1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

AdWare.Win32.Zwangi.v

Discussion in 'Virus & Other Malware Removal' started by SCAREFACE5, Jun 29, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. SCAREFACE5

    SCAREFACE5 Thread Starter

    Joined:
    Jun 29, 2012
    Messages:
    14
    Avast found this during a complete scan and put it in chest: AdWare.Win32.Zwangi.v
    This is my first post in your forum and wpop-upsould appreciate your help.Symptoms are slow computer,random freeze,pop-ups,strange behavior.


    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft® Windows Vista™ Home Premium, Service Pack 2, 32 bit
    Processor: AMD Athlon(tm) X2 Dual-Core QL-64, x64 Family 17 Model 3 Stepping 1
    Processor Count: 2
    RAM: 2813 Mb
    Graphics Card: ATI Radeon HD 3200 Graphics, 256 Mb
    Hard Drives: C: Total - 228472 MB, Free - 109687 MB;
    Motherboard: Acer, JV50PU
    Antivirus: avast! Antivirus, Updated and Enabled

    As requested in your instructions here are my logs

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:03:29 PM, on 6/29/2012
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16446)
    Boot mode: Normal
    Running processes:
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    C:\Users\Phil\AppData\Local\Temp\RtkBtMnt.exe
    C:\Windows\PLFSetI.exe
    C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Windows\system32\Dwm.exe
    C:\Users\Phil\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Phil\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Phil\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Phil\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Phil\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Phil\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0809&m=aspire_5536
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/defaultf.aspx
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0809&m=aspire_5536
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?st=2&barid={E151297C-482B-11E1-8880-001F16AAA148}
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    R3 - URLSearchHook: Elf 1.13 Toolbar - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf0.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\sdhelper.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    O2 - BHO: blekko search bar - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files\blekkotb_031\blekkotb_019X.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Elf 1.13 - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf0.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O3 - Toolbar: Elf 1.13 Toolbar - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf0.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: blekko search bar - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files\blekkotb_031\blekkotb_019X.dll
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
    O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
    O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Phil\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Search Image on TinEye - file://C:\Users\Phil\Documents\TinEye 1.0\TinEye.js
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\sdhelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\sdhelper.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://elklake.viewnetcam.com:50000/SysCamInst.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-ca.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate1ca66305065ca40) (gupdate1ca66305065ca40) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    --
    End of file - 12255 bytes

    DDS.TXT

    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
    Run by Phil at 14:23:48 on 2012-06-29
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1584 [GMT -4:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    C:\Windows\system32\svchost.exe -k HsfXAudioService
    C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
    C:\Users\Phil\AppData\Local\Temp\RtkBtMnt.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Windows\PLFSetI.exe
    C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.sympatico.ca/defaultf.aspx
    uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0809&m=aspire_5536
    uSearch Bar = hxxp://www.google.com/ie
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0809&m=aspire_5536
    mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0809&m=aspire_5536
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
    uURLSearchHooks: Elf 1.13 Toolbar: {b80f591e-fe9a-46cf-a13e-180377240586} - c:\program files\elf_1.13\prxtbElf0.dll
    mURLSearchHooks: Elf 1.13 Toolbar: {b80f591e-fe9a-46cf-a13e-180377240586} - c:\program files\elf_1.13\prxtbElf0.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\sdhelper.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
    BHO: blekko search bar: {8769adce-dba5-48e9-afb5-67b12cdf2e61} - c:\program files\blekkotb_031\blekkotb_019X.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Elf 1.13 Toolbar: {b80f591e-fe9a-46cf-a13e-180377240586} - c:\program files\elf_1.13\prxtbElf0.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
    BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
    TB: Elf 1.13 Toolbar: {b80f591e-fe9a-46cf-a13e-180377240586} - c:\program files\elf_1.13\prxtbElf0.dll
    TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: blekko search bar: {8769adce-dba5-48e9-afb5-67b12cdf2e61} - c:\program files\blekkotb_031\blekkotb_019X.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [msnmsgr] ~"c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [Google Update] "c:\users\phil\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
    mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
    mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [BackupManagerTray] "c:\program files\newtech infosystems\acer backup manager\BackupManagerTray.exe" -k
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [LManager] c:\program files\launch manager\LManager.exe
    mRun: [PLFSetI] c:\windows\PLFSetI.exe
    mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Anti-phishing Domain Advisor] "c:\programdata\anti-phishing domain advisor\visicom_antiphishing.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Search Image on TinEye - file://c:\users\phil\documents\tineye 1.0\TinEye.js
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\sdhelper.dll
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://elklake.viewnetcam.com:50000/SysCamInst.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-ca.cab
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{14D842BA-F967-4AB2-8F57-6CA2466D98EA} : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{40BB3828-1431-4235-9BEA-51467DE7403D} : DhcpNameServer = 192.168.2.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-23 612184]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-10-4 337880]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-4 20696]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-10-4 57688]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-24 44768]
    R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2009-8-8 653856]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2008-1-20 21504]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-4-1 54528]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
    R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-10-9 2358656]
    R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-9-4 223232]
    R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-8-8 22072]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1ca66305065ca40;Google Update Service (gupdate1ca66305065ca40);c:\program files\google\update\GoogleUpdate.exe [2009-11-15 133104]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-2 257696]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-20 179712]
    S3 cpuz134;cpuz134;c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys [2011-1-3 20328]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-4-16 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
    S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-8-8 30192]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-15 133104]
    S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-06-29 17:27:22 -------- d-----w- c:\users\phil\appdata\local\{E881403B-32D7-4069-B8F4-562E9C23ED74}
    2012-06-29 17:27:19 -------- d-----w- c:\users\phil\appdata\local\{BD6D1C2C-1A9E-4FD6-AB1D-2858D136C4A6}
    2012-06-29 15:45:06 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{55f3d795-0aac-42a9-a429-74da165954c0}\mpengine.dll
    2012-06-28 19:39:36 -------- d-----w- c:\users\phil\appdata\local\{CC1DCA66-39DF-41E2-89B5-E3C77C467661}
    2012-06-28 19:39:31 -------- d-----w- c:\users\phil\appdata\local\{F6DB95A5-009F-4DA9-BC5D-038000B14EBE}
    2012-06-28 15:05:58 -------- d-----w- c:\users\phil\appdata\local\{3EFD9FBA-3B4A-44EA-8ACD-6D415DD0D27B}
    2012-06-27 14:17:20 -------- d-----w- c:\users\phil\appdata\local\{B566A19E-DF32-4C4F-8379-503875FE69B7}
    2012-06-27 14:17:17 -------- d-----w- c:\users\phil\appdata\local\{41561D94-D9A4-4588-8329-E045D76461E8}
    2012-06-27 13:47:23 -------- d-----w- c:\program files\Oracle
    2012-06-27 13:46:34 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-06-26 15:52:15 -------- d-----w- c:\users\phil\appdata\roaming\Canneverbe Limited
    2012-06-26 15:52:15 -------- d-----w- c:\programdata\Canneverbe Limited
    2012-06-26 02:11:35 -------- d-----w- c:\users\phil\appdata\local\{35EE7985-A110-4400-95C5-918F22B89384}
    2012-06-26 02:11:33 -------- d-----w- c:\users\phil\appdata\local\{38F214B4-2A1F-4BD5-9351-B1C071217EAA}
    2012-06-26 01:47:02 -------- d-----w- c:\users\phil\appdata\local\{F412997C-9967-404F-9E69-5E8D056B9144}
    2012-06-25 17:33:01 -------- d-----w- c:\programdata\blekko toolbars
    2012-06-25 17:32:57 -------- d-----w- c:\program files\Yontoo
    2012-06-25 17:32:54 -------- d-----w- c:\program files\blekkotb_031
    2012-06-25 17:32:51 -------- d-----w- c:\programdata\Tarma Installer
    2012-06-25 17:32:50 -------- d-----w- c:\users\phil\appdata\local\blekkotb_031
    2012-06-25 17:32:46 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
    2012-06-21 13:44:19 -------- d-----w- c:\users\phil\appdata\local\{69B6C912-A0C6-4F03-AE9F-90ADA5A06222}
    2012-06-21 13:44:17 -------- d-----w- c:\users\phil\appdata\local\{2B574878-8717-4953-A324-EAA07A7B7380}
    2012-06-19 15:48:41 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-19 15:47:59 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-19 15:47:40 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-19 15:47:40 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-18 20:14:49 -------- d-----w- c:\users\phil\appdata\local\{C83A0BEE-02C5-4665-A9E2-8AC1D7E3BFB9}
    2012-06-18 20:14:45 -------- d-----w- c:\users\phil\appdata\local\{C0537E5C-8EF2-4EED-8E83-070BB5490768}
    2012-06-14 01:27:54 984064 ----a-w- c:\windows\system32\crypt32.dll
    2012-06-14 01:27:54 133120 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-06-14 01:27:53 98304 ----a-w- c:\windows\system32\cryptnet.dll
    2012-06-14 01:27:36 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-14 01:27:34 2045440 ----a-w- c:\windows\system32\win32k.sys
    2012-06-14 01:24:06 -------- d-----w- c:\users\phil\appdata\local\{25AFBE34-46A7-424B-B6F8-AFB54B4F49CD}
    2012-06-14 01:23:51 -------- d-----w- c:\users\phil\appdata\local\{979788EC-9B80-480C-93A0-347355E0F200}
    2012-06-13 00:20:48 -------- d-----w- c:\users\phil\appdata\local\{0F7BC9D3-C3DC-4B3E-B7EB-5DBDC2A46EAE}
    2012-06-13 00:20:45 -------- d-----w- c:\users\phil\appdata\local\{0D5B6DD9-918A-4CA5-B7AE-D87DD8E35917}
    2012-06-11 21:26:49 -------- d-----w- c:\users\phil\appdata\local\{1E5D2B47-C581-43F7-A62B-37724F5CF772}
    2012-06-11 21:26:44 -------- d-----w- c:\users\phil\appdata\local\{37E90820-F2DB-4279-A0FD-3E5C405BEC1B}
    2012-06-11 11:07:59 -------- d-----w- c:\users\phil\appdata\local\{2EA1DCC9-A4F5-475C-A1CE-BE8C3BA19BEC}
    2012-06-11 11:07:52 -------- d-----w- c:\users\phil\appdata\local\{6834FFBF-9007-445D-8C3A-2C266548D1E5}
    2012-06-10 20:22:46 -------- d-----w- c:\users\phil\appdata\local\{2FC1EA94-F4D4-419F-9959-730DCC1D5FC3}
    2012-06-10 20:22:43 -------- d-----w- c:\users\phil\appdata\local\{A1DA3AE3-ECF3-4CC3-9972-BEA273D5BB0C}
    2012-06-10 00:08:07 -------- d-----w- c:\users\phil\appdata\local\{394C5B99-3E31-46AA-82B2-B4F62C0FB92B}
    2012-06-10 00:07:59 -------- d-----w- c:\users\phil\appdata\local\{BA1E22E3-CD72-4BFD-BE17-3E650B79EC1F}
    2012-06-08 14:35:38 -------- d-----w- c:\users\phil\appdata\local\{0ED82A53-A434-4268-B8BF-75F8060A6CDB}
    2012-06-08 14:35:35 -------- d-----w- c:\users\phil\appdata\local\{0A99AF5A-A6C5-42E7-9A40-5D61E524FE63}
    2012-06-07 16:37:49 -------- d-----w- c:\users\phil\appdata\local\{BED26DE1-3A2F-4DB6-892E-1995A4D2D91D}
    2012-06-07 16:37:47 -------- d-----w- c:\users\phil\appdata\local\{640C698A-AC10-4CA3-AA1B-B1F0A847AB3A}
    2012-06-06 22:00:23 -------- d-----w- c:\users\phil\appdata\local\{37DEAF08-F2BD-41C0-A630-03AF1A1006E8}
    2012-06-06 22:00:22 -------- d-----w- c:\users\phil\appdata\local\{3A86F3F0-FD71-4F41-A38C-A6A64E1770F6}
    2012-06-04 15:08:57 -------- d-----w- c:\users\phil\appdata\local\{B9C94088-259F-45DA-B99B-0F3C40F027BC}
    2012-06-04 15:08:55 -------- d-----w- c:\users\phil\appdata\local\{5C3BF608-08F8-4C57-B724-52611D470167}
    2012-06-03 17:13:33 -------- d-----w- c:\users\phil\appdata\local\{BD6068D4-80C5-4E40-B6AE-8F254887C636}
    2012-06-03 17:13:31 -------- d-----w- c:\users\phil\appdata\local\{9326B342-E66B-4B32-A771-E9660715C409}
    2012-06-02 13:26:19 -------- d-----w- c:\users\phil\appdata\local\{E429902F-8BAD-421D-99E8-ACFEB4B98123}
    2012-06-02 13:26:16 -------- d-----w- c:\users\phil\appdata\local\{78B73113-A0E3-4572-BDA7-01B35B8DDCDC}
    2012-06-01 19:48:31 -------- d-----w- c:\users\phil\appdata\local\{C76FA1A4-314A-4D02-BABC-574817969919}
    2012-06-01 19:48:28 -------- d-----w- c:\users\phil\appdata\local\{0BA1AB8E-85D4-463B-968D-888D645208F5}
    2012-05-31 16:08:12 -------- d-----w- c:\users\phil\appdata\local\{C0610ABA-2E20-4B22-B2DD-3B4D635B548B}
    2012-05-31 16:08:09 -------- d-----w- c:\users\phil\appdata\local\{9817B92D-86F7-4226-AF9C-D7C4494F5860}
    .
    ==================== Find3M ====================
    .
    2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
    2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-05-05 20:57:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-05-05 20:57:07 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-04 23:29:16 687504 ----a-w- c:\windows\system32\deployJava1.dll
    2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    .
    ============= FINISH: 14:26:01.47 ===============

    dds.att

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 8/8/2009 2:22:46 AM
    System Uptime: 6/29/2012 11:32:48 AM (3 hours ago)
    .
    Motherboard: Acer | | JV50PU
    Processor: AMD Athlon(tm) X2 Dual-Core QL-64 | Socket S1G2 | 2100/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 223 GiB total, 107.126 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP799: 6/19/2012 11:47:09 AM - Windows Update
    RP800: 6/19/2012 12:01:35 PM - Windows Update
    RP801: 6/21/2012 4:31:39 PM - Scheduled Checkpoint
    RP802: 6/22/2012 12:11:10 PM - Scheduled Checkpoint
    RP803: 6/24/2012 9:39:47 AM - Scheduled Checkpoint
    RP804: 6/25/2012 3:35:25 PM - Scheduled Checkpoint
    RP805: 6/26/2012 9:31:48 AM - Windows Update
    RP806: 6/27/2012 9:44:52 AM - Installed Java(TM) 7 Update 5
    RP807: 6/27/2012 9:46:45 AM - Installed JavaFX 2.1.1
    RP808: 6/27/2012 9:57:58 AM - Removed QuickTime
    RP809: 6/28/2012 3:23:01 PM - Scheduled Checkpoint
    RP810: 6/29/2012 11:43:47 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Acer Backup Manager
    Acer Crystal Eye webcam Ver:1.1.74.216
    Acer ePower Management
    Acer eRecovery Management
    Acer GridVista
    Acer Registration
    Acer ScreenSaver
    Acrobat.com
    Adobe Acrobat 4.0
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Photoshop Elements 2.0
    Adobe Reader 9.5.1
    AMD USB Audio Driver Filter
    Anti-phishing Domain Advisor
    ATI Catalyst Install Manager
    Auslogics Disk Defrag
    avast! Free Antivirus
    Backup Manager Basic
    blekko search bar
    Broadcom Gigabit NetLink Controller
    Canon ScanGear Toolbox 3.1
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    CDBurnerXP
    Chinese Simplified Fonts Support For Adobe Reader 9
    Compatibility Pack for the 2007 Office system
    Conduit Engine
    D3DX10
    Elf 1.13 Toolbar
    Google Chrome
    Google Desktop
    Google Toolbar for Internet Explorer
    Google Update Helper
    GPL Ghostscript 8.70
    HDAUDIO Soft Data Fax Modem with SmartCP
    HiJackThis
    honestech VHS to DVD 5.0 Deluxe
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Inkscape 0.46
    Japanese Fonts Support For Adobe Reader 9
    Java Auto Updater
    Java(TM) 6 Update 31
    Java(TM) 7 Update 5
    JavaFX 2.1.1
    Junk Mail filter update
    Launch Manager
    Luxor Deluxe
    Malwarebytes Anti-Malware version 1.61.0.1400
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office PowerPoint Viewer 2007 (French)
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NTI Backup Now 5
    NTI Backup Now Standard
    NTI Media Maker 8
    OGA Notifier 2.0.0048.0
    PC Wizard 2010.1.96
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Scan Manager 5.2
    Scribus 1.3.3.13
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Segoe UI
    Skype Click to Call
    Skype™ 5.5
    Spelling Dictionaries Support For Adobe Reader 9
    Spybot - Search & Destroy
    SpywareBlaster 4.4
    SUPERAntiSpyware
    SweetIM for Messenger 3.6
    SweetIM Toolbar for Internet Explorer 4.2
    Synaptics Pointing Device Driver
    TeamViewer 6
    TinEye Internet Explorer plugin 1.0
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    USB2.0 VIDBOX NW03
    VLC media player 1.1.5
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinPatrol 2009
    Yahoo! Install Manager
    Yahoo! Software Update
    Yahoo! Toolbar
    Yontoo 1.10.02
    Zylom Games Player Plugin
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/29/2012 11:34:36 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 0017C499B723 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    6/29/2012 11:34:03 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    6/29/2012 1:49:41 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 0017C499B723 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    6/26/2012 9:14:03 AM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0017C499B723. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    6/22/2012 9:08:28 AM, Error: disk [11] - The driver detected a controller error on \Device\Harddisk0\DR0.
    .
    ==== End Of File ===========================

    GMER LOG

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-06-29 14:38:57
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000005e WDC_WD25 rev.11.0
    Running: ezqscncu.exe; Driver: C:\Users\Phil\AppData\Local\Temp\kgldapod.sys

    ---- System - GMER 1.0.15 ----
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x9087ED92]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
    ---- Devices - GMER 1.0.15 ----
    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
    Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    ---- EOF - GMER 1.0.15 ----
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,155
    Run the following and post the logs please:

    Download OTL from any of the following links and save to your desktop.

    Link 1
    Link 2
    Link3

    Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)

    • Please check the box next to "LOP check" and "Purtiy check"
    • Click Run Scan and let the program run uninterrupted.
    • When the scan is complete, two text files will be created on your Desktop.
    • OTL.Txt <- this one will be opened
    • Extras.txt <- this one will be minimized

    Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

    Kevin.. :)
     
  3. SCAREFACE5

    SCAREFACE5 Thread Starter

    Joined:
    Jun 29, 2012
    Messages:
    14
    kevinf80 Thanks for your prompt response,here are the logs.

    OTL logfile created on: 6/29/2012 4:38:33 PM - Run 1
    OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Phil\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.75 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 54.44% Memory free
    5.72 Gb Paging File | 4.19 Gb Available in Paging File | 73.21% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 223.12 Gb Total Space | 107.11 Gb Free Space | 48.01% Space Free | Partition Type: NTFS

    Computer Name: PHIL-PC | User Name: Phil | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/06/29 16:37:32 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Phil\Downloads\OTL.com
    PRC - [2012/06/28 19:31:18 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Phil\AppData\Local\Temp\RtkBtMnt.exe
    PRC - [2012/06/20 19:23:58 | 003,905,408 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    PRC - [2012/05/05 16:57:06 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
    PRC - [2012/05/03 14:07:40 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
    PRC - [2012/03/06 20:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2012/03/06 20:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2012/02/25 13:33:05 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    PRC - [2011/08/30 12:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
    PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2009/10/10 17:07:08 | 000,320,832 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    PRC - [2009/08/08 14:48:21 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
    PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/04/01 21:06:08 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    PRC - [2009/04/01 21:06:02 | 000,054,528 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    PRC - [2009/02/18 23:42:50 | 000,866,824 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
    PRC - [2009/02/06 12:07:06 | 000,653,856 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/29 11:34:25 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
    MOD - [2012/06/29 11:34:23 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    MOD - [2012/06/15 17:02:11 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
    MOD - [2012/06/14 08:29:15 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
    MOD - [2012/06/14 08:29:03 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
    MOD - [2012/05/11 09:37:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
    MOD - [2012/05/11 09:36:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
    MOD - [2012/05/11 09:36:38 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll
    MOD - [2012/05/11 09:17:08 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
    MOD - [2012/05/11 09:14:57 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
    MOD - [2012/05/11 09:14:47 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
    MOD - [2011/11/02 13:13:26 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    MOD - [2011/11/02 13:13:26 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    MOD - [2009/09/14 18:36:08 | 000,506,711 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
    MOD - [2009/08/08 14:48:21 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
    MOD - [2009/08/08 02:22:30 | 001,728,512 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3364.37101__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
    MOD - [2009/08/08 02:22:30 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3364.37179__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
    MOD - [2009/08/08 02:22:30 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3364.37083__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
    MOD - [2009/08/08 02:22:30 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3364.37103__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
    MOD - [2009/08/08 02:22:30 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3364.37160__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
    MOD - [2009/08/08 02:22:30 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3364.37091__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
    MOD - [2009/08/08 02:22:30 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3364.37141__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
    MOD - [2009/08/08 02:22:30 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3364.37097__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
    MOD - [2009/08/08 02:22:30 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3364.37128__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
    MOD - [2009/08/08 02:22:30 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3364.37092__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
    MOD - [2009/08/08 02:22:29 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3364.37130__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
    MOD - [2009/08/08 02:22:29 | 000,712,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3364.37092__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
    MOD - [2009/08/08 02:22:29 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3364.37104__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
    MOD - [2009/08/08 02:22:29 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3364.37155__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
    MOD - [2009/08/08 02:22:29 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3364.37146__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
    MOD - [2009/08/08 02:22:29 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3364.37103__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
    MOD - [2009/08/08 02:22:29 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3364.37179__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
    MOD - [2009/08/08 02:22:29 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3364.37180__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
    MOD - [2009/08/08 02:22:29 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3364.37139__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
    MOD - [2009/08/08 02:22:29 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3364.37147__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
    MOD - [2009/08/08 02:22:29 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3364.37129__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
    MOD - [2009/08/08 02:22:29 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3364.37146__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
    MOD - [2009/08/08 02:22:29 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3364.37178__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
    MOD - [2009/08/08 02:22:29 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3364.37107__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
    MOD - [2009/08/08 02:22:29 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3364.37138__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
    MOD - [2009/08/08 02:22:28 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3364.37129__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
    MOD - [2009/08/08 02:22:28 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3364.37140__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
    MOD - [2009/08/08 02:22:28 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3364.37108__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
    MOD - [2009/08/08 02:22:28 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll
    MOD - [2009/08/08 02:22:28 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3364.37128__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
    MOD - [2009/08/08 02:22:28 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
    MOD - [2009/08/08 02:22:28 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
    MOD - [2009/08/08 02:22:28 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3364.37129__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
    MOD - [2009/08/08 02:22:28 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll
    MOD - [2009/08/08 02:22:28 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3364.37140__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
    MOD - [2009/08/08 02:22:28 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll
    MOD - [2009/08/08 02:22:28 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll
    MOD - [2009/08/08 02:22:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll
    MOD - [2009/08/08 02:22:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
    MOD - [2009/08/08 02:22:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
    MOD - [2009/08/08 02:22:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll
    MOD - [2009/08/08 02:22:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
    MOD - [2009/08/08 02:22:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
    MOD - [2009/08/08 02:22:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll
    MOD - [2009/08/08 02:22:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll
    MOD - [2009/08/08 02:22:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
    MOD - [2009/08/08 02:22:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll
    MOD - [2009/08/08 02:22:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
    MOD - [2009/08/08 02:22:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
    MOD - [2009/08/08 02:22:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
    MOD - [2009/08/08 02:22:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
    MOD - [2009/08/08 02:22:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
    MOD - [2009/08/08 02:22:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
    MOD - [2009/08/08 02:22:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
    MOD - [2009/08/08 02:22:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
    MOD - [2009/08/08 02:22:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
    MOD - [2009/08/08 02:22:28 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
    MOD - [2009/08/08 02:22:27 | 000,503,808 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3364.37207__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
    MOD - [2009/08/08 02:22:27 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3364.37174__90ba9c70f846762e\MOM.Implementation.dll
    MOD - [2009/08/08 02:22:27 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
    MOD - [2009/08/08 02:22:27 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3364.37172__90ba9c70f846762e\LOG.Foundation.Implementation.dll
    MOD - [2009/08/08 02:22:27 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
    MOD - [2009/08/08 02:22:27 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
    MOD - [2009/08/08 02:22:27 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
    MOD - [2009/08/08 02:22:27 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
    MOD - [2009/08/08 02:22:27 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3364.37188__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
    MOD - [2009/08/08 02:22:27 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
    MOD - [2009/08/08 02:22:27 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
    MOD - [2009/08/08 02:22:27 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll
    MOD - [2009/08/08 02:22:27 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
    MOD - [2009/08/08 02:22:27 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
    MOD - [2009/08/08 02:22:27 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
    MOD - [2009/08/08 02:22:27 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
    MOD - [2009/08/08 02:22:27 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
    MOD - [2009/08/08 02:22:27 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
    MOD - [2009/08/08 02:22:27 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
    MOD - [2009/08/08 02:22:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
    MOD - [2009/08/08 02:22:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
    MOD - [2009/08/08 02:22:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
    MOD - [2009/08/08 02:22:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll
    MOD - [2009/08/08 02:22:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll
    MOD - [2009/08/08 02:22:27 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
    MOD - [2009/08/08 02:22:27 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
    MOD - [2009/08/08 02:22:27 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3364.37078__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
    MOD - [2009/08/08 02:22:26 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3364.37087__90ba9c70f846762e\CLI.Component.Dashboard.dll
    MOD - [2009/08/08 02:22:26 | 000,544,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3364.37168__90ba9c70f846762e\CLI.Component.Systemtray.dll
    MOD - [2009/08/08 02:22:26 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3364.37097__90ba9c70f846762e\CLI.Component.Wizard.dll
    MOD - [2009/08/08 02:22:26 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3364.37080__90ba9c70f846762e\CLI.Component.Runtime.dll
    MOD - [2009/08/08 02:22:26 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3364.37081__90ba9c70f846762e\ATIDEMOS.dll
    MOD - [2009/08/08 02:22:26 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3364.37080__90ba9c70f846762e\APM.Server.dll
    MOD - [2009/08/08 02:22:26 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3364.37082__90ba9c70f846762e\CLI.Component.SkinFactory.dll
    MOD - [2009/08/08 02:22:26 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
    MOD - [2009/08/08 02:22:26 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3364.37079__90ba9c70f846762e\AEM.Server.dll
    MOD - [2009/08/08 02:22:26 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll
    MOD - [2009/08/08 02:22:26 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
    MOD - [2009/08/08 02:22:26 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
    MOD - [2009/08/08 02:22:26 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3364.37173__90ba9c70f846762e\CCC.Implementation.dll
    MOD - [2009/08/08 02:22:26 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
    MOD - [2009/08/08 02:22:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
    MOD - [2009/08/08 02:22:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
    MOD - [2009/03/18 23:16:10 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
    MOD - [2009/02/02 17:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
    MOD - [2009/01/26 14:56:58 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
    MOD - [2003/06/07 17:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/05/05 16:57:11 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/03/06 20:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011/08/30 12:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
    SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2009/04/01 21:06:02 | 000,054,528 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
    SRV - [2009/02/06 12:07:06 | 000,653,856 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
    SRV - [2009/01/16 14:53:30 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
    SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Phil\AppData\Local\Temp\mbr.sys -- (mbr)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Phil\AppData\Local\Temp\kgldapod.sys -- (kgldapod)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - [2012/03/06 20:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012/03/06 20:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012/03/06 20:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2012/03/06 20:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2012/03/06 20:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2012/03/06 20:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/07/09 13:18:56 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys -- (cpuz134)
    DRV - [2009/09/30 07:53:12 | 001,184,768 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2009/03/19 00:06:28 | 004,386,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2009/02/20 22:10:00 | 000,153,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
    DRV - [2009/01/16 14:53:32 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
    DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
    DRV - [2008/10/03 13:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
    DRV - [2008/09/04 00:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
    DRV - [2008/05/28 17:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
    DRV - [2008/04/28 10:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
    DRV - [2007/06/22 18:59:24 | 000,479,232 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
    DRV - [2007/02/06 17:38:02 | 000,028,288 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0809&m=aspire_5536
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0809&m=aspire_5536
    IE - HKLM\..\URLSearchHook: {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf0.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0809&m=aspire_5536
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/defaultf.aspx
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf0.dll (Conduit Ltd.)
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
    IE - HKCU\..\SearchScopes,DefaultScope = {54656EAD-A161-4E79-AA8F-7EEFF0BD6AA0}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348d...2B776DE1889308E875BB4FE8A0B9BC&q={searchTerms}
    IE - HKCU\..\SearchScopes\{54656EAD-A161-4E79-AA8F-7EEFF0BD6AA0}: "URL" = http://www.google.ca/search?q={sear...coding}&sourceid=ie7&rlz=1I7ACAW_enCA339CA340
    IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
    FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Phil\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Phil\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)



    ========== Chrome ==========

    CHR - default_search_provider: Blekko (Enabled)
    CHR - default_search_provider: search_url = http://blekko.com/ws/?source=c3348d...2B776DE1889308E875BB4FE8A0B9BC&q={searchTerms}
    CHR - default_search_provider: suggest_url = ,
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Phil\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Phil\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Phil\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Zylom Plugin (Enabled) = C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: YouTube = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: avast! WebRep = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
    CHR - Extension: Skype Click to Call = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
    CHR - Extension: Gmail = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/02/11 11:59:29 | 000,441,503 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 15177 more lines...
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\sdhelper.dll (Safer Networking Limited)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files\blekkotb_031\blekkotb_019X.dll ()
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Elf 1.13 Toolbar) - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf0.dll (Conduit Ltd.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files\blekkotb_031\blekkotb_019X.dll ()
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Elf 1.13 Toolbar) - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Elf 1.13 Toolbar) - {B80F591E-FE9A-46CF-A13E-180377240586} - C:\Program Files\Elf_1.13\prxtbElf0.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
    O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
    O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
    O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Search Image on TinEye - file://C:\Users\Phil\Documents\TinEye 1.0\TinEye.js File not found
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\sdhelper.dll (Safer Networking Limited)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)
    O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} http://elklake.viewnetcam.com:50000/SysCamInst.cab (Panasonic Network Camera)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-ca.cab (Windows Live Hotmail Photo Upload Tool)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14D842BA-F967-4AB2-8F57-6CA2466D98EA}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40BB3828-1431-4235-9BEA-51467DE7403D}: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\Users\Phil\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Phil\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{9695b8c8-8685-11de-8058-001f16aaa148}\Shell - "" = AutoRun
    O33 - MountPoints2\{9695b8c8-8685-11de-8058-001f16aaa148}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/06/29 13:27:22 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{E881403B-32D7-4069-B8F4-562E9C23ED74}
    [2012/06/29 13:27:19 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{BD6D1C2C-1A9E-4FD6-AB1D-2858D136C4A6}
    [2012/06/28 15:39:36 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{CC1DCA66-39DF-41E2-89B5-E3C77C467661}
    [2012/06/28 15:39:31 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{F6DB95A5-009F-4DA9-BC5D-038000B14EBE}
    [2012/06/28 11:05:58 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{3EFD9FBA-3B4A-44EA-8ACD-6D415DD0D27B}
    [2012/06/27 10:17:20 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{B566A19E-DF32-4C4F-8379-503875FE69B7}
    [2012/06/27 10:17:17 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{41561D94-D9A4-4588-8329-E045D76461E8}
    [2012/06/27 09:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2012/06/27 09:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
    [2012/06/27 09:46:34 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
    [2012/06/27 09:46:34 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
    [2012/06/27 09:45:54 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2012/06/27 09:45:54 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [2012/06/26 11:52:15 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Roaming\Canneverbe Limited
    [2012/06/26 11:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
    [2012/06/26 11:51:45 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
    [2012/06/25 22:11:35 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{35EE7985-A110-4400-95C5-918F22B89384}
    [2012/06/25 22:11:33 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{38F214B4-2A1F-4BD5-9351-B1C071217EAA}
    [2012/06/25 21:47:02 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{F412997C-9967-404F-9E69-5E8D056B9144}
    [2012/06/25 13:49:14 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Roaming\dvdcss
    [2012/06/25 13:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
    [2012/06/25 13:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
    [2012/06/25 13:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\blekkotb_031
    [2012/06/25 13:32:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
    [2012/06/25 13:32:50 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\blekkotb_031
    [2012/06/25 13:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Anti-phishing Domain Advisor
    [2012/06/21 09:44:19 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{69B6C912-A0C6-4F03-AE9F-90ADA5A06222}
    [2012/06/21 09:44:17 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{2B574878-8717-4953-A324-EAA07A7B7380}
    [2012/06/19 11:48:41 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
    [2012/06/19 11:48:41 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
    [2012/06/19 11:47:59 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
    [2012/06/19 11:47:59 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
    [2012/06/19 11:47:59 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
    [2012/06/19 11:47:40 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
    [2012/06/19 11:47:40 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
    [2012/06/18 16:14:49 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{C83A0BEE-02C5-4665-A9E2-8AC1D7E3BFB9}
    [2012/06/18 16:14:45 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{C0537E5C-8EF2-4EED-8E83-070BB5490768}
    [2012/06/13 21:58:11 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2012/06/13 21:58:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2012/06/13 21:58:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2012/06/13 21:58:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2012/06/13 21:58:05 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2012/06/13 21:58:05 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2012/06/13 21:58:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2012/06/13 21:27:34 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2012/06/13 21:24:06 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{25AFBE34-46A7-424B-B6F8-AFB54B4F49CD}
    [2012/06/13 21:23:51 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{979788EC-9B80-480C-93A0-347355E0F200}
    [2012/06/12 20:20:48 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{0F7BC9D3-C3DC-4B3E-B7EB-5DBDC2A46EAE}
    [2012/06/12 20:20:45 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{0D5B6DD9-918A-4CA5-B7AE-D87DD8E35917}
    [2012/06/12 20:09:54 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2012/06/11 17:26:49 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{1E5D2B47-C581-43F7-A62B-37724F5CF772}
    [2012/06/11 17:26:44 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{37E90820-F2DB-4279-A0FD-3E5C405BEC1B}
    [2012/06/11 07:07:59 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{2EA1DCC9-A4F5-475C-A1CE-BE8C3BA19BEC}
    [2012/06/11 07:07:52 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{6834FFBF-9007-445D-8C3A-2C266548D1E5}
    [2012/06/10 16:22:46 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{2FC1EA94-F4D4-419F-9959-730DCC1D5FC3}
    [2012/06/10 16:22:43 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{A1DA3AE3-ECF3-4CC3-9972-BEA273D5BB0C}
    [2012/06/09 20:08:07 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{394C5B99-3E31-46AA-82B2-B4F62C0FB92B}
    [2012/06/09 20:07:59 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{BA1E22E3-CD72-4BFD-BE17-3E650B79EC1F}
    [2012/06/08 10:35:38 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{0ED82A53-A434-4268-B8BF-75F8060A6CDB}
    [2012/06/08 10:35:35 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{0A99AF5A-A6C5-42E7-9A40-5D61E524FE63}
    [2012/06/07 12:37:49 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{BED26DE1-3A2F-4DB6-892E-1995A4D2D91D}
    [2012/06/07 12:37:47 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{640C698A-AC10-4CA3-AA1B-B1F0A847AB3A}
    [2012/06/06 18:00:23 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{37DEAF08-F2BD-41C0-A630-03AF1A1006E8}
    [2012/06/06 18:00:22 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{3A86F3F0-FD71-4F41-A38C-A6A64E1770F6}
    [2012/06/04 11:08:57 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{B9C94088-259F-45DA-B99B-0F3C40F027BC}
    [2012/06/04 11:08:55 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{5C3BF608-08F8-4C57-B724-52611D470167}
    [2012/06/03 13:13:33 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{BD6068D4-80C5-4E40-B6AE-8F254887C636}
    [2012/06/03 13:13:31 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{9326B342-E66B-4B32-A771-E9660715C409}
    [2012/06/02 09:26:19 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{E429902F-8BAD-421D-99E8-ACFEB4B98123}
    [2012/06/02 09:26:16 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{78B73113-A0E3-4572-BDA7-01B35B8DDCDC}
    [2012/06/01 15:48:31 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{C76FA1A4-314A-4D02-BABC-574817969919}
    [2012/06/01 15:48:28 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{0BA1AB8E-85D4-463B-968D-888D645208F5}
    [2012/05/31 12:08:12 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{C0610ABA-2E20-4B22-B2DD-3B4D635B548B}
    [2012/05/31 12:08:09 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{9817B92D-86F7-4226-AF9C-D7C4494F5860}
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/06/29 16:37:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/29 16:18:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2820552551-3219308499-3261675547-1000UA.job
    [2012/06/29 16:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/06/29 15:36:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/06/29 15:36:41 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/06/29 15:36:41 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/06/29 14:00:45 | 000,002,521 | ---- | M] () -- C:\Users\Phil\Desktop\HiJackThis.lnk
    [2012/06/29 11:33:24 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/29 11:33:09 | 2951,069,696 | -HS- | M] () -- C:\hiberfil.sys
    [2012/06/28 22:48:57 | 000,157,696 | ---- | M] () -- C:\Users\Phil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/06/28 17:18:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2820552551-3219308499-3261675547-1000Core.job
    [2012/06/27 09:45:35 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2012/06/27 09:45:35 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [2012/06/26 12:28:38 | 000,001,723 | ---- | M] () -- C:\Users\Phil\Documents\Mes souvenirs (GRAVURE EXTRA).dxp
    [2012/06/26 11:52:00 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
    [2012/06/25 16:34:55 | 3567,321,088 | ---- | M] () -- C:\Users\Phil\Documents\VHS to DVD.iso
    [2012/06/21 09:02:42 | 000,001,356 | ---- | M] () -- C:\Users\Phil\AppData\Local\d3d9caps.dat
    [2012/06/14 08:24:20 | 000,294,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/06/13 22:07:11 | 000,608,644 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/06/13 22:07:11 | 000,106,114 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/06/13 07:28:40 | 000,001,383 | ---- | M] () -- C:\Users\Phil\Desktop\Google Chrome - Shortcut.lnk
    [2012/06/11 16:05:49 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/06/10 22:40:27 | 000,025,552 | ---- | M] () -- C:\Users\Phil\Documents\cc_20120610_224019.reg
    [2012/06/06 17:35:21 | 000,000,218 | ---- | M] () -- C:\Users\Phil\.recently-used.xbel
    [2012/06/02 18:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
    [2012/06/02 18:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
    [2012/06/02 18:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
    [2012/06/02 18:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
    [2012/06/02 18:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
    [2012/06/02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
    [2012/06/02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
    [2012/06/01 16:15:54 | 000,002,643 | ---- | M] () -- C:\Users\Phil\Documents\Base du mur de brique a reparer(1).lnk
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/06/26 12:28:37 | 000,001,723 | ---- | C] () -- C:\Users\Phil\Documents\Mes souvenirs (GRAVURE EXTRA).dxp
    [2012/06/26 11:52:00 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
    [2012/06/26 11:52:00 | 000,001,688 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
    [2012/06/25 16:31:49 | 3567,321,088 | ---- | C] () -- C:\Users\Phil\Documents\VHS to DVD.iso
    [2012/06/13 07:28:40 | 000,001,383 | ---- | C] () -- C:\Users\Phil\Desktop\Google Chrome - Shortcut.lnk
    [2012/06/12 20:07:42 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2820552551-3219308499-3261675547-1000UA.job
    [2012/06/12 20:07:41 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2820552551-3219308499-3261675547-1000Core.job
    [2012/06/10 22:40:22 | 000,025,552 | ---- | C] () -- C:\Users\Phil\Documents\cc_20120610_224019.reg
    [2012/06/06 17:35:21 | 000,000,218 | ---- | C] () -- C:\Users\Phil\.recently-used.xbel
    [2012/06/01 16:22:57 | 000,002,643 | ---- | C] () -- C:\Users\Phil\Documents\Base du mur de brique a reparer(1).lnk
    [2012/02/11 12:33:21 | 000,000,109 | ---- | C] () -- C:\Windows\wininit.ini
    [2011/10/20 10:36:06 | 000,000,000 | ---- | C] () -- C:\Users\Phil\AppData\Local\{365354EA-B50B-4FBC-B8DA-741C69AD9959}
    [2011/10/20 10:34:07 | 000,000,000 | ---- | C] () -- C:\Users\Phil\AppData\Local\{07CDB7FF-0FA0-4CA5-830D-0A2233F6A134}
    [2011/10/19 09:45:30 | 000,000,000 | ---- | C] () -- C:\Users\Phil\AppData\Local\{AFA8D902-5D60-44CD-8148-1F31A80D35A1}
    [2011/10/19 09:43:30 | 000,000,000 | ---- | C] () -- C:\Users\Phil\AppData\Local\{53417C61-8AE2-4874-9F5F-A034279B8067}
    [2011/03/10 17:34:19 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
    [2011/02/11 15:15:03 | 000,008,575 | ---- | C] () -- C:\Windows\System32\D125UFW.INI

    ========== LOP Check ==========

    [2010/03/02 12:15:50 | 000,000,000 | -HSD | M] -- C:\Users\Phil\AppData\Roaming\.#
    [2009/08/08 15:07:49 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Acer
    [2009/03/10 19:11:17 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Acer GameZone Console
    [2011/01/29 14:16:04 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Auslogics
    [2012/01/20 15:28:46 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Babylon
    [2012/06/26 11:52:15 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Canneverbe Limited
    [2012/06/28 16:27:40 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Canon
    [2011/12/29 12:19:08 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2009/08/17 12:09:36 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\eSobi
    [2009/12/25 00:02:42 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\GARMIN
    [2012/06/06 17:35:19 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\gtk-2.0
    [2009/11/12 12:03:48 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Inkscape
    [2011/03/14 19:21:32 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\iWin
    [2009/08/19 21:01:23 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\PlayFirst
    [2010/02/21 15:12:56 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\SoftDMA
    [2011/01/11 14:53:12 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\TeamViewer
    [2009/12/27 17:44:05 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\vghd
    [2010/10/27 17:48:04 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Windows Live Writer
    [2009/10/12 17:35:22 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\WinPatrol
    [2009/11/21 18:29:50 | 000,000,000 | ---D | M] -- C:\Users\Phil\AppData\Roaming\Zylom
    [2012/06/28 22:59:39 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:DCAF903C
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:B203B914
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:131C0EE9
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:BB24555F
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:B623B5B8
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:CDFF58FE
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:9E22BBE8
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:4F636E25
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:ABE89FFE
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:F7862839
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:CE0A077E
    @Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:798A3728
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:35759C73
    < End of report >

    Extras.txt

    OTL Extras logfile created on: 6/29/2012 4:38:33 PM - Run 1
    OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Phil\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.75 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 54.44% Memory free
    5.72 Gb Paging File | 4.19 Gb Available in Paging File | 73.21% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 223.12 Gb Total Space | 107.11 Gb Free Space | 48.01% Space Free | Partition Type: NTFS

    Computer Name: PHIL-PC | User Name: Phil | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{3FF2E6DE-DCF5-49C4-B5C7-B889FC7B3184}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{7E14CEDC-3630-4628-A0E7-A1FDBF1E7187}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{9F79B550-88EB-4B06-B8F9-54949A47D12E}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{D9BD4C74-881A-4E84-8D01-E00E64838BB4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{147DB11A-C89B-4177-B961-E82EDADC60EB}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
    "{1EF24757-9A3B-4EEE-B6E1-ECF19CAF0AA1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{33DF161A-B6B7-4BD5-9623-4463E9A4FF12}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
    "{521715EA-F444-45B4-BC7F-5C573B2254E7}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
    "{59F2996D-918C-4F50-90BE-73F25CEC9A3B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{5AB1E77D-BF2A-4BD3-A28F-86EC236BBAA8}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{5C6AFF0F-8709-47FB-8D1A-C532F1D8F327}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
    "{83F61862-263A-48AA-B222-AF051374B8F9}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
    "{A5AB86D5-46A8-440B-B80A-64998C1264E5}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
    "{B6966198-6324-4B7D-9377-545DDA34F3F0}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
    "{CD58066D-1BB8-4CB1-9ADB-679315F6B029}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{E9AC64B3-DE72-497A-9BD3-37148530301F}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
    "TCP Query User{2C801EDD-FAAD-4318-B199-E5BB76EAC64A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{EFBA8E87-C7A4-4DDE-80D5-EBE0BD7D7C22}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{082EF4D3-37D3-2ABE-8108-95B605157DBC}" = Catalyst Control Center Localization All
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1F727AEE-3992-AAD9-E8A7-560BF4F92999}" = CCC Help Chinese Standard
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
    "{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
    "{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB2.0 VIDBOX NW03
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
    "{31AC282F-3EF7-B239-9BBA-DB606B248F2A}" = CCC Help Spanish
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{33FA7D12-4740-D665-D17C-F5F25EA6EEA6}" = CCC Help Portuguese
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
    "{3F5677C0-9871-0BEF-12DD-9E157C1ABA2E}" = CCC Help Dutch
    "{44FF002B-5AB3-4447-8F98-614387B63EE6}" = honestech VHS to DVD 5.0 Deluxe
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AEAC717-86F8-DE21-3933-8E4377797AEF}" = CCC Help Japanese
    "{52BF91FE-7B2F-E26C-7A78-42C056B4461C}" = ccc-utility
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5BF3F950-BDAF-C801-0BE4-6319CB412F9D}" = Catalyst Control Center InstallProxy
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{5FC61CFC-1CAA-7650-2755-721FFD78F8D4}" = CCC Help Swedish
    "{61C770D4-6F09-52EA-5C84-FF58F324B62B}" = CCC Help Czech
    "{63617A9B-A0EE-319B-2478-16CCDA8C945C}" = Catalyst Control Center Graphics Light
    "{65EBA8F2-A7A0-E1A8-0986-BADCE1694362}" = Catalyst Control Center Core Implementation
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69567CE7-08A6-F984-3BA1-9AE068EC7AAF}" = ATI Catalyst Install Manager
    "{6D9D1582-2E8C-491B-C337-63B6810A4426}" = CCC Help Finnish
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77411C79-3B2E-342F-D803-AB964746CE1D}" = CCC Help Italian
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7A745642-3020-E403-B67A-C19BF008687A}" = CCC Help Turkish
    "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{877D85BD-71AA-4BC0-5314-03B8D15F95A9}" = Catalyst Control Center Graphics Full Existing
    "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B542C2E-D2AC-4460-B9F2-BA5A907A544F}" = honestech VHS to DVD 5.0 Deluxe
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{92ABBA93-EE00-41C7-8D44-67D0C9DEF51E}" = Catalyst Control Center - Branding
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
    "{9B8ACEA2-BA21-4A91-A950-144FED3ED133}" = TinEye Internet Explorer plugin 1.0
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
    "{A5AC5F3C-9C4B-136A-5A21-5ADFF12B9657}" = ccc-core-static
    "{A6F8719C-479C-4656-BFF7-393584B2034A}" = CCC Help German
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2
    "{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
    "{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B6D73C82-714E-1E99-2A85-43E649F51F18}" = Catalyst Control Center Graphics Full New
    "{B7C690A8-80D8-D09B-B35F-1201AA6B6FDE}" = CCC Help French
    "{B8BE463A-E21C-8E7E-399D-CC9724283682}" = CCC Help Polish
    "{B9587DFD-225C-1B2B-4FA1-E27768140EFC}" = CCC Help Russian
    "{BB50C649-9BB5-BF21-E8C1-0CFFE263C866}" = CCC Help Chinese Traditional
    "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CBD9E015-4A3C-A3DF-6FCF-C636251DF0C8}" = CCC Help Greek
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
    "{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.74.216
    "{D0F0DEFD-538E-8B1C-A2B7-12FB5135BA21}" = CCC Help Danish
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D6E5E642-5975-C402-5EDC-181E0AAD10ED}" = CCC Help Korean
    "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E0A1559B-9886-11D4-8D06-0050DA284A39}" = Scan Manager 5.2
    "{E12E7096-E796-BB35-02BD-C7720978E481}" = CCC Help English
    "{E48A7361-D746-8706-5221-F49A207A6DD8}" = CCC Help Thai
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{ECF195B6-D7F0-B206-7A04-9F83284E9412}" = CCC Help Hungarian
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE3455C6-26CE-71F7-FC1B-7405C83451B7}" = CCC Help Norwegian
    "Acer Registration" = Acer Registration
    "Acer Screensaver" = Acer ScreenSaver
    "Adobe Acrobat 4.0" = Adobe Acrobat 4.0
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
    "Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
    "avast" = avast! Free Antivirus
    "blekkotb_031" = blekko search bar
    "Canon ScanGear Toolbox 3.1" = Canon ScanGear Toolbox 3.1
    "CCleaner" = CCleaner
    "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "conduitEngine" = Conduit Engine
    "Elf_1.13 Toolbar" = Elf 1.13 Toolbar
    "Google Desktop" = Google Desktop
    "GPL Ghostscript 8.70" = GPL Ghostscript 8.70
    "GridVista" = Acer GridVista
    "Inkscape" = Inkscape 0.46
    "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
    "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
    "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
    "LManager" = Launch Manager
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "PC Wizard 2010_is1" = PC Wizard 2010.1.96
    "Scribus 1.3.3.13" = Scribus 1.3.3.13
    "SpywareBlaster_is1" = SpywareBlaster 4.4
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TeamViewer 6" = TeamViewer 6
    "VLC media player" = VLC media player 1.1.5
    "WinLiveSuite" = Windows Live Essentials
    "WinPatrol" = WinPatrol 2009
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Software Update" = Yahoo! Software Update
    "YInstHelper" = Yahoo! Install Manager
    "Zylom Games Player Plugin" = Zylom Games Player Plugin

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "Luxor Deluxe" = Luxor Deluxe

    ========== Last 20 Event Log Errors ==========

    [ Antivirus Events ]
    Error - 11/12/2009 2:54:34 PM | Computer Name = Phil-PC | Source = avast! | ID = 33554522
    Description =

    [ Application Events ]
    Error - 5/26/2011 10:06:05 PM | Computer Name = Phil-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 5/27/2011 9:55:03 AM | Computer Name = Phil-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 5/27/2011 9:56:03 AM | Computer Name = Phil-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 5/28/2011 11:52:20 AM | Computer Name = Phil-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 5/28/2011 10:43:41 PM | Computer Name = Phil-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 5/29/2011 9:35:07 AM | Computer Name = Phil-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 5/29/2011 10:58:54 PM | Computer Name = Phil-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 5/29/2011 10:58:54 PM | Computer Name = Phil-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 5/29/2011 11:00:47 PM | Computer Name = Phil-PC | Source = EventSystem | ID = 4621
    Description =

    Error - 5/30/2011 1:02:22 PM | Computer Name = Phil-PC | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 6/28/2012 1:23:11 PM | Computer Name = Phil-PC | Source = cdrom | ID = 262151
    Description = The device, \Device\CdRom0, has a bad block.

    Error - 6/28/2012 5:04:57 PM | Computer Name = Phil-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.100 for the Network Card with network
    address 0017C499B723 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 6/28/2012 5:57:45 PM | Computer Name = Phil-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.100 for the Network Card with network
    address 0017C499B723 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 6/28/2012 5:58:15 PM | Computer Name = Phil-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 6/28/2012 7:31:20 PM | Computer Name = Phil-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 6/28/2012 9:30:52 PM | Computer Name = Phil-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 6/28/2012 10:49:12 PM | Computer Name = Phil-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 6/29/2012 11:34:03 AM | Computer Name = Phil-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 6/29/2012 11:34:36 AM | Computer Name = Phil-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.101 for the Network Card with network
    address 0017C499B723 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 6/29/2012 1:49:41 PM | Computer Name = Phil-PC | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.100 for the Network Card with network
    address 0017C499B723 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).


    < End of report >
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,155
    Thanks for the logs, run the following please :-

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

    Link 1
    Link 2

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available Here if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  5. SCAREFACE5

    SCAREFACE5 Thread Starter

    Joined:
    Jun 29, 2012
    Messages:
    14
    Combofix log

    ComboFix 12-06-28.03 - Phil 06/29/2012 19:20:30.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1464 [GMT -4:00]
    Running from: c:\users\Phil\Downloads\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Phil\AppData\Roaming\.#
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-29 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-29 23:29 . 2012-06-29 23:29 -------- d-----w- c:\users\Phil\AppData\Local\temp
    2012-06-29 23:29 . 2012-06-29 23:29 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-06-29 15:45 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{55F3D795-0AAC-42A9-A429-74DA165954C0}\mpengine.dll
    2012-06-27 13:52 . 2012-06-27 13:52 -------- d-----w- c:\program files\Common Files\Java
    2012-06-27 13:47 . 2012-06-27 13:47 -------- d-----w- c:\program files\Oracle
    2012-06-27 13:46 . 2012-05-04 23:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-06-26 15:52 . 2012-06-26 15:52 -------- d-----w- c:\users\Phil\AppData\Roaming\Canneverbe Limited
    2012-06-26 15:52 . 2012-06-26 15:52 -------- d-----w- c:\programdata\Canneverbe Limited
    2012-06-26 15:51 . 2012-06-26 15:52 -------- d-----w- c:\program files\CDBurnerXP
    2012-06-25 17:49 . 2012-06-25 17:49 -------- d-----w- c:\users\Phil\AppData\Roaming\dvdcss
    2012-06-25 17:33 . 2012-06-25 17:33 -------- d-----w- c:\programdata\blekko toolbars
    2012-06-25 17:32 . 2012-06-25 17:32 -------- d-----w- c:\program files\Yontoo
    2012-06-25 17:32 . 2012-06-25 17:33 -------- d-----w- c:\program files\blekkotb_031
    2012-06-25 17:32 . 2012-06-25 17:32 -------- d-----w- c:\programdata\Tarma Installer
    2012-06-25 17:32 . 2012-06-25 17:33 -------- d-----w- c:\users\Phil\AppData\Local\blekkotb_031
    2012-06-25 17:32 . 2012-06-25 17:32 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
    2012-06-19 15:48 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-19 15:48 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-19 15:48 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-19 15:48 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-19 15:47 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-19 15:47 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-19 15:47 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-19 15:47 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-19 15:47 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-14 01:27 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
    2012-06-14 01:27 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-06-14 01:27 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
    2012-06-14 01:27 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-14 01:27 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-05 20:57 . 2012-05-02 13:44 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-05 20:57 . 2011-05-17 15:26 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-05-04 23:29 . 2010-06-02 00:13 687504 ----a-w- c:\windows\system32\deployJava1.dll
    2012-04-04 19:56 . 2010-11-16 20:45 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-03 08:16 . 2012-05-10 18:10 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-04-03 08:16 . 2012-05-10 18:10 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{b80f591e-fe9a-46cf-a13e-180377240586}"= "c:\program files\Elf_1.13\prxtbElf0.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{b80f591e-fe9a-46cf-a13e-180377240586}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8769adce-dba5-48e9-afb5-67b12cdf2e61}]
    2012-05-18 19:44 85288 ----a-w- c:\program files\blekkotb_031\blekkotb_019X.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b80f591e-fe9a-46cf-a13e-180377240586}]
    2011-01-17 14:54 175912 ----a-w- c:\program files\Elf_1.13\prxtbElf0.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{b80f591e-fe9a-46cf-a13e-180377240586}"= "c:\program files\Elf_1.13\prxtbElf0.dll" [2011-01-17 175912]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
    "{8769adce-dba5-48e9-afb5-67b12cdf2e61}"= "c:\program files\blekkotb_031\blekkotb_019X.dll" [2012-05-18 85288]
    .
    [HKEY_CLASSES_ROOT\clsid\{b80f591e-fe9a-46cf-a13e-180377240586}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CLASSES_ROOT\clsid\{8769adce-dba5-48e9-afb5-67b12cdf2e61}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{B80F591E-FE9A-46CF-A13E-180377240586}"= "c:\program files\Elf_1.13\prxtbElf0.dll" [2011-01-17 175912]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{b80f591e-fe9a-46cf-a13e-180377240586}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-07 00:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-08 68856]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-20 3905408]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-11 6957600]
    "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
    "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-07 4241512]
    "BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-02 249600]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-08-08 30192]
    "LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-19 866824]
    "PLFSetI"="c:\windows\PLFSetI.exe" [2009-08-08 200704]
    "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-11 1833504]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-19 61440]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePower Management]
    2009-02-06 16:07 686624 ----a-w- c:\program files\Acer\Acer ePower Management\ePowerTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
    2007-11-26 18:21 3387392 ----a-w- c:\program files\Acer\Acer Registration\ACE1.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-02 15:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2012-03-08 22:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - KGLDAPOD
    *Deregistered* - kgldapod
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HsfXAudioService REG_MULTI_SZ HsfXAudioService
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 20:57]
    .
    2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 20:14]
    .
    2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 20:14]
    .
    2012-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2820552551-3219308499-3261675547-1000Core.job
    - c:\users\Phil\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-13 21:32]
    .
    2012-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2820552551-3219308499-3261675547-1000UA.job
    - c:\users\Phil\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-13 21:32]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.sympatico.ca/defaultf.aspx
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0809&m=aspire_5536
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Search Image on TinEye - file://c:\users\Phil\Documents\TinEye 1.0\TinEye.js
    TCP: DhcpNameServer = 192.168.2.1
    DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://elklake.viewnetcam.com:50000/SysCamInst.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    MSConfigStartUp-ArcadeDeluxeAgent - c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
    MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
    MSConfigStartUp-CLMLServer - c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
    MSConfigStartUp-PlayMovie - c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-06-29 19:29
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(5728)
    c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.dll
    .
    Completion time: 2012-06-29 19:31:48
    ComboFix-quarantined-files.txt 2012-06-29 23:31
    .
    Pre-Run: 114,822,848,512 bytes free
    Post-Run: 114,715,648,000 bytes free
    .
    - - End Of File - - E868E479E3E2576517EF9D7C42C58682
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,155
    Thanks for the log, do the following please:

    Step 1

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    KillAll::
    ClearJavaCache::
    Folder::
    c:\programdata\blekko toolbars
    c:\program files\Yontoo
    c:\program files\blekkotb_031
    c:\programdata\Tarma Installer
    c:\users\Phil\AppData\Local\blekkotb_031
    c:\program files\Elf_1.13
    c:\program files\ConduitEngine
    c:\program files\blekkotb_031
    File::
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{b80f591e-fe9a-46cf-a13e-180377240586}"=-
    [-HKEY_CLASSES_ROOT\clsid\{b80f591e-fe9a-46cf-a13e-180377240586}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8769adce-dba5-48e9-afb5-67b12cdf2e61}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b80f591e-fe9a-46cf-a13e-180377240586}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{b80f591e-fe9a-46cf-a13e-180377240586}"=-
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
    "{8769adce-dba5-48e9-afb5-67b12cdf2e61}"=-
    [-HKEY_CLASSES_ROOT\clsid\{b80f591e-fe9a-46cf-a13e-180377240586}]
    [-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    [-HKEY_CLASSES_ROOT\clsid\{8769adce-dba5-48e9-afb5-67b12cdf2e61}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{B80F591E-FE9A-46CF-A13E-180377240586}"=-
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
    RegLock::
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    
    Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Step 2

    Run ESET Online Scan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the [​IMG] button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    • Check [​IMG]
    • Click the [​IMG] button.
    • Accept any security warnings from your browser.
    • Check [​IMG]
    • Leave the tick out of remove found threats
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push [​IMG]
    • Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the [​IMG] button.
    • Push [​IMG]
    You can refer to this animation by neomage if needed.
    Frequently asked questions available Here Please read them before running the scan.

    Also be aware this scan can take several hours to complete depending on the size of your system.

    ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

    Let me see those two logs...

    Kevin
     
  7. SCAREFACE5

    SCAREFACE5 Thread Starter

    Joined:
    Jun 29, 2012
    Messages:
    14
    kevinf80
    will post your request as I need help from a friend. asap thanks for your help and patience.
     
  8. SCAREFACE5

    SCAREFACE5 Thread Starter

    Joined:
    Jun 29, 2012
    Messages:
    14
    Kevinf80
    I'm having trouble with ComboFix. I download it to Desktop ok.
    the script on notepad to desktop ok.
    When try to merge the following message appears;
    "THE directory name is invalid". C:\Users\Phil\Desktop\ComboFix.exe
    Both combo and script have same paths. Would appreciate your directives.
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,155
    When you copy the script to notepad did you save it as CFScript.txt also file type All Files If you did that the location has to be the same, both on the Desktop, but because the names are different it should work when you drag/drop the script into the Cat.... Check the name of the script....
     
  10. SCAREFACE5

    SCAREFACE5 Thread Starter

    Joined:
    Jun 29, 2012
    Messages:
    14
    Finally! a simple reboot did the trick.Here's the log,Eset will be coming up.

    ComboFix 12-06-28.03 - Phil 06/30/2012 15:17:38.3.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1951 [GMT -4:00]
    Running from: c:\users\Phil\Desktop\ComboFix.exe
    Command switches used :: c:\users\Phil\Desktop\CFScript.txt
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\blekkotb_031
    c:\program files\blekkotb_031\blekkotb_019.dll
    c:\program files\blekkotb_031\blekkotb_019X.dll
    c:\program files\blekkotb_031\chrome\content\custom.js
    c:\program files\blekkotb_031\chrome\content\lib\about.xml
    c:\program files\blekkotb_031\chrome\content\lib\dtxpanel.xul
    c:\program files\blekkotb_031\chrome\content\lib\dtxpaneltransparent.xul
    c:\program files\blekkotb_031\chrome\content\lib\dtxpanelwin.xul
    c:\program files\blekkotb_031\chrome\content\lib\dtxprefwin.xul
    c:\program files\blekkotb_031\chrome\content\lib\dtxtransparentwin.xul
    c:\program files\blekkotb_031\chrome\content\lib\dtxwin.xul
    c:\program files\blekkotb_031\chrome\content\lib\emailnotifierproviders.xml
    c:\program files\blekkotb_031\chrome\content\lib\external.js
    c:\program files\blekkotb_031\chrome\content\lib\neterror.xhtml
    c:\program files\blekkotb_031\chrome\content\lib\rsspreview.html
    c:\program files\blekkotb_031\chrome\content\lib\rsswin.xml
    c:\program files\blekkotb_031\chrome\content\lib\rsswin.xsl
    c:\program files\blekkotb_031\chrome\content\lib\vmncode.js
    c:\program files\blekkotb_031\chrome\content\lib\wmpstreamer.html
    c:\program files\blekkotb_031\chrome\content\modules\datastore.jsm
    c:\program files\blekkotb_031\chrome\content\modules\nsDragAndDrop.js
    c:\program files\blekkotb_031\chrome\content\neterror.xhtml
    c:\program files\blekkotb_031\chrome\content\newtab\images\btn_search.gif
    c:\program files\blekkotb_031\chrome\content\newtab\images\bullet.gif
    c:\program files\blekkotb_031\chrome\content\newtab\images\field_bg.gif
    c:\program files\blekkotb_031\chrome\content\newtab\images\powered_by_yahoo.gif
    c:\program files\blekkotb_031\chrome\content\newtab\newtab.html
    c:\program files\blekkotb_031\chrome\content\newtab\newtab_mystart.html
    c:\program files\blekkotb_031\chrome\content\newtab\newtab_yahoo.html
    c:\program files\blekkotb_031\chrome\content\preferences.xml
    c:\program files\blekkotb_031\chrome\content\sourceid.xml
    c:\program files\blekkotb_031\chrome\content\template.xml
    c:\program files\blekkotb_031\chrome\content\toolbar.htm
    c:\program files\blekkotb_031\chrome\content\toolbar.xul
    c:\program files\blekkotb_031\chrome\content\vmncode.js
    c:\program files\blekkotb_031\chrome\content\vmnrsswin.xml
    c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\css\dialog.css
    c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrow-grey.png
    c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrows_grey-left.gif
    c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrows_grey-right.gif
    c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\images\bg.gif
    c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\images\btn-search-over.png
    c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\images\btn-search.png
    c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\images\throbber.gif
    c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\index.html
    c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\css\dialog.css
    c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\1x1_transparent.png
    c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\bg.gif
    c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-search.png
    c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-wide-close-over.png
    c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-wide-close.png
    c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn_close_x.gif
    c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\default.png
    c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\transparent.gif
    c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-left.png
    c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-mdl.png
    c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-right-resize.png
    c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-right.png
    c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\main.html
    c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\scripts\defscript.js
    c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\tb_icon.png
    c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\widget.js
    c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\widget.xml
    c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\widget_version.txt
    c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.FacebookShortcut\tb_icon.ico
    c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.FacebookShortcut\tb_icon.png
    c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.FacebookShortcut\widget.js
    c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.FacebookShortcut\widget.xml
    c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.TwitterShortcut\tb_icon.ico
    c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.TwitterShortcut\tb_icon.png
    c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.TwitterShortcut\widget.js
    c:\program files\blekkotb_031\chrome\content\widgets\net.vmn.www.TwitterShortcut\widget.xml
    c:\program files\blekkotb_031\chrome\data\dynamicElements\vmntoolbar.xsl
    c:\program files\blekkotb_031\chrome\data\rss\rss.xml
    c:\program files\blekkotb_031\chrome\data\search\engines.xml
    c:\program files\blekkotb_031\chrome\data\search\search.xsl
    c:\program files\blekkotb_031\chrome\data\weather\icons.xml
    c:\program files\blekkotb_031\chrome\locale\lib\de.js
    c:\program files\blekkotb_031\chrome\locale\lib\en.js
    c:\program files\blekkotb_031\chrome\locale\lib\es.js
    c:\program files\blekkotb_031\chrome\locale\lib\fr.js
    c:\program files\blekkotb_031\chrome\locale\lib\it.js
    c:\program files\blekkotb_031\chrome\locale\locale.js
    c:\program files\blekkotb_031\chrome\skin\about.gif
    c:\program files\blekkotb_031\chrome\skin\about_logo.png
    c:\program files\blekkotb_031\chrome\skin\babylon_logo.png
    c:\program files\blekkotb_031\chrome\skin\blekko16.png
    c:\program files\blekkotb_031\chrome\skin\blogger.png
    c:\program files\blekkotb_031\chrome\skin\bluelite.gif
    c:\program files\blekkotb_031\chrome\skin\bluesky.gif
    c:\program files\blekkotb_031\chrome\skin\btn-search-over.png
    c:\program files\blekkotb_031\chrome\skin\btn-search.png
    c:\program files\blekkotb_031\chrome\skin\btn-settings-over.png
    c:\program files\blekkotb_031\chrome\skin\btn-settings.png
    c:\program files\blekkotb_031\chrome\skin\btn-widgets-over.png
    c:\program files\blekkotb_031\chrome\skin\btn-widgets.png
    c:\program files\blekkotb_031\chrome\skin\btn_settings.png
    c:\program files\blekkotb_031\chrome\skin\ca.png
    c:\program files\blekkotb_031\chrome\skin\coupons-hover.png
    c:\program files\blekkotb_031\chrome\skin\coupons.png
    c:\program files\blekkotb_031\chrome\skin\custom.css
    c:\program files\blekkotb_031\chrome\skin\dictionary.png
    c:\program files\blekkotb_031\chrome\skin\divider.png
    c:\program files\blekkotb_031\chrome\skin\downloadcom.png
    c:\program files\blekkotb_031\chrome\skin\dtxlogo.png
    c:\program files\blekkotb_031\chrome\skin\email.png
    c:\program files\blekkotb_031\chrome\skin\email_on.png
    c:\program files\blekkotb_031\chrome\skin\facebook-blekko-hover.png
    c:\program files\blekkotb_031\chrome\skin\facebook-blekko.png
    c:\program files\blekkotb_031\chrome\skin\facebook-hover.png
    c:\program files\blekkotb_031\chrome\skin\facebook.png
    c:\program files\blekkotb_031\chrome\skin\fb.png
    c:\program files\blekkotb_031\chrome\skin\games.png
    c:\program files\blekkotb_031\chrome\skin\google.png
    c:\program files\blekkotb_031\chrome\skin\graphna.png
    c:\program files\blekkotb_031\chrome\skin\graphred0.png
    c:\program files\blekkotb_031\chrome\skin\graphred0_5.png
    c:\program files\blekkotb_031\chrome\skin\graphred1.png
    c:\program files\blekkotb_031\chrome\skin\graphred1_5.png
    c:\program files\blekkotb_031\chrome\skin\graphred2.png
    c:\program files\blekkotb_031\chrome\skin\graphred2_5.png
    c:\program files\blekkotb_031\chrome\skin\graphred3.png
    c:\program files\blekkotb_031\chrome\skin\graphred3_5.png
    c:\program files\blekkotb_031\chrome\skin\graphred4.png
    c:\program files\blekkotb_031\chrome\skin\graphred4_5.png
    c:\program files\blekkotb_031\chrome\skin\graphred5.png
    c:\program files\blekkotb_031\chrome\skin\graphredna.png
    c:\program files\blekkotb_031\chrome\skin\grey.gif
    c:\program files\blekkotb_031\chrome\skin\ico-digg.png
    c:\program files\blekkotb_031\chrome\skin\ico-shield.png
    c:\program files\blekkotb_031\chrome\skin\images.png
    c:\program files\blekkotb_031\chrome\skin\lib\add.png
    c:\program files\blekkotb_031\chrome\skin\lib\alexabutton.css
    c:\program files\blekkotb_031\chrome\skin\lib\aol.png
    c:\program files\blekkotb_031\chrome\skin\lib\arrow-dn.gif
    c:\program files\blekkotb_031\chrome\skin\lib\arrow-right-disabled.gif
    c:\program files\blekkotb_031\chrome\skin\lib\arrow-right.gif
    c:\program files\blekkotb_031\chrome\skin\lib\arrow-up.gif
    c:\program files\blekkotb_031\chrome\skin\lib\bg-btn-divider.png
    c:\program files\blekkotb_031\chrome\skin\lib\bg-btn-end.png
    c:\program files\blekkotb_031\chrome\skin\lib\bg-btn-mdl.png
    c:\program files\blekkotb_031\chrome\skin\lib\bg-btn-mdl_ff.png
    c:\program files\blekkotb_031\chrome\skin\lib\bg-btn-start.png
    c:\program files\blekkotb_031\chrome\skin\lib\bg-btnover-divider.png
    c:\program files\blekkotb_031\chrome\skin\lib\bg-btnover-end.png
    c:\program files\blekkotb_031\chrome\skin\lib\bg-btnover-mdl.png
    c:\program files\blekkotb_031\chrome\skin\lib\bg-btnover-mdl_ff.png
    c:\program files\blekkotb_031\chrome\skin\lib\bg-btnover-start.png
    c:\program files\blekkotb_031\chrome\skin\lib\blank.gif
    c:\program files\blekkotb_031\chrome\skin\lib\btn-widgets-over.png
    c:\program files\blekkotb_031\chrome\skin\lib\btn-widgets.png
    c:\program files\blekkotb_031\chrome\skin\lib\btn_slider.png
    c:\program files\blekkotb_031\chrome\skin\lib\btnback-down-vista.png
    c:\program files\blekkotb_031\chrome\skin\lib\btnback-vista.png
    c:\program files\blekkotb_031\chrome\skin\lib\btnleft-down-vista.png
    c:\program files\blekkotb_031\chrome\skin\lib\btnleft-vista.png
    c:\program files\blekkotb_031\chrome\skin\lib\btnright-down-vista.png
    c:\program files\blekkotb_031\chrome\skin\lib\btnright-vista.png
    c:\program files\blekkotb_031\chrome\skin\lib\button-splitter-down-vista.png
    c:\program files\blekkotb_031\chrome\skin\lib\button-splitter-vista.png
    c:\program files\blekkotb_031\chrome\skin\lib\button-splitter.png
    c:\program files\blekkotb_031\chrome\skin\lib\checkmark.png
    c:\program files\blekkotb_031\chrome\skin\lib\chevron.png
    c:\program files\blekkotb_031\chrome\skin\lib\collapse.png
    c:\program files\blekkotb_031\chrome\skin\lib\comcast.png
    c:\program files\blekkotb_031\chrome\skin\lib\debugbar\debug.html
    c:\program files\blekkotb_031\chrome\skin\lib\dtx-test.css
    c:\program files\blekkotb_031\chrome\skin\lib\dtx.css
    c:\program files\blekkotb_031\chrome\skin\lib\edit-back-hot.png
    c:\program files\blekkotb_031\chrome\skin\lib\edit-back.png
    c:\program files\blekkotb_031\chrome\skin\lib\embarq.png
    c:\program files\blekkotb_031\chrome\skin\lib\expand.png
    c:\program files\blekkotb_031\chrome\skin\lib\fast.png
    c:\program files\blekkotb_031\chrome\skin\lib\found.png
    c:\program files\blekkotb_031\chrome\skin\lib\gmail.png
    c:\program files\blekkotb_031\chrome\skin\lib\gripper.png
    c:\program files\blekkotb_031\chrome\skin\lib\highlight.png
    c:\program files\blekkotb_031\chrome\skin\lib\highlight_blue.png
    c:\program files\blekkotb_031\chrome\skin\lib\highlight_cyan.png
    c:\program files\blekkotb_031\chrome\skin\lib\highlight_lime.png
    c:\program files\blekkotb_031\chrome\skin\lib\highlight_magenta.png
    c:\program files\blekkotb_031\chrome\skin\lib\highlight_yellow.png
    c:\program files\blekkotb_031\chrome\skin\lib\hotmail.png
    c:\program files\blekkotb_031\chrome\skin\lib\ico-check.png
    c:\program files\blekkotb_031\chrome\skin\lib\imap.png
    c:\program files\blekkotb_031\chrome\skin\lib\lastsearch-thumb-back.gif
    c:\program files\blekkotb_031\chrome\skin\lib\launchers.css
    c:\program files\blekkotb_031\chrome\skin\lib\loadingMid.gif
    c:\program files\blekkotb_031\chrome\skin\lib\lock.png
    c:\program files\blekkotb_031\chrome\skin\lib\logo-separator.png
    c:\program files\blekkotb_031\chrome\skin\lib\mailcom.png
    c:\program files\blekkotb_031\chrome\skin\lib\menu_bg-basic.png
    c:\program files\blekkotb_031\chrome\skin\lib\menu_separator_bar.png
    c:\program files\blekkotb_031\chrome\skin\lib\menu_separator_white.png
    c:\program files\blekkotb_031\chrome\skin\lib\menuitem-splitter.png
    c:\program files\blekkotb_031\chrome\skin\lib\menuitemback-down-vista.png
    c:\program files\blekkotb_031\chrome\skin\lib\menuitemback-vista.png
    c:\program files\blekkotb_031\chrome\skin\lib\menuitemleft-down-vista.png
    c:\program files\blekkotb_031\chrome\skin\lib\menuitemleft-vista.png
    c:\program files\blekkotb_031\chrome\skin\lib\menuitemleft.png
    c:\program files\blekkotb_031\chrome\skin\lib\menuitemright-down-vista.png
    c:\program files\blekkotb_031\chrome\skin\lib\menuitemright-vista.png
    c:\program files\blekkotb_031\chrome\skin\lib\minus.gif
    c:\program files\blekkotb_031\chrome\skin\lib\modify.png
    c:\program files\blekkotb_031\chrome\skin\lib\move.gif
    c:\program files\blekkotb_031\chrome\skin\lib\movetarget.png
    c:\program files\blekkotb_031\chrome\skin\lib\newsitem.gif
    c:\program files\blekkotb_031\chrome\skin\lib\panels\css\ie-only.css
    c:\program files\blekkotb_031\chrome\skin\lib\panels\css\ie7-only.css
    c:\program files\blekkotb_031\chrome\skin\lib\panels\css\panels.css
    c:\program files\blekkotb_031\chrome\skin\lib\panels\css\popupAbout.css
    c:\program files\blekkotb_031\chrome\skin\lib\panels\css\popupGames.css
    c:\program files\blekkotb_031\chrome\skin\lib\panels\css\popupRSS.css
    c:\program files\blekkotb_031\chrome\skin\lib\panels\css\popupWidgets.css
    c:\program files\blekkotb_031\chrome\skin\lib\panels\default\css\dialog.css
    c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\bg.gif
    c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\btn-close-over.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\btn-close.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\btn-search.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\btn-wide-close.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\default.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\footer-short-left.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\footer-short-middle.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\footer-short-right.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\tab-off-l.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\tab-off-r.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\tab-on-l.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\tab-on-r.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\titlebar-left.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\titlebar-middle.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\titlebar-right.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\transparent.gif
    c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\ttlbar-left.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\ttlbar-right.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\win-btm-left.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\win-btm-mdl.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\win-btm-right.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\win-left.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\default\images\win-right.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\default\main.html
    c:\program files\blekkotb_031\chrome\skin\lib\panels\default\scripts\defscript.js
    c:\program files\blekkotb_031\chrome\skin\lib\panels\footer.htm
    c:\program files\blekkotb_031\chrome\skin\lib\panels\gamecategory.xsl
    c:\program files\blekkotb_031\chrome\skin\lib\panels\gameData.js
    c:\program files\blekkotb_031\chrome\skin\lib\panels\gameList.xsl
    c:\program files\blekkotb_031\chrome\skin\lib\panels\games.xsl
    c:\program files\blekkotb_031\chrome\skin\lib\panels\gametype.xsl
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\.#btn-search-pnlbtm-over.png.1.1
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\.#btn-search-pnlbtm.png.1.1
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\ajax-loader.gif
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\apps-bg-gradient-grid.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\apps-hover.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\appsfeatured-bg-gradient-grid.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\arrow-dn.gif
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\arrow-down-white.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\arrow-left.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\arrow-right.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\arrow-sml-drop.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\arrow-sml.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\arrow-up.gif
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\arrowr-bluew5.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\bg-aboutbox.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\bg-btnover.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\bg-pnl520x390.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\bg-scrollbar-thumb-y.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\bg-scrollbar-track-y.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\bg-scrollbar-trackend-y.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-add-over.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-add.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-back.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-close-grey-over.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-close-grey.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-close-greyover.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-close-over.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-close.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-dark-left22-over.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-dark-left22.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-dark-middle22-over.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-dark-middle22.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-dark-right22-over.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-dark-right22.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-drag.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-install.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-launch-over.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-launch.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-mdl-over.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-mdl.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-moredetails.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-next-over.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-next.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-play-left-over.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-play-left.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-previous-over.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-previous.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-right-over.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-try-left-over.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\btn-try-left.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\bullet-orange.gif
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\categories-bg-gradient-grid.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\featured-bg-btm-gradient.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\footer-short-left.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\footer-short-middle.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\footer-short-right.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\gamethumb-on.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\gamethumb2-over.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\glass.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\ico-box-next.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\ico-calendar.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\ico-dollar.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\ico-download.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\ico-info-over.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\ico-info.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\ico-joystick24.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\ico-news24.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\ico-play.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\ico-pref-over.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\ico-pref.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\ico-tags.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\ico-user-monitor.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\icon-Add.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\icon-download.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\icon-Info.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\icon-play.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\icon-shop.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\left-menu-hover.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\menul-bgon.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\menul-bgover.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\panel-botm-noscroll.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\scroll-bg-206.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\scroll-bg.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\scroll-topwin.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\scrollb-disable.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\scrollb-down.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\scrollb-over.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\scrollb.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\scrollt-disable.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\scrollt-down.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\scrollt-over.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\scrollt.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\searchbox.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\shadow-leftmenu.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\sortby_bg.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\sprite.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\star.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\star_blank.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\star_x_grey.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\star_x_orange.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\throbber.gif
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\titlebar-left.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\titlebar-middle.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\titlebar-right.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\topbar-inside-gradient.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\TRUSTe_about.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\view-detailed-on.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\view-detailed-over.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\view-thumb-on.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\view-thumb-over.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\widgets-square-16px.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\widgets-square-24px.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\widgets.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\win-bottom-middleglow.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\win-left-bottomglow.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\win-left-middleglow.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\win-left-topglow.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\win-right-bottomglow.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\win-right-middleglow.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\win-right-topglow.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\images\win-top-middleglow.png
    c:\program files\blekkotb_031\chrome\skin\lib\panels\initHTML.html
    c:\program files\blekkotb_031\chrome\skin\lib\panels\js\default.js
    c:\program files\blekkotb_031\chrome\skin\lib\panels\js\jquery-ui.js
    c:\program files\blekkotb_031\chrome\skin\lib\panels\js\jquery.js
    c:\program files\blekkotb_031\chrome\skin\lib\panels\js\jquery.tinyscrollbar.js
    c:\program files\blekkotb_031\chrome\skin\lib\panels\js\jquery.tinyscrollbar.min.js
    c:\program files\blekkotb_031\chrome\skin\lib\panels\js\jquery.url.js
    c:\program files\blekkotb_031\chrome\skin\lib\panels\js\kendo.all.min.js
    c:\program files\blekkotb_031\chrome\skin\lib\panels\popupGames.html
    c:\program files\blekkotb_031\chrome\skin\lib\panels\popupHTML.html
    c:\program files\blekkotb_031\chrome\skin\lib\panels\popupRSS.html
    c:\program files\blekkotb_031\chrome\skin\lib\panels\popupWidgets.html
    c:\program files\blekkotb_031\chrome\skin\lib\panels\scroll.png
    c:\program files\blekkotb_031\chrome\skin\lib\plus.gif
    c:\program files\blekkotb_031\chrome\skin\lib\pop.png
    c:\program files\blekkotb_031\chrome\skin\lib\radio.png
    c:\program files\blekkotb_031\chrome\skin\lib\radio\css\manager.css
    c:\program files\blekkotb_031\chrome\skin\lib\radio\css\slider.css
    c:\program files\blekkotb_031\chrome\skin\lib\radio\images\bg-pnl.png
    c:\program files\blekkotb_031\chrome\skin\lib\radio\images\btn-close-grey.png
    c:\program files\blekkotb_031\chrome\skin\lib\radio\images\btn-close-greyover.png
    c:\program files\blekkotb_031\chrome\skin\lib\radio\images\collapsed_button.gif
    c:\program files\blekkotb_031\chrome\skin\lib\radio\images\expanded_button.gif
    c:\program files\blekkotb_031\chrome\skin\lib\radio\images\ico-playstation-down.png
    c:\program files\blekkotb_031\chrome\skin\lib\radio\images\ico-playstation-over.png
    c:\program files\blekkotb_031\chrome\skin\lib\radio\images\ico-playstation.png
    c:\program files\blekkotb_031\chrome\skin\lib\radio\images\ico-radio.png
    c:\program files\blekkotb_031\chrome\skin\lib\radio\images\music-note.png
    c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-btn-pause-on.png
    c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-btn-pause.png
    c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-btn-play-on.png
    c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-btn-play.png
    c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-eq-bg.png
    c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-eq-buffer.gif
    c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-eq-busy.gif
    c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-eq-off.png
    c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-eq-on.gif
    c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-eq-warning.png
    c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-options-design-on.png
    c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-options-design.png
    c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-options-on.png
    c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-options.png
    c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-volume-0.png
    c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-volume-1.png
    c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-volume-2.png
    c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-volume-3.png
    c:\program files\blekkotb_031\chrome\skin\lib\radio\images\radio-volume-mute.png
    c:\program files\blekkotb_031\chrome\skin\lib\radio\images\scrollbar-handle.png
    c:\program files\blekkotb_031\chrome\skin\lib\radio\images\scrollbar-track.png
    c:\program files\blekkotb_031\chrome\skin\lib\radio\images\slider.png
    c:\program files\blekkotb_031\chrome\skin\lib\radio\images\slideron.png
    c:\program files\blekkotb_031\chrome\skin\lib\radio\images\track.png
    c:\program files\blekkotb_031\chrome\skin\lib\radio\managerpanel.html
    c:\program files\blekkotb_031\chrome\skin\lib\radio\volumeslider.html
    c:\program files\blekkotb_031\chrome\skin\lib\rank0.png
    c:\program files\blekkotb_031\chrome\skin\lib\rank0_5.png
    c:\program files\blekkotb_031\chrome\skin\lib\rank1.png
    c:\program files\blekkotb_031\chrome\skin\lib\rank1_5.png
    c:\program files\blekkotb_031\chrome\skin\lib\rank2.png
    c:\program files\blekkotb_031\chrome\skin\lib\rank2_5.png
    c:\program files\blekkotb_031\chrome\skin\lib\rank3.png
    c:\program files\blekkotb_031\chrome\skin\lib\rank3_5.png
    c:\program files\blekkotb_031\chrome\skin\lib\rank4.png
    c:\program files\blekkotb_031\chrome\skin\lib\rank4_5.png
    c:\program files\blekkotb_031\chrome\skin\lib\rank5.png
    c:\program files\blekkotb_031\chrome\skin\lib\rankna.png
    c:\program files\blekkotb_031\chrome\skin\lib\reload.png
    c:\program files\blekkotb_031\chrome\skin\lib\remove.png
    c:\program files\blekkotb_031\chrome\skin\lib\rename.gif
    c:\program files\blekkotb_031\chrome\skin\lib\resize-box.gif
    c:\program files\blekkotb_031\chrome\skin\lib\rss.png
    c:\program files\blekkotb_031\chrome\skin\lib\rsschannelback.png
    c:\program files\blekkotb_031\chrome\skin\lib\RSSLogo.png
    c:\program files\blekkotb_031\chrome\skin\lib\rsstabdivider.gif
    c:\program files\blekkotb_031\chrome\skin\lib\scroll-left.png
    c:\program files\blekkotb_031\chrome\skin\lib\scroll-right.png
    c:\program files\blekkotb_031\chrome\skin\lib\search-go.png
    c:\program files\blekkotb_031\chrome\skin\lib\search.png
    c:\program files\blekkotb_031\chrome\skin\lib\separator.png
    c:\program files\blekkotb_031\chrome\skin\lib\text-ellipsis.xml
    c:\program files\blekkotb_031\chrome\skin\lib\throbber.gif
    c:\program files\blekkotb_031\chrome\skin\lib\toolbarsplitter.gif
    c:\program files\blekkotb_031\chrome\skin\lib\transparent_1px.gif
    c:\program files\blekkotb_031\chrome\skin\lib\uwa\border_02.png
    c:\program files\blekkotb_031\chrome\skin\lib\uwa\border_03.png
    c:\program files\blekkotb_031\chrome\skin\lib\uwa\border_04.png
    c:\program files\blekkotb_031\chrome\skin\lib\uwa\border_06.png
    c:\program files\blekkotb_031\chrome\skin\lib\uwa\border_07.png
    c:\program files\blekkotb_031\chrome\skin\lib\uwa\border_08.png
    c:\program files\blekkotb_031\chrome\skin\lib\uwa\border_09.png
    c:\program files\blekkotb_031\chrome\skin\lib\uwa\border_10.png
    c:\program files\blekkotb_031\chrome\skin\lib\uwa\border_11.png
    c:\program files\blekkotb_031\chrome\skin\lib\uwa\border_12.png
    c:\program files\blekkotb_031\chrome\skin\lib\uwa\border_13.png
    c:\program files\blekkotb_031\chrome\skin\lib\uwa\border_14.png
    c:\program files\blekkotb_031\chrome\skin\lib\uwa\border_15.png
    c:\program files\blekkotb_031\chrome\skin\lib\uwa\border_16.png
    c:\program files\blekkotb_031\chrome\skin\lib\uwa\border_18.png
    c:\program files\blekkotb_031\chrome\skin\lib\uwa\border_19.png
    c:\program files\blekkotb_031\chrome\skin\lib\uwa\border_20.png
    c:\program files\blekkotb_031\chrome\skin\lib\uwa\border_21.png
    c:\program files\blekkotb_031\chrome\skin\lib\uwa\btn-close-grey.png
    c:\program files\blekkotb_031\chrome\skin\lib\uwa\btn-close-greyover.png
    c:\program files\blekkotb_031\chrome\skin\lib\uwa\close-hot.png
    c:\program files\blekkotb_031\chrome\skin\lib\uwa\close-normal.png
    c:\program files\blekkotb_031\chrome\skin\lib\uwa\loadingMid.gif
    c:\program files\blekkotb_031\chrome\skin\lib\uwa\paneltemplate.html
    c:\program files\blekkotb_031\chrome\skin\lib\uwa\proxy.html
    c:\program files\blekkotb_031\chrome\skin\lib\uwa\template.html
    c:\program files\blekkotb_031\chrome\skin\lib\uwa\template.xml
    c:\program files\blekkotb_031\chrome\skin\lib\uwa\templateFF.html
    c:\program files\blekkotb_031\chrome\skin\lib\uwa\throbber.gif
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton.css
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\icons\cond999.png
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\icons\icons.xml
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\icons\na-s.png
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\icons\na-t.png
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\icons\na.png
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\icons\weather.png
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\add.png
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\box-check.png
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\popupWeather.css
    c:\program files\blekkotb_031\chrome\skin\lib\weatherbutton\panels\popupWeather.html
    c:\program files\blekkotb_031\chrome\skin\lib\websiteinspector-highrisk-user.gif
    c:\program files\blekkotb_031\chrome\skin\lib\websiteinspector-highrisk.gif
    c:\program files\blekkotb_031\chrome\skin\lib\websiteinspector-lowrisk.gif
    c:\program files\blekkotb_031\chrome\skin\lib\websiteinspector-norating.gif
    c:\program files\blekkotb_031\chrome\skin\lib\websiteinspector-verified-user.gif
    c:\program files\blekkotb_031\chrome\skin\lib\websiteinspector-verified.gif
    c:\program files\blekkotb_031\chrome\skin\lib\websiteinspector-verifying.gif
    c:\program files\blekkotb_031\chrome\skin\lib\yahoo.png
    c:\program files\blekkotb_031\chrome\skin\lichen.gif
    c:\program files\blekkotb_031\chrome\skin\local-deals-hover.png
    c:\program files\blekkotb_031\chrome\skin\local-deals.png
    c:\program files\blekkotb_031\chrome\skin\logo-about.png
    c:\program files\blekkotb_031\chrome\skin\logo-over.png
    c:\program files\blekkotb_031\chrome\skin\logo-separator.png
    c:\program files\blekkotb_031\chrome\skin\logo.png
    c:\program files\blekkotb_031\chrome\skin\mail-blekko-hover.png
    c:\program files\blekkotb_031\chrome\skin\mail-blekko-new-hover.png
    c:\program files\blekkotb_031\chrome\skin\mail-blekko-new.png
    c:\program files\blekkotb_031\chrome\skin\mail-blekko.png
    c:\program files\blekkotb_031\chrome\skin\mail-hover.png
    c:\program files\blekkotb_031\chrome\skin\mail.png
    c:\program files\blekkotb_031\chrome\skin\menuseparatorback.gif
    c:\program files\blekkotb_031\chrome\skin\modify-save.png
    c:\program files\blekkotb_031\chrome\skin\modify.png
    c:\program files\blekkotb_031\chrome\skin\modifyhot.png
    c:\program files\blekkotb_031\chrome\skin\music.png
    c:\program files\blekkotb_031\chrome\skin\myspace.png
    c:\program files\blekkotb_031\chrome\skin\namespacetoolbar.css
    c:\program files\blekkotb_031\chrome\skin\news.png
    c:\program files\blekkotb_031\chrome\skin\options-main.png
    c:\program files\blekkotb_031\chrome\skin\options-search.png
    c:\program files\blekkotb_031\chrome\skin\options\options-main.png
    c:\program files\blekkotb_031\chrome\skin\options\options-search.png
    c:\program files\blekkotb_031\chrome\skin\options\options-weather.gif
    c:\program files\blekkotb_031\chrome\skin\options\options-weather.png
    c:\program files\blekkotb_031\chrome\skin\options\options-widgets.png
    c:\program files\blekkotb_031\chrome\skin\orange.gif
    c:\program files\blekkotb_031\chrome\skin\p_yahoo.png
    c:\program files\blekkotb_031\chrome\skin\pixsy.png
    c:\program files\blekkotb_031\chrome\skin\ppcbully.png
    c:\program files\blekkotb_031\chrome\skin\protect-id.png
    c:\program files\blekkotb_031\chrome\skin\relatedlinks.png
    c:\program files\blekkotb_031\chrome\skin\rss-collapse.png
    c:\program files\blekkotb_031\chrome\skin\rss-delete.png
    c:\program files\blekkotb_031\chrome\skin\rss-expand.png
    c:\program files\blekkotb_031\chrome\skin\rss-feed.png
    c:\program files\blekkotb_031\chrome\skin\rss-folder-remove.png
    c:\program files\blekkotb_031\chrome\skin\rss-folder-rename.png
    c:\program files\blekkotb_031\chrome\skin\rss-folder.png
    c:\program files\blekkotb_031\chrome\skin\rss-found.png
    c:\program files\blekkotb_031\chrome\skin\rss-reload.png
    c:\program files\blekkotb_031\chrome\skin\rss-subscribe.png
    c:\program files\blekkotb_031\chrome\skin\rss.png
    c:\program files\blekkotb_031\chrome\skin\rssback.gif
    c:\program files\blekkotb_031\chrome\skin\rsstopback.gif
    c:\program files\blekkotb_031\chrome\skin\search-over.png
    c:\program files\blekkotb_031\chrome\skin\search.png
    c:\program files\blekkotb_031\chrome\skin\searchbar\searchbar-background-left.png
    c:\program files\blekkotb_031\chrome\skin\searchbar\searchbar-background-middle.png
    c:\program files\blekkotb_031\chrome\skin\searchbar\searchbar-background-right.png
    c:\program files\blekkotb_031\chrome\skin\settings.png
    c:\program files\blekkotb_031\chrome\skin\shopping.png
    c:\program files\blekkotb_031\chrome\skin\siteinfo.png
    c:\program files\blekkotb_031\chrome\skin\skin-bluelite.png
    c:\program files\blekkotb_031\chrome\skin\skin-bluesky.png
    c:\program files\blekkotb_031\chrome\skin\skin-grey.png
    c:\program files\blekkotb_031\chrome\skin\skin-lichen.png
    c:\program files\blekkotb_031\chrome\skin\skin-orange.png
    c:\program files\blekkotb_031\chrome\skin\skin-yellow.png
    c:\program files\blekkotb_031\chrome\skin\skin.xml
    c:\program files\blekkotb_031\chrome\skin\social_delicious.png
    c:\program files\blekkotb_031\chrome\skin\social_stumbleupon.png
    c:\program files\blekkotb_031\chrome\skin\technorati.png
    c:\program files\blekkotb_031\chrome\skin\throbber.gif
    c:\program files\blekkotb_031\chrome\skin\toolbarsplitter.png
    c:\program files\blekkotb_031\chrome\skin\translate.png
    c:\program files\blekkotb_031\chrome\skin\TRUSTe_about.png
    c:\program files\blekkotb_031\chrome\skin\twitter-blekko-hover.png
    c:\program files\blekkotb_031\chrome\skin\twitter-blekko.png
    c:\program files\blekkotb_031\chrome\skin\twitter-hover.png
    c:\program files\blekkotb_031\chrome\skin\twitter.png
    c:\program files\blekkotb_031\chrome\skin\vmn.css
    c:\program files\blekkotb_031\chrome\skin\vmn.png
    c:\program files\blekkotb_031\chrome\skin\web.png
    c:\program files\blekkotb_031\chrome\skin\websearch.png
    c:\program files\blekkotb_031\chrome\skin\wikipedia.png
    c:\program files\blekkotb_031\chrome\skin\yahoosearch.png
    c:\program files\blekkotb_031\chrome\skin\yellow.gif
    c:\program files\blekkotb_031\chrome\skin\youtube.png
    c:\program files\blekkotb_031\chrome\skin\zoom.png
    c:\program files\blekkotb_031\components\windowmediator.js
    c:\program files\blekkotb_031\dtuser.exe
    c:\program files\blekkotb_031\install.ico
    c:\program files\blekkotb_031\manifest.xml
    c:\program files\blekkotb_031\search.ico
    c:\program files\blekkotb_031\toolbar.xml
    c:\program files\blekkotb_031\uninstall.exe
    c:\program files\ConduitEngine
    c:\program files\ConduitEngine\appContextMenu.xml
    c:\program files\ConduitEngine\ConduitEngine.dll
    c:\program files\ConduitEngine\ConduitEngineHelper.exe
    c:\program files\ConduitEngine\ConduitEngineUninstall.exe
    c:\program files\ConduitEngine\engineContextMenu.xml
    c:\program files\ConduitEngine\EngineSettings.json
    c:\program files\ConduitEngine\INSTALL.LOG
    c:\program files\ConduitEngine\prxConduitEngine.dll
    c:\program files\ConduitEngine\toolbar.cfg
    c:\program files\Elf_1.13
    c:\program files\Elf_1.13\Elf_1.13ToolbarHelper.exe
    c:\program files\Elf_1.13\Elf_1.13ToolbarHelper1.exe
    c:\program files\Elf_1.13\GottenAppsContextMenu.xml
    c:\program files\Elf_1.13\INSTALL.LOG
    c:\program files\Elf_1.13\OtherAppsContextMenu.xml
    c:\program files\Elf_1.13\prxtbElf0.dll
    c:\program files\Elf_1.13\SharedAppsContextMenu.xml
    c:\program files\Elf_1.13\tbElf_.dll
    c:\program files\Elf_1.13\tbElf0.dll
    c:\program files\Elf_1.13\tbElf1.dll
    c:\program files\Elf_1.13\toolbar.cfg
    c:\program files\Elf_1.13\ToolbarContextMenu.xml
    c:\program files\Elf_1.13\uninstall.exe
    c:\program files\Elf_1.13\UNWISE.EXE
    c:\program files\Yontoo
    c:\program files\Yontoo\YontooIEClient.dll
    c:\programdata\blekko toolbars
    c:\programdata\blekko toolbars\toolbar.txt
    c:\programdata\Tarma Installer
    c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
    c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
    c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
    c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
    c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
    c:\programdata\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setup.dll
    c:\programdata\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll
    c:\programdata\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Setup.dat
    c:\programdata\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Setup.exe
    c:\programdata\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Setup.ico
    c:\users\Phil\AppData\Local\blekkotb_031
    c:\users\Phil\AppData\Local\blekkotb_031\catalog.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628115534-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628115534-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628120050-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628120050-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628122611-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628122611-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628132743-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628132743-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628135836-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628135836-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628150004-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628150004-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628153049-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628153049-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628160148-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628160148-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628162053-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628162053-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628164007-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628164007-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628170010-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628170010-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628170323-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628170323-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628172022-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628172022-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628180451-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628180451-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628182046-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628182046-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628183543-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628183543-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628185032-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628185032-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628190003-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628190003-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628190624-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628190624-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628192011-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628192011-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628193721-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628193721-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628194036-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628194036-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628200039-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628200039-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628200803-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628200803-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628202049-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628202049-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628203901-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628203901-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628204011-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628204011-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628210012-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628210012-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628210943-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628210943-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628212022-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628212022-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628214040-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628214040-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628215631-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628215631-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628220049-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628220049-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628221123-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628221123-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628222056-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628222056-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628224008-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628224008-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628224216-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628224216-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120628234400-f.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629000055-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629000055-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629001439-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629001439-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629002002-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629002002-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629004017-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629004017-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629010020-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629010020-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629011611-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629011611-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629014041-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629014041-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629014702-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629014702-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629020051-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629020051-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629021745-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629021745-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629024001-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629024001-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629024833-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629024833-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629030009-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629030009-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629031907-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629031907-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629032015-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629032015-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629034020-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629034020-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629040026-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629040026-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629042033-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629042033-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629044050-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629044050-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629045129-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629045129-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629050057-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629050057-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629051957-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629051957-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629052206-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629052206-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629054007-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629054007-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629060021-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629060021-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629062024-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629062024-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629062339-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629062339-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629063931-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629063931-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629064040-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629064040-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629070054-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629070054-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629072059-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629072059-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629072513-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629072513-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629074007-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629074007-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629075051-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629075051-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629080021-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629080021-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629081155-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629081155-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629082024-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629082024-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629082647-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629082647-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629084034-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629084034-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629085739-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629085739-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629090053-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629090053-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629092008-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629092008-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629092834-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629092834-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629094013-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629094013-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629094323-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629094323-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629100036-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629100036-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629102045-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629102045-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629103015-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629103015-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629104051-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629104051-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629110002-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629110002-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629110108-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629110108-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629112009-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629112009-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629113147-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629113147-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629114013-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629114013-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629120238-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629120238-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629121727-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629121727-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629123321-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629123321-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629130414-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629130414-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629140535-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629140535-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629143611-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629143611-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629145112-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629145112-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629150709-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629150709-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629160839-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629160839-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629163916-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629163916-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629171002-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629171002-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629174041-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629174041-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629181121-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629181121-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629191243-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629191243-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629211519-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629211519-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629220052-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629220052-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629221645-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629221645-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629223032-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629223032-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629223135-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629223135-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629224728-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629224728-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629230022-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629230022-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629231817-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629231817-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629232028-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629232028-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629234028-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629234028-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629234855-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120629234855-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630001016-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630001016-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630001946-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630001946-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630003023-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630003023-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630004054-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630004054-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630005027-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630005027-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630010009-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630010009-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630012008-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630012008-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630012115-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630012115-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630020958-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630020958-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630022237-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630022237-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630025320-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630025320-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630030046-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630030046-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630032357-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630032357-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630035021-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630035021-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630035442-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630035442-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630042521-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630042521-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630045042-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630045042-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630045611-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630045611-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630052029-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630052029-m.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\120630052650-l.list
    c:\users\Phil\AppData\Local\blekkotb_031\data\temp.zip.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-30 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-30 19:29 . 2012-06-30 19:29 -------- d-----w- c:\users\Phil\AppData\Local\blekkotb_031
    2012-06-30 19:28 . 2012-06-30 19:29 -------- d-----w- c:\users\Phil\AppData\Local\temp
    2012-06-30 19:28 . 2012-06-30 19:28 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-06-29 15:45 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{55F3D795-0AAC-42A9-A429-74DA165954C0}\mpengine.dll
    2012-06-27 13:52 . 2012-06-27 13:52 -------- d-----w- c:\program files\Common Files\Java
    2012-06-27 13:47 . 2012-06-27 13:47 -------- d-----w- c:\program files\Oracle
    2012-06-27 13:46 . 2012-05-04 23:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-06-26 15:52 . 2012-06-26 15:52 -------- d-----w- c:\users\Phil\AppData\Roaming\Canneverbe Limited
    2012-06-26 15:52 . 2012-06-26 15:52 -------- d-----w- c:\programdata\Canneverbe Limited
    2012-06-26 15:51 . 2012-06-26 15:52 -------- d-----w- c:\program files\CDBurnerXP
    2012-06-25 17:49 . 2012-06-25 17:49 -------- d-----w- c:\users\Phil\AppData\Roaming\dvdcss
    2012-06-25 17:32 . 2012-06-25 17:32 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
    2012-06-19 15:48 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-19 15:48 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-19 15:48 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-19 15:48 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-19 15:47 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-19 15:47 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-19 15:47 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-19 15:47 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-19 15:47 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-14 01:27 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
    2012-06-14 01:27 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-06-14 01:27 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
    2012-06-14 01:27 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-14 01:27 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-05 20:57 . 2012-05-02 13:44 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-05 20:57 . 2011-05-17 15:26 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-05-04 23:29 . 2010-06-02 00:13 687504 ----a-w- c:\windows\system32\deployJava1.dll
    2012-04-04 19:56 . 2010-11-16 20:45 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-03 08:16 . 2012-05-10 18:10 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-04-03 08:16 . 2012-05-10 18:10 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-07 00:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-08 68856]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-20 3905408]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-11 6957600]
    "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
    "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-07 4241512]
    "BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-02 249600]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-08-08 30192]
    "LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-19 866824]
    "PLFSetI"="c:\windows\PLFSetI.exe" [2009-08-08 200704]
    "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-11 1833504]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-19 61440]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePower Management]
    2009-02-06 16:07 686624 ----a-w- c:\program files\Acer\Acer ePower Management\ePowerTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
    2007-11-26 18:21 3387392 ----a-w- c:\program files\Acer\Acer Registration\ACE1.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-02 15:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2012-03-08 22:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HsfXAudioService REG_MULTI_SZ HsfXAudioService
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 20:57]
    .
    2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 20:14]
    .
    2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 20:14]
    .
    2012-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2820552551-3219308499-3261675547-1000Core.job
    - c:\users\Phil\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-13 21:32]
    .
    2012-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2820552551-3219308499-3261675547-1000UA.job
    - c:\users\Phil\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-13 21:32]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.sympatico.ca/defaultf.aspx
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0809&m=aspire_5536
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Search Image on TinEye - file://c:\users\Phil\Documents\TinEye 1.0\TinEye.js
    TCP: DhcpNameServer = 192.168.2.1
    DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - hxxp://elklake.viewnetcam.com:50000/SysCamInst.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-blekkotb_031 - c:\program files\blekkotb_031\uninstall.exe
    AddRemove-conduitEngine - c:\program files\ConduitEngine\ConduitEngineUninstall.exe
    AddRemove-Elf_1.13 Toolbar - c:\program files\Elf_1.13\uninstall.exe
    AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\progra~2\TARMAI~1\{889DF~1\Setup.exe
    .
    .
    .
    **************************************************************************
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files:
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(3148)
    c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.dll
    c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\program files\Acer\Acer ePower Management\ePowerSvc.exe
    c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\TeamViewer\Version6\TeamViewer_Service.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\users\Phil\AppData\Local\Temp\RtkBtMnt.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    .
    **************************************************************************
    .
    Completion time: 2012-06-30 15:35:52 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-06-30 19:35
    ComboFix2.txt 2012-06-30 15:24
    ComboFix3.txt 2012-06-29 23:31
    .
    Pre-Run: 114,642,599,936 bytes free
    Post-Run: 114,583,891,968 bytes free
    .
    - - End Of File - - 3753187302FA28EFE1EBF4643993242F
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,155
    Ok post ESET log when you`re ready...
     
  12. SCAREFACE5

    SCAREFACE5 Thread Starter

    Joined:
    Jun 29, 2012
    Messages:
    14
    here is the ESET log:

    C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM41.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
    C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM44.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
    C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM63.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\Yontoo\YontooIEClient.dll.vir a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
    C:\Users\Phil\Downloads\cnet2_SetupImgBurn_2_5_7_0_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
     
  13. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,155
    Please download OTM by OldTimer.

    Alternative Mirror 1
    Alternative Mirror 2

    Save it to your desktop.

    Double click OTM.exe to start the tool. Vista or Windows 7 users accept UAC alert. Be aware all processes will stopped during run, also Desktop will disappear, this will be put back on completion....
    • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :Files
      ipconfig /flushdns /c
      c:\users\Phil\AppData\Local\blekkotb_031
      :Commands
      [ClearAllRestorePoints]
      [EmptyTemp]
      [resethosts]
      
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red [​IMG] button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    If the machine reboots, the Results log can be found here:

    c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss is the date of the tool run.

    Let me see that log, tell how your system is responding also if any issues/concerns remain..

    Kevin
     
  14. SCAREFACE5

    SCAREFACE5 Thread Starter

    Joined:
    Jun 29, 2012
    Messages:
    14
    Avast warned of a blocked rootkit as soon as I clicked on the link "Please download OTM by Oldtimer"here is the warning : Infection Details
    URL: "http://oldtimer.geekstogo.com/OTM.exe"
    Process: "C:\Program Files\Internet Explorer\iexp...
    Infection: "Win32:Rootkit-gen [Rtk]"
     
  15. SCAREFACE5

    SCAREFACE5 Thread Starter

    Joined:
    Jun 29, 2012
    Messages:
    14
    Kevin here is the OTM log

    All processes killed
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Phil\Downloads\cmd.bat deleted successfully.
    C:\Users\Phil\Downloads\cmd.txt deleted successfully.
    c:\users\Phil\AppData\Local\blekkotb_031\data folder moved successfully.
    c:\users\Phil\AppData\Local\blekkotb_031 folder moved successfully.
    ========== COMMANDS ==========

    Restore point Set: OTM Restore Point

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 75 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Phil
    ->Temp folder emptied: 757401 bytes
    ->Temporary Internet Files folder emptied: 41119237 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 7295159 bytes
    ->Flash cache emptied: 57986 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 53248 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 3114885 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 50.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTM by OldTimer - Version 3.1.19.0 log created on 06302012_194253
    Files moved on Reboot...
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
    Registry entries deleted on Reboot...
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1059053