blekkotb_031\chrome\skin\lib\comcast.png
c:\program files\blekkotb_031\chrome\skin\lib\debugbar\debug.html
c:\program files\blekkotb_031\chrome\skin\lib\dtx-test.css
c:\program files\blekkotb_031\chrome\skin\lib\dtx.css
c:\program files\blekkotb_031\chrome\skin\lib\edit-back-hot.png
c:\program files\blekkotb_031\chrome\skin\lib\edit-back.png
c:\program files\blekkotb_031\chrome\skin\lib\embarq.png
c:\program files\blekkotb_031\chrome\skin\lib\expand.png
c:\program files\blekkotb_031\chrome\skin\lib\fast.png
c:\program files\blekkotb_031\chrome\skin\lib\found.png
c:\program files\blekkotb_031\chrome\skin\lib\gmail.png
c:\program files\blekkotb_031\chrome\skin\lib\gripper.png
c:\program files\blekkotb_031\chrome\skin\lib\highlight.png
c:\program files\blekkotb_031\chrome\skin\lib\highlight_blue.png
c:\program files\blekkotb_031\chrome\skin\lib\highlight_cyan.png
c:\program files\blekkotb_031\chrome\skin\lib\highlight_lime.png
c:\program files\blekkotb_031\chrome\skin\lib\highlight_magenta.png
c:\program files\blekkotb_031\chrome\skin\lib\highlight_yellow.png
c:\program files\blekkotb_031\chrome\skin\lib\hotmail.png
c:\program files\blekkotb_031\chrome\skin\lib\ico-check.png
c:\program files\blekkotb_031\chrome\skin\lib\imap.png
c:\program files\blekkotb_031\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files\blekkotb_031\chrome\skin\lib\launchers.css
c:\program files\blekkotb_031\chrome\skin\lib\loadingMid.gif
c:\program files\blekkotb_031\chrome\skin\lib\lock.png
c:\program files\blekkotb_031\chrome\skin\lib\logo-separator.png
c:\program files\blekkotb_031\chrome\skin\lib\mailcom.png
c:\program files\blekkotb_031\chrome\skin\lib\menu_bg-basic.png
c:\program files\blekkotb_031\chrome\skin\lib\menu_separator_bar.png
c:\program files\blekkotb_031\chrome\skin\lib\menu_separator_white.png
c:\program files\blekkotb_031\chrome\skin\lib\menuitem-splitter.png
c:\program files\blekkotb_031\chrome\skin\lib\menuitemback-down-vista.png
c:\program files\blekkotb_031\chrome\skin\lib\menuitemback-vista.png
c:\program files\blekkotb_031\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files\blekkotb_031\chrome\skin\lib\menuitemleft-vista.png
c:\program files\blekkotb_031\chrome\skin\lib\menuitemleft.png
c:\program files\blekkotb_031\chrome\skin\lib\menuitemright-down-vista.png
c:\program files\blekkotb_031\chrome\skin\lib\menuitemright-vista.png
c:\program files\blekkotb_031\chrome\skin\lib\minus.gif
c:\program files\blekkotb_031\chrome\skin\lib\modify.png
c:\program files\blekkotb_031\chrome\skin\lib\move.gif
c:\program files\blekkotb_031\chrome\skin\lib\movetarget.png
c:\program files\blekkotb_031\chrome\skin\lib\newsitem.gif
c:\program files\blekkotb_031\chrome\skin\lib\panels\css\ie-only.css
c:\program files\blekkotb_031\chrome\skin\lib\panels\css\ie7-only.css
c:\program files\blekkotb_031\chrome\skin\lib\panels\css\panels.css
c:\program files\blekkotb_031\chrome\skin\lib\panels\css\popupAbout.css
c:\program files\blekkotb_031\chrome\skin\lib\panels\css\popupGames.css
c:\program files\blekkotb_031\chrome\skin\lib\panels\css\popupRSS.css
c:\program files\blekkotb_031\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files\blekkotb_031\chrome\skin\lib\panels\default\css\dialog.css
c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\bg.gif
c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\btn-close-over.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\btn-close.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\default.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\footer-short-left.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\footer-short-middle.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\footer-short-right.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\titlebar-left.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\titlebar-middle.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\titlebar-right.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\win-left.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\win-right.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\default\main.html
c:\program files\blekkotb_031\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files\blekkotb_031\chrome\skin\lib\panels\footer.htm
c:\program files\blekkotb_031\chrome\skin\lib\panels\gamecategory.xsl
c:\program files\blekkotb_031\chrome\skin\lib\panels\gameData.js
c:\program files\blekkotb_031\chrome\skin\lib\panels\gameList.xsl
c:\program files\blekkotb_031\chrome\skin\lib\panels\games.xsl
c:\program files\blekkotb_031\chrome\skin\lib\panels\gametype.xsl
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\.#btn-search-pnlbtm-over.png.1.1
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\.#btn-search-pnlbtm.png.1.1
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\ajax-loader.gif
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\apps-bg-gradient-grid.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\apps-hover.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\appsfeatured-bg-gradient-grid.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\arrow-down-white.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\arrow-left.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\arrow-right.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\bg-scrollbar-thumb-y.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\bg-scrollbar-track-y.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\bg-scrollbar-trackend-y.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-add-over.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-add.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-back.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-close-grey-over.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-close-over.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-close.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-dark-left22-over.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-dark-left22.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-dark-middle22-over.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-dark-middle22.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-dark-right22-over.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-dark-right22.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-drag.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-install.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-launch-over.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-launch.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-next.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-previous.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\categories-bg-gradient-grid.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\featured-bg-btm-gradient.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\footer-short-left.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\footer-short-middle.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\footer-short-right.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\glass.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\ico-box-next.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\ico-download.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\ico-info-over.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\ico-info.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\ico-news24.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\ico-play.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\ico-pref-over.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\ico-pref.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\ico-tags.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\ico-user-monitor.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\icon-Add.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\icon-download.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\icon-Info.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\icon-play.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\icon-shop.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\left-menu-hover.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\scrollb.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\scrollt.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\searchbox.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\shadow-leftmenu.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\sortby_bg.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\sprite.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\star.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\star_blank.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\throbber.gif
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\titlebar-left.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\titlebar-middle.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\titlebar-right.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\topbar-inside-gradient.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\widgets.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\win-bottom-middleglow.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\win-left-bottomglow.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\win-left-middleglow.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\win-left-topglow.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\win-right-bottomglow.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\win-right-middleglow.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\win-right-topglow.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\images\win-top-middleglow.png
c:\program files\blekkotb_031\chrome\skin\lib\panels\initHTML.html
c:\program files\blekkotb_031\chrome\skin\lib\panels\js\default.js
c:\program files\blekkotb_031\chrome\skin\lib\panels\js\jquery-ui.js
c:\program files\blekkotb_031\chrome\skin\lib\panels\js\jquery.js
c:\program files\blekkotb_031\chrome\skin\lib\panels\js\jquery.tinyscrollbar.js
c:\program files\blekkotb_031\chrome\skin\lib\panels\js\jquery.tinyscrollbar.min.js
c:\program files\blekkotb_031\chrome\skin\lib\panels\js\jquery.url.js
c:\program files\blekkotb_031\chrome\skin\lib\panels\js\kendo.all.min.js
c:\program files\blekkotb_031\chrome\skin\lib\panels\popupGames.html
c:\program files\blekkotb_031\chrome\skin\lib\panels\popupHTML.html
c:\program files\blekkotb_031\chrome\skin\lib\panels\popupRSS.html
c:\program files\blekkotb_031\chrome\skin\lib\panels\popupWidgets.html
c:\program files\blekkotb_031\chrome\skin\lib\panels\scroll.png
c:\program files\blekkotb_031\chrome\skin\lib\plus.gif
c:\program files\blekkotb_031\chrome\skin\lib\pop.png
c:\program files\blekkotb_031\chrome\skin\lib\radio.png
c:\program files\blekkotb_031\chrome\skin\lib\radio\css\manager.css
c:\program files\blekkotb_031\chrome\skin\lib\radio\css\slider.css
c:\program files\blekkotb_031\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files\blekkotb_031\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files\blekkotb_031\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files\blekkotb_031\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files\blekkotb_031\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files\blekkotb_031\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files\blekkotb_031\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files\blekkotb_031\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files\blekkotb_031\chrome\skin\lib\radio\images\ico-radio.png
c:\program files\blekkotb_031\chrome\skin\lib\radio\images\music-note.png
c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-options.png
c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files\blekkotb_031\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files\blekkotb_031\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files\blekkotb_031\chrome\skin\lib\radio\images\slider.png
c:\program files\blekkotb_031\chrome\skin\lib\radio\images\slideron.png
c:\program files\blekkotb_031\chrome\skin\lib\radio\images\track.png
c:\program files\blekkotb_031\chrome\skin\lib\radio\managerpanel.html
c:\program files\blekkotb_031\chrome\skin\lib\radio\volumeslider.html
c:\program files\blekkotb_031\chrome\skin\lib\rank0.png
c:\program files\blekkotb_031\chrome\skin\lib\rank0_5.png
c:\program files\blekkotb_031\chrome\skin\lib\rank1.png
c:\program files\blekkotb_031\chrome\skin\lib\rank1_5.png
c:\program files\blekkotb_031\chrome\skin\lib\rank2.png
c:\program files\blekkotb_031\chrome\skin\lib\rank2_5.png
c:\program files\blekkotb_031\chrome\skin\lib\rank3.png
c:\program files\blekkotb_031\chrome\skin\lib\rank3_5.png
c:\program files\blekkotb_031\chrome\skin\lib\rank4.png
c:\program files\blekkotb_031\chrome\skin\lib\rank4_5.png
c:\program files\blekkotb_031\chrome\skin\lib\rank5.png
c:\program files\blekkotb_031\chrome\skin\lib\rankna.png
c:\program files\blekkotb_031\chrome\skin\lib\reload.png
c:\program files\blekkotb_031\chrome\skin\lib\remove.png
c:\program files\blekkotb_031\chrome\skin\lib\rename.gif
c:\program files\blekkotb_031\chrome\skin\lib\resize-box.gif
c:\program files\blekkotb_031\chrome\skin\lib\rss.png
c:\program files\blekkotb_031\chrome\skin\lib\rsschannelback.png
c:\program files\blekkotb_031\chrome\skin\lib\RSSLogo.png
c:\program files\blekkotb_031\chrome\skin\lib\rsstabdivider.gif
c:\program files\blekkotb_031\chrome\skin\lib\scroll-left.png
c:\program files\blekkotb_031\chrome\skin\lib\scroll-right.png
c:\program files\blekkotb_031\chrome\skin\lib\search-go.png
c:\program files\blekkotb_031\chrome\skin\lib\search.png
c:\program files\blekkotb_031\chrome\skin\lib\separator.png
c:\program files\blekkotb_031\chrome\skin\lib\text-ellipsis.xml
c:\program files\blekkotb_031\chrome\skin\lib\throbber.gif
c:\program files\blekkotb_031\chrome\skin\lib\toolbarsplitter.gif
c:\program files\blekkotb_031\chrome\skin\lib\transparent_1px.gif
c:\program files\blekkotb_031\chrome\skin\lib\uwa\border_02.png
c:\program files\blekkotb_031\chrome\skin\lib\uwa\border_03.png
c:\program files\blekkotb_031\chrome\skin\lib\uwa\border_04.png
c:\program files\blekkotb_031\chrome\skin\lib\uwa\border_06.png
c:\program files\blekkotb_031\chrome\skin\lib\uwa\border_07.png
c:\program files\blekkotb_031\chrome\skin\lib\uwa\border_08.png
c:\program files\blekkotb_031\chrome\skin\lib\uwa\border_09.png
c:\program files\blekkotb_031\chrome\skin\lib\uwa\border_10.png
c:\program files\blekkotb_031\chrome\skin\lib\uwa\border_11.png
c:\program files\blekkotb_031\chrome\skin\lib\uwa\border_12.png
c:\program files\blekkotb_031\chrome\skin\lib\uwa\border_13.png
c:\program files\blekkotb_031\chrome\skin\lib\uwa\border_14.png
c:\program files\blekkotb_031\chrome\skin\lib\uwa\border_15.png
c:\program files\blekkotb_031\chrome\skin\lib\uwa\border_16.png
c:\program files\blekkotb_031\chrome\skin\lib\uwa\border_18.png
c:\program files\blekkotb_031\chrome\skin\lib\uwa\border_19.png
c:\program files\blekkotb_031\chrome\skin\lib\uwa\border_20.png
c:\program files\blekkotb_031\chrome\skin\lib\uwa\border_21.png
c:\program files\blekkotb_031\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files\blekkotb_031\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files\blekkotb_031\chrome\skin\lib\uwa\close-hot.png
c:\program files\blekkotb_031\chrome\skin\lib\uwa\close-normal.png
c:\program files\blekkotb_031\chrome\skin\lib\uwa\loadingMid.gif
c:\program files\blekkotb_031\chrome\skin\lib\uwa\paneltemplate.html
c:\program files\blekkotb_031\chrome\skin\lib\uwa\proxy.html
c:\program files\blekkotb_031\chrome\skin\lib\uwa\template.html
c:\program files\blekkotb_031\chrome\skin\lib\uwa\template.xml
c:\program files\blekkotb_031\chrome\skin\lib\uwa\templateFF.html
c:\program files\blekkotb_031\chrome\skin\lib\uwa\throbber.gif
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton.css
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files\blekkotb_031\chrome\skin\lib\websiteinspector-highrisk-user.gif
c:\program files\blekkotb_031\chrome\skin\lib\websiteinspector-highrisk.gif
c:\program files\blekkotb_031\chrome\skin\lib\websiteinspector-lowrisk.gif
c:\program files\blekkotb_031\chrome\skin\lib\websiteinspector-norating.gif
c:\program files\blekkotb_031\chrome\skin\lib\websiteinspector-verified-user.gif
c:\program files\blekkotb_031\chrome\skin\lib\websiteinspector-verified.gif
c:\program files\blekkotb_031\chrome\skin\lib\websiteinspector-verifying.gif
c:\program files\blekkotb_031\chrome\skin\lib\yahoo.png
c:\program files\blekkotb_031\chrome\skin\lichen.gif
c:\program files\blekkotb_031\chrome\skin\local-deals-hover.png
c:\program files\blekkotb_031\chrome\skin\local-deals.png
c:\program files\blekkotb_031\chrome\skin\logo-about.png
c:\program files\blekkotb_031\chrome\skin\logo-over.png
c:\program files\blekkotb_031\chrome\skin\logo-separator.png
c:\program files\blekkotb_031\chrome\skin\logo.png
c:\program files\blekkotb_031\chrome\skin\mail-blekko-hover.png
c:\program files\blekkotb_031\chrome\skin\mail-blekko-new-hover.png
c:\program files\blekkotb_031\chrome\skin\mail-blekko-new.png
c:\program files\blekkotb_031\chrome\skin\mail-blekko.png
c:\program files\blekkotb_031\chrome\skin\mail-hover.png
c:\program files\blekkotb_031\chrome\skin\mail.png
c:\program files\blekkotb_031\chrome\skin\menuseparatorback.gif
c:\program files\blekkotb_031\chrome\skin\modify-save.png
c:\program files\blekkotb_031\chrome\skin\modify.png
c:\program files\blekkotb_031\chrome\skin\modifyhot.png
c:\program files\blekkotb_031\chrome\skin\music.png
c:\program files\blekkotb_031\chrome\skin\myspace.png
c:\program files\blekkotb_031\chrome\skin\namespacetoolbar.css
c:\program files\blekkotb_031\chrome\skin\news.png
c:\program files\blekkotb_031\chrome\skin\options-main.png
c:\program files\blekkotb_031\chrome\skin\options-search.png
c:\program files\blekkotb_031\chrome\skin\options\options-main.png
c:\program files\blekkotb_031\chrome\skin\options\options-search.png
c:\program files\blekkotb_031\chrome\skin\options\options-weather.gif
c:\program files\blekkotb_031\chrome\skin\options\options-weather.png
c:\program files\blekkotb_031\chrome\skin\options\options-widgets.png
c:\program files\blekkotb_031\chrome\skin\orange.gif
c:\program files\blekkotb_031\chrome\skin\p_yahoo.png
c:\program files\blekkotb_031\chrome\skin\pixsy.png
c:\program files\blekkotb_031\chrome\skin\ppcbully.png
c:\program files\blekkotb_031\chrome\skin\protect-id.png
c:\program files\blekkotb_031\chrome\skin\relatedlinks.png
c:\program files\blekkotb_031\chrome\skin\rss-collapse.png
c:\program files\blekkotb_031\chrome\skin\rss-delete.png
c:\program files\blekkotb_031\chrome\skin\rss-expand.png
c:\program files\blekkotb_031\chrome\skin\rss-feed.png
c:\program files\blekkotb_031\chrome\skin\rss-folder-remove.png
c:\program files\blekkotb_031\chrome\skin\rss-folder-rename.png
c:\program files\blekkotb_031\chrome\skin\rss-folder.png
c:\program files\blekkotb_031\chrome\skin\rss-found.png
c:\program files\blekkotb_031\chrome\skin\rss-reload.png
c:\program files\blekkotb_031\chrome\skin\rss-subscribe.png
c:\program files\blekkotb_031\chrome\skin\rss.png
c:\program files\blekkotb_031\chrome\skin\rssback.gif
c:\program files\blekkotb_031\chrome\skin\rsstopback.gif
c:\program files\blekkotb_031\chrome\skin\search-over.png
c:\program files\blekkotb_031\chrome\skin\search.png
c:\program files\blekkotb_031\chrome\skin\searchbar\searchbar-background-left.png
c:\program files\blekkotb_031\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files\blekkotb_031\chrome\skin\searchbar\searchbar-background-right.png
c:\program files\blekkotb_031\chrome\skin\settings.png
c:\program files\blekkotb_031\chrome\skin\shopping.png
c:\program files\blekkotb_031\chrome\skin\siteinfo.png
c:\program files\blekkotb_031\chrome\skin\skin-bluelite.png
c:\program files\blekkotb_031\chrome\skin\skin-bluesky.png
c:\program files\blekkotb_031\chrome\skin\skin-grey.png
c:\program files\blekkotb_031\chrome\skin\skin-lichen.png
c:\program files\blekkotb_031\chrome\skin\skin-orange.png
c:\program files\blekkotb_031\chrome\skin\skin-yellow.png
c:\program files\blekkotb_031\chrome\skin\skin.xml
c:\program files\blekkotb_031\chrome\skin\social_delicious.png
c:\program files\blekkotb_031\chrome\skin\social_stumbleupon.png
c:\program files\blekkotb_031\chrome\skin\technorati.png
c:\program files\blekkotb_031\chrome\skin\throbber.gif
c:\program files\blekkotb_031\chrome\skin\toolbarsplitter.png
c:\program files\blekkotb_031\chrome\skin\translate.png
c:\program files\blekkotb_031\chrome\skin\TRUSTe_about.png
c:\program files\blekkotb_031\chrome\skin\twitter-blekko-hover.png
c:\program files\blekkotb_031\chrome\skin\twitter-blekko.png
c:\program files\blekkotb_031\chrome\skin\twitter-hover.png
c:\program files\blekkotb_031\chrome\skin\twitter.png
c:\program files\blekkotb_031\chrome\skin\vmn.css
c:\program files\blekkotb_031\chrome\skin\vmn.png
c:\program files\blekkotb_031\chrome\skin\web.png
c:\program files\blekkotb_031\chrome\skin\websearch.png
c:\program files\blekkotb_031\chrome\skin\wikipedia.png
c:\program files\blekkotb_031\chrome\skin\yahoosearch.png
c:\program files\blekkotb_031\chrome\skin\yellow.gif
c:\program files\blekkotb_031\chrome\skin\youtube.png
c:\program files\blekkotb_031\chrome\skin\zoom.png
c:\program files\blekkotb_031\components\windowmediator.js
c:\program files\blekkotb_031\dtuser.exe
c:\program files\blekkotb_031\install.ico
c:\program files\blekkotb_031\manifest.xml
c:\program files\blekkotb_031\search.ico
c:\program files\blekkotb_031\toolbar.xml
c:\program files\blekkotb_031\uninstall.exe
c:\program files\ConduitEngine
c:\program files\ConduitEngine\appContextMenu.xml
c:\program files\ConduitEngine\ConduitEngine.dll
c:\program files\ConduitEngine\ConduitEngineHelper.exe
c:\program files\ConduitEngine\ConduitEngineUninstall.exe
c:\program files\ConduitEngine\engineContextMenu.xml
c:\program files\ConduitEngine\EngineSettings.json
c:\program files\ConduitEngine\INSTALL.LOG
c:\program files\ConduitEngine\prxConduitEngine.dll
c:\program files\ConduitEngine\toolbar.cfg
c:\program files\Elf_1.13
c:\program files\Elf_1.13\Elf_1.13ToolbarHelper.exe
c:\program files\Elf_1.13\Elf_1.13ToolbarHelper1.exe
c:\program files\Elf_1.13\GottenAppsContextMenu.xml
c:\program files\Elf_1.13\INSTALL.LOG
c:\program files\Elf_1.13\OtherAppsContextMenu.xml
c:\program files\Elf_1.13\prxtbElf0.dll
c:\program files\Elf_1.13\SharedAppsContextMenu.xml
c:\program files\Elf_1.13\tbElf_.dll
c:\program files\Elf_1.13\tbElf0.dll
c:\program files\Elf_1.13\tbElf1.dll
c:\program files\Elf_1.13\toolbar.cfg
c:\program files\Elf_1.13\ToolbarContextMenu.xml
c:\program files\Elf_1.13\uninstall.exe
c:\program files\Elf_1.13\UNWISE.EXE
c:\program files\Yontoo
c:\program files\Yontoo\YontooIEClient.dll
c:\programdata\blekko toolbars
c:\programdata\blekko toolbars\toolbar.txt
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\programdata\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setup.dll
c:\programdata\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll
c:\programdata\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Setup.dat
c:\programdata\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Setup.exe
c:\programdata\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Setup.ico
c:\users\Phil\AppData\Local\blekkotb_031
c:\users\Phil\AppData\Local\blekkotb_031\catalog.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628115534-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628115534-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628120050-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628120050-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628122611-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628122611-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628132743-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628132743-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628135836-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628135836-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628150004-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628150004-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628153049-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628153049-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628160148-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628160148-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628162053-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628162053-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628164007-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628164007-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628170010-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628170010-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628170323-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628170323-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628172022-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628172022-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628180451-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628180451-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628182046-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628182046-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628183543-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628183543-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628185032-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628185032-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628190003-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628190003-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628190624-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628190624-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628192011-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628192011-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628193721-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628193721-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628194036-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628194036-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628200039-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628200039-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628200803-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628200803-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628202049-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628202049-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628203901-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628203901-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628204011-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628204011-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628210012-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628210012-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628210943-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628210943-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628212022-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628212022-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628214040-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628214040-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628215631-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628215631-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628220049-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628220049-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628221123-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628221123-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628222056-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628222056-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628224008-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628224008-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628224216-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628224216-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120628234400-f.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629000055-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629000055-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629001439-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629001439-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629002002-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629002002-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629004017-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629004017-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629010020-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629010020-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629011611-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629011611-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629014041-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629014041-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629014702-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629014702-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629020051-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629020051-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629021745-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629021745-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629024001-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629024001-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629024833-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629024833-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629030009-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629030009-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629031907-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629031907-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629032015-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629032015-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629034020-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629034020-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629040026-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629040026-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629042033-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629042033-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629044050-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629044050-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629045129-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629045129-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629050057-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629050057-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629051957-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629051957-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629052206-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629052206-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629054007-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629054007-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629060021-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629060021-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629062024-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629062024-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629062339-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629062339-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629063931-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629063931-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629064040-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629064040-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629070054-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629070054-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629072059-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629072059-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629072513-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629072513-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629074007-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629074007-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629075051-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629075051-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629080021-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629080021-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629081155-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629081155-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629082024-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629082024-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629082647-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629082647-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629084034-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629084034-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629085739-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629085739-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629090053-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629090053-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629092008-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629092008-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629092834-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629092834-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629094013-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629094013-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629094323-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629094323-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629100036-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629100036-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629102045-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629102045-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629103015-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629103015-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629104051-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629104051-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629110002-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629110002-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629110108-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629110108-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629112009-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629112009-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629113147-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629113147-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629114013-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629114013-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629120238-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629120238-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629121727-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629121727-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629123321-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629123321-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629130414-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629130414-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629140535-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629140535-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629143611-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629143611-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629145112-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629145112-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629150709-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629150709-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629160839-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629160839-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629163916-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629163916-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629171002-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629171002-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629174041-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629174041-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629181121-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629181121-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629191243-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629191243-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629211519-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629211519-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629220052-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629220052-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629221645-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629221645-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629223032-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629223032-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629223135-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629223135-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629224728-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629224728-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629230022-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629230022-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629231817-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629231817-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629232028-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629232028-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629234028-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629234028-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629234855-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120629234855-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630001016-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630001016-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630001946-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630001946-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630003023-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630003023-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630004054-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630004054-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630005027-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630005027-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630010009-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630010009-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630012008-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630012008-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630012115-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630012115-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630020958-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630020958-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630022237-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630022237-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630025320-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630025320-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630030046-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630030046-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630032357-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630032357-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630035021-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630035021-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630035442-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630035442-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630042521-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630042521-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630045042-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630045042-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630045611-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630045611-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630052029-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630052029-m.list
c:\users\Phil\AppData\Local\blekkotb_031\data\120630052650-l.list
c:\users\Phil\AppData\Local\blekkotb_031\data\temp.zip.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-30 )))))))))))))))))))))))))))))))
.
.
2012-06-30 19:29 . 2012-06-30 19:29 -------- d-----w- c:\users\Phil\AppData\Local\blekkotb_031
2012-06-30 19:28 . 2012-06-30 19:29 -------- d-----w- c:\users\Phil\AppData\Local\temp
2012-06-30 19:28 . 2012-06-30 19:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-29 15:45 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{55F3D795-0AAC-42A9-A429-74DA165954C0}\mpengine.dll
2012-06-27 13:52 . 2012-06-27 13:52 -------- d-----w- c:\program files\Common Files\Java
2012-06-27 13:47 . 2012-06-27 13:47 -------- d-----w- c:\program files\Oracle
2012-06-27 13:46 . 2012-05-04 23:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-26 15:52 . 2012-06-26 15:52 -------- d-----w- c:\users\Phil\AppData\Roaming\Canneverbe Limited
2012-06-26 15:52 . 2012-06-26 15:52 -------- d-----w- c:\programdata\Canneverbe Limited
2012-06-26 15:51 . 2012-06-26 15:52 -------- d-----w- c:\program files\CDBurnerXP
2012-06-25 17:49 . 2012-06-25 17:49 -------- d-----w- c:\users\Phil\AppData\Roaming\dvdcss
2012-06-25 17:32 . 2012-06-25 17:32 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2012-06-19 15:48 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 15:48 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 15:48 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 15:48 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 15:47 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-19 15:47 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 15:47 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 15:47 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 15:47 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 01:27 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 01:27 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 01:27 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 01:27 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 01:27 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 20:57 . 2012-05-02 13:44 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 20:57 . 2011-05-17 15:26 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-04 23:29 . 2010-06-02 00:13 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56 . 2010-11-16 20:45 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:16 . 2012-05-10 18:10 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-10 18:10 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-08 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-20 3905408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-11 6957600]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-07 4241512]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-02 249600]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-08-08 30192]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-19 866824]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-08-08 200704]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-11 1833504]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-19 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePower Management]
2009-02-06 16:07 686624 ----a-w- c:\program files\Acer\Acer ePower Management\ePowerTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
2007-11-26 18:21 3387392 ----a-w- c:\program files\Acer\Acer Registration\ACE1.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 15:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-03-08 22:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 20:57]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 20:14]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 20:14]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2820552551-3219308499-3261675547-1000Core.job
- c:\users\Phil\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-13 21:32]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2820552551-3219308499-3261675547-1000UA.job
- c:\users\Phil\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-13 21:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sympatico.ca/defaultf.aspx
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0809&m=aspire_5536
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Search Image on TinEye - file://c:\users\Phil\Documents\TinEye 1.0\TinEye.js
TCP: DhcpNameServer = 192.168.2.1
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://elklake.viewnetcam.com:50000/SysCamInst.cab
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-blekkotb_031 - c:\program files\blekkotb_031\uninstall.exe
AddRemove-conduitEngine - c:\program files\ConduitEngine\ConduitEngineUninstall.exe
AddRemove-Elf_1.13 Toolbar - c:\program files\Elf_1.13\uninstall.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\progra~2\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3148)
c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Acer\Acer ePower Management\ePowerSvc.exe
c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\TeamViewer\Version6\TeamViewer_Service.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\users\Phil\AppData\Local\Temp\RtkBtMnt.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2012-06-30 15:35:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-30 19:35
ComboFix2.txt 2012-06-30 15:24
ComboFix3.txt 2012-06-29 23:31
.
Pre-Run: 114,642,599,936 bytes free
Post-Run: 114,583,891,968 bytes free
.
- - End Of File - - 3753187302FA28EFE1EBF4643993242F
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,458 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
30-Jun-2012, 04:03 PM #11
Ok post ESET log when you`re ready...
SCAREFACE5's Avatar
SCAREFACE5 SCAREFACE5 is offline
Computer Specs
Member with 14 posts.
THREAD STARTER
 
Join Date: Jun 2012
Experience: Beginner
30-Jun-2012, 05:35 PM #12
here is the ESET log:

C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM41.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM44.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM63.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Yontoo\YontooIEClient.dll.vir a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\Phil\Downloads\cnet2_SetupImgBurn_2_5_7_0_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,458 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
30-Jun-2012, 05:58 PM #13
Please download OTM by OldTimer.

Alternative Mirror 1
Alternative Mirror 2

Save it to your desktop.

Double click OTM.exe to start the tool. Vista or Windows 7 users accept UAC alert. Be aware all processes will stopped during run, also Desktop will disappear, this will be put back on completion....
  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:
    :Files
    ipconfig /flushdns /c
    c:\users\Phil\AppData\Local\blekkotb_031
    :Commands
    [ClearAllRestorePoints]
    [EmptyTemp]
    [resethosts]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Let me see that log, tell how your system is responding also if any issues/concerns remain..

Kevin
SCAREFACE5's Avatar
SCAREFACE5 SCAREFACE5 is offline
Computer Specs
Member with 14 posts.
THREAD STARTER
 
Join Date: Jun 2012
Experience: Beginner
30-Jun-2012, 07:29 PM #14
Avast warned of a blocked rootkit as soon as I clicked on the link "Please download OTM by Oldtimer"here is the warning : Infection Details
URL: "http://oldtimer.geekstogo.com/OTM.exe"
Process: "C:\Program Files\Internet Explorer\iexp...
Infection: "Win32:Rootkit-gen [Rtk]"
SCAREFACE5's Avatar
SCAREFACE5 SCAREFACE5 is offline
Computer Specs
Member with 14 posts.
THREAD STARTER
 
Join Date: Jun 2012
Experience: Beginner
30-Jun-2012, 07:56 PM #15
Kevin here is the OTM log

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Phil\Downloads\cmd.bat deleted successfully.
C:\Users\Phil\Downloads\cmd.txt deleted successfully.
c:\users\Phil\AppData\Local\blekkotb_031\data folder moved successfully.
c:\users\Phil\AppData\Local\blekkotb_031 folder moved successfully.
========== COMMANDS ==========

Restore point Set: OTM Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 75 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Phil
->Temp folder emptied: 757401 bytes
->Temporary Internet Files folder emptied: 41119237 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 7295159 bytes
->Flash cache emptied: 57986 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 53248 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\ Temporary Internet Files folder emptied: 3114885 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deploy ment folder emptied: 741 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 50.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTM by OldTimer - Version 3.1.19.0 log created on 06302012_194253
Files moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑