Jump to content


Photo
- - - - -

Malware.Packer.Gen & Trojan.Agent are not removed


  • This topic is locked This topic is locked
13 replies to this topic

#1 rdy4trvl

rdy4trvl

    New Member

  • Members
  • Pip
  • 8 posts

Posted 09 April 2012 - 11:40 PM

After running Malwarebytes, removing the malicious software and restarting the problem item reappears. I'm not sure but it seems to add one set of Malware.Packer.Gen and Trojan.Agent each time the computer starts.

There are no apparent operating issues - computer seems (!!!) to be running fine (and probably sending all my data to some hacker in a foreign land....or to the neighbor next door).

Any Suggestions?

Malwarebytes returns these two lines after a full analysis:
Malware.Packer.Gen C:\........Temp\_MEI20163\IPHLPAPI.DLL
Trojan.Agent C:\........Temp\_MEI20163\kernel32.dll

DDS and Attach files are attached.
Thanks

Attached Files



#2 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,379 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 10 April 2012 - 10:36 AM

Hello rdy4trvl! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

I want to see the log file, so proceed with the next step, but is very important those and every step after to be executed in Normal mode, not in Safe Mode.

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#3 rdy4trvl

rdy4trvl

    New Member

  • Members
  • Pip
  • 8 posts

Posted 10 April 2012 - 12:04 PM

The infection continues. DDS and Log are pasted below.
Thanks again for your assistance.

DDS:
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Doug at 9:59:45 on 2012-04-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.1645 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\PROGRA~1\WinTV\TVServer\HAUPPA~1.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\isuspm.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\V0230Mon.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\DisplayFusion\DisplayFusion.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe
C:\Program Files\Schwab\StreetSmart Edge\QuickLaunch.exe
C:\Documents and Settings\Doug\Application Data\BTLive\BTLive.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Schwab\StreetSmart Edge\SSEdge.exe
C:\Program Files\Texter\texter.exe
C:\Documents and Settings\Doug\Application Data\BTLive\BTLive.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\FOXIT READER.EXE
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://blekko.com?source=c3348dd4&tbp=homepage&toolbarid=blekkotb&u=2012033132B64C498B125D11813D8C71
uSearch Page = hxxp://www.google.com
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Updater For Spam Free Search Bar: {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - c:\program files\blekkotb\auxi\blekkoAu.dll
BHO: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - c:\program files\blekkotb\blekkoDx.dll
BHO: bxNewFolder: {51c8bca8-2524-4523-bf09-738c4eebfc58} - c:\progra~1\bxnewf~1\BXNEWF~1.DLL
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
BHO: Do Not Track Plus: {6e45f3e8-2683-4824-a6be-08108022fb36} - c:\program files\donottrackplus\ScriptHost.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\documents and settings\all users\application data\wecarereminder\IEHelperv2.5.0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: @c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
TB: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - c:\program files\blekkotb\blekkoDx.dll
uRun: [Google Update] "c:\documents and settings\doug\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe"
uRun: [DriverMax]
uRun: [DriverMax_RESTART]
uRun: [CursorFX] "c:\program files\stardock\cursorfx\CursorFX.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Eye-Fi] "c:\program files\eye-fi\helper\EyeFiHelper.exe"
uRun: [QuickLaunch] c:\program files\schwab\streetsmart edge\QuickLaunch.exe
uRun: [BTLive] c:\documents and settings\doug\application data\btlive\BTLive.exe
uRun: [Gadwin PrintScreen] c:\program files\gadwin systems\printscreen\PrintScreen.exe /nosplash
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [ISUSPM] c:\documents and settings\all users\application data\flexnet\connect\11\\isuspm.exe -scheduler
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [V0230Mon.exe] c:\windows\V0230Mon.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [PPort9reminder] "c:\program files\scansoft\paperport\webereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\9\config\ereg.ini"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Anti-phishing Domain Advisor] "c:\documents and settings\all users\application data\anti-phishing domain advisor\visicom_antiphishing.exe"
StartupFolder: c:\docume~1\doug\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\docume~1\doug\startm~1\programs\startup\google~1.lnk - c:\documents and settings\doug\local settings\application data\google\chrome\application\chrome.exe
StartupFolder: c:\docume~1\doug\startm~1\programs\startup\street~1.lnk - c:\program files\schwab\streetsmart edge\SSEdge.exe
StartupFolder: c:\docume~1\doug\startm~1\programs\startup\texter.lnk - c:\program files\texter\texter.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Open with PDF Viewer 7 - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {6E45F3E8-2683-4824-A6BE-08108022FB36} - {23249465-AA46-4DED-BD4B-8EFB20F968FE} - c:\program files\donottrackplus\ScriptHost.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{16150EFA-70A3-4B53-A838-A00B76325BEC} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\doug\application data\mozilla\firefox\profiles\m6wpu69h.default\
FF - prefs.js: browser.search.selectedEngine - Blekko
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=3&src=sp&cf=d155aae0-432c-11e1-87cf-00219b1372e1&q=
FF - plugin: c:\documents and settings\doug\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\doug\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\doug\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nuance\pdf viewer plus\bin\nppdf.dll
.
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2012-2-29 50312]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2012-2-29 43784]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-10-22 14776]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2012-2-29 16008]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2012-2-29 185864]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\bluestacks\HD-Hypervisor-x86.sys [2012-3-28 66912]
R2 EaseUS Agent;EaseUS Agent;c:\program files\easeus\todo backup\bin\Agent.exe [2012-2-29 61064]
R2 Guard Agent;Guard Agent;c:\program files\easeus\todo backup\bin\GuardAgent.exe [2012-2-29 23176]
R2 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\wintv\tvserver\HAUPPA~1.EXE [2011-10-22 602624]
R3 cpuz135;cpuz135;\??\c:\windows\temp\cpuz135\cpuz135_x32.sys --> c:\windows\temp\cpuz135\cpuz135_x32.sys [?]
R3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\drivers\hcw72ADFilter.sys [2011-10-22 28928]
R3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\drivers\hcw72ATV.sys [2011-10-22 1217920]
R3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\drivers\hcw72DTV.sys [2011-10-22 1220224]
R3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [2006-3-24 6272]
R3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [2006-9-29 500480]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S0 cerc6;cerc6; [x]
S0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2012-3-23 51144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2012-3-20 571936]
S3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\bluestacks\HD-Service.exe [2012-3-28 401760]
S3 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\bluestacks\HD-LogRotatorService.exe [2012-3-28 385376]
S3 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cpuz134;cpuz134;c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys [2011-10-22 20328]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-10-22 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-10-22 8456]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-10-22 30192]
.
=============== Created Last 30 ================
.
2012-04-09 03:46:54 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-04-09 03:46:54 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-04-02 04:47:53 -------- d-----w- C:\4-1-2012
2012-03-31 00:17:17 -------- d-----w- C:\VMS
2012-03-31 00:06:32 -------- d-----w- c:\documents and settings\doug\local settings\application data\blekkotb
2012-03-31 00:06:32 -------- d-----w- c:\documents and settings\all users\application data\Anti-phishing Domain Advisor
2012-03-31 00:06:24 -------- d-----w- c:\documents and settings\doug\application data\blekkotb
2012-03-31 00:06:23 -------- d-----w- c:\program files\blekkotb
2012-03-30 03:56:29 -------- d-----w- c:\windows\pss
2012-03-30 02:40:25 -------- d-----w- c:\windows\system32\LogFiles
2012-03-30 02:35:42 -------- d-----w- c:\program files\BlueStacks
2012-03-30 02:35:42 -------- d-----w- c:\documents and settings\all users\application data\BlueStacks
2012-03-30 02:03:28 -------- d-----w- c:\documents and settings\doug\local settings\application data\BlueStacksSetup
2012-03-30 02:03:27 -------- d-----w- c:\documents and settings\doug\local settings\application data\BlueStacks
2012-03-29 17:58:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-29 17:58:27 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2012-03-26 21:11:39 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-03-26 21:03:05 -------- d-----w- c:\documents and settings\doug\local settings\application data\APN
2012-03-26 21:02:45 -------- d-----w- c:\documents and settings\all users\application data\Avira
2012-03-23 14:16:59 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-03-23 14:16:53 -------- d-----w- c:\program files\Soluto
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
.
==================== Find3M ====================
.
2012-03-29 17:57:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-08 17:00:24 60304 ----a-w- c:\documents and settings\doug\g2mdlhlpx.exe
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-23 15:19:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
.
============= FINISH: 10:00:12.59 ===============

Log
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.08.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Doug :: DOUG-7C388E4B75 [administrator]

4/10/2012 8:44:47 AM
mbam-log-2012-04-10 (08-44-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202676
Time elapsed: 10 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Documents and Settings\Doug\Local Settings\Temp\_MEI21442\IPHLPAPI.DLL (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Doug\Local Settings\Temp\_MEI21442\kernel32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Doug\Local Settings\Temp\_MEI28682\IPHLPAPI.DLL (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Doug\Local Settings\Temp\_MEI28682\kernel32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

#4 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,379 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 10 April 2012 - 01:43 PM

Please strictly follow my instructions. Your database is still out-of-date:

Database version: v2012.04.08.01


My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#5 rdy4trvl

rdy4trvl

    New Member

  • Members
  • Pip
  • 8 posts

Posted 10 April 2012 - 07:29 PM

Sorry, second try with updated db version. LOG and DDS follows:

LOG

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.10.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Doug :: DOUG-7C388E4B75 [administrator]

4/10/2012 12:11:49 PM
mbam-log-2012-04-10 (12-11-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203036
Time elapsed: 10 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\Doug\Local Settings\Temp\_MEI5922\IPHLPAPI.DLL (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Doug\Local Settings\Temp\_MEI5922\kernel32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Doug at 17:24:40 on 2012-04-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.1934 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Soluto\soluto.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\PROGRA~1\WinTV\TVServer\HAUPPA~1.EXE
C:\Program Files\Soluto\SolutoService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\isuspm.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\V0230Mon.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\DisplayFusion\DisplayFusion.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe
C:\Program Files\Schwab\StreetSmart Edge\QuickLaunch.exe
C:\Documents and Settings\Doug\Application Data\BTLive\BTLive.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Schwab\StreetSmart Edge\SSEdge.exe
C:\Program Files\Texter\texter.exe
C:\Documents and Settings\Doug\Application Data\BTLive\BTLive.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://blekko.com?source=c3348dd4&tbp=homepage&toolbarid=blekkotb&u=2012033132B64C498B125D11813D8C71
uSearch Page = hxxp://www.google.com
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Updater For Spam Free Search Bar: {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - c:\program files\blekkotb\auxi\blekkoAu.dll
BHO: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - c:\program files\blekkotb\blekkoDx.dll
BHO: bxNewFolder: {51c8bca8-2524-4523-bf09-738c4eebfc58} - c:\progra~1\bxnewf~1\BXNEWF~1.DLL
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
BHO: Do Not Track Plus: {6e45f3e8-2683-4824-a6be-08108022fb36} - c:\program files\donottrackplus\ScriptHost.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\documents and settings\all users\application data\wecarereminder\IEHelperv2.5.0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: @c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
TB: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - c:\program files\blekkotb\blekkoDx.dll
uRun: [Google Update] "c:\documents and settings\doug\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe"
uRun: [DriverMax]
uRun: [DriverMax_RESTART]
uRun: [CursorFX] "c:\program files\stardock\cursorfx\CursorFX.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Eye-Fi] "c:\program files\eye-fi\helper\EyeFiHelper.exe"
uRun: [QuickLaunch] c:\program files\schwab\streetsmart edge\QuickLaunch.exe
uRun: [BTLive] c:\documents and settings\doug\application data\btlive\BTLive.exe
uRun: [Gadwin PrintScreen] c:\program files\gadwin systems\printscreen\PrintScreen.exe /nosplash
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [ISUSPM] c:\documents and settings\all users\application data\flexnet\connect\11\\isuspm.exe -scheduler
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [V0230Mon.exe] c:\windows\V0230Mon.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [PPort9reminder] "c:\program files\scansoft\paperport\webereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\9\config\ereg.ini"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Anti-phishing Domain Advisor] "c:\documents and settings\all users\application data\anti-phishing domain advisor\visicom_antiphishing.exe"
StartupFolder: c:\docume~1\doug\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\docume~1\doug\startm~1\programs\startup\google~1.lnk - c:\documents and settings\doug\local settings\application data\google\chrome\application\chrome.exe
StartupFolder: c:\docume~1\doug\startm~1\programs\startup\street~1.lnk - c:\program files\schwab\streetsmart edge\SSEdge.exe
StartupFolder: c:\docume~1\doug\startm~1\programs\startup\texter.lnk - c:\program files\texter\texter.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Open with PDF Viewer 7 - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {6E45F3E8-2683-4824-A6BE-08108022FB36} - {23249465-AA46-4DED-BD4B-8EFB20F968FE} - c:\program files\donottrackplus\ScriptHost.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{16150EFA-70A3-4B53-A838-A00B76325BEC} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\doug\application data\mozilla\firefox\profiles\m6wpu69h.default\
FF - prefs.js: browser.search.selectedEngine - Blekko
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=3&src=sp&cf=d155aae0-432c-11e1-87cf-00219b1372e1&q=
FF - plugin: c:\documents and settings\doug\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\doug\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\doug\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nuance\pdf viewer plus\bin\nppdf.dll
.
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2012-2-29 50312]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2012-2-29 43784]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-10-22 14776]
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2012-3-23 51144]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2012-2-29 16008]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2012-2-29 185864]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\bluestacks\HD-Hypervisor-x86.sys [2012-3-28 66912]
R2 EaseUS Agent;EaseUS Agent;c:\program files\easeus\todo backup\bin\Agent.exe [2012-2-29 61064]
R2 Guard Agent;Guard Agent;c:\program files\easeus\todo backup\bin\GuardAgent.exe [2012-2-29 23176]
R2 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\wintv\tvserver\HAUPPA~1.EXE [2011-10-22 602624]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2012-3-20 571936]
R3 cpuz135;cpuz135;\??\c:\windows\temp\cpuz135\cpuz135_x32.sys --> c:\windows\temp\cpuz135\cpuz135_x32.sys [?]
R3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\drivers\hcw72ADFilter.sys [2011-10-22 28928]
R3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\drivers\hcw72ATV.sys [2011-10-22 1217920]
R3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\drivers\hcw72DTV.sys [2011-10-22 1220224]
R3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [2006-3-24 6272]
R3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [2006-9-29 500480]
S0 cerc6;cerc6; [x]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\bluestacks\HD-Service.exe [2012-3-28 401760]
S3 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\bluestacks\HD-LogRotatorService.exe [2012-3-28 385376]
S3 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cpuz134;cpuz134;c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys [2011-10-22 20328]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-10-22 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-10-22 8456]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-10-22 30192]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-10 40776]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-04-10 19:11:05 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-09 03:46:54 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-04-09 03:46:54 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-04-02 04:47:53 -------- d-----w- C:\4-1-2012
2012-03-31 00:17:17 -------- d-----w- C:\VMS
2012-03-31 00:06:32 -------- d-----w- c:\documents and settings\doug\local settings\application data\blekkotb
2012-03-31 00:06:32 -------- d-----w- c:\documents and settings\all users\application data\Anti-phishing Domain Advisor
2012-03-31 00:06:24 -------- d-----w- c:\documents and settings\doug\application data\blekkotb
2012-03-31 00:06:23 -------- d-----w- c:\program files\blekkotb
2012-03-30 03:56:29 -------- d-----w- c:\windows\pss
2012-03-30 02:40:25 -------- d-----w- c:\windows\system32\LogFiles
2012-03-30 02:35:42 -------- d-----w- c:\program files\BlueStacks
2012-03-30 02:35:42 -------- d-----w- c:\documents and settings\all users\application data\BlueStacks
2012-03-30 02:03:28 -------- d-----w- c:\documents and settings\doug\local settings\application data\BlueStacksSetup
2012-03-30 02:03:27 -------- d-----w- c:\documents and settings\doug\local settings\application data\BlueStacks
2012-03-29 17:58:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-29 17:58:27 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2012-03-26 21:11:39 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-03-26 21:03:05 -------- d-----w- c:\documents and settings\doug\local settings\application data\APN
2012-03-26 21:02:45 -------- d-----w- c:\documents and settings\all users\application data\Avira
2012-03-23 14:16:59 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-03-23 14:16:53 -------- d-----w- c:\program files\Soluto
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
.
==================== Find3M ====================
.
2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 17:57:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-08 17:00:24 60304 ----a-w- c:\documents and settings\doug\g2mdlhlpx.exe
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-23 15:19:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 17:28:53.12 ===============

#6 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,379 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 11 April 2012 - 01:41 AM

Step 1

Please uninstall the following applications:

BitTorrent Live - It is against our policy. Take a look here

StartSearch Toolbar 1.3


Step 2

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#7 rdy4trvl

rdy4trvl

    New Member

  • Members
  • Pip
  • 8 posts

Posted 11 April 2012 - 10:27 AM

Details of ComboFix follow. The program did ask that no programs start after it rebooted. I have two programs that start with each reboot - Google Chrome and a program called StreetSmartEdge....plus, probably plenty behind the scenes. I'm unsure if they had any impact. Thanks again for your assistance.


ComboFix 12-04-11.03 - Doug 04/11/2012 8:05.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2369 [GMT -7:00]
Running from: c:\documents and settings\Doug\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}\Setup.ico
c:\documents and settings\All Users\Application Data\Tarma Installer\{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}\TsuDll.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Doug\g2mdlhlpx.exe
c:\windows\system32\ccrpTmr6.dll
c:\windows\system32\SET104.tmp
c:\windows\system32\SET10E.tmp
c:\windows\system32\SET116.tmp
c:\windows\system32\SET129.tmp
c:\windows\system32\SET143.tmp
c:\windows\system32\SET150.tmp
c:\windows\system32\SET197.tmp
c:\windows\system32\SET1A8.tmp
c:\windows\system32\SETB3.tmp
c:\windows\system32\SETBB.tmp
c:\windows\system32\SETC1.tmp
c:\windows\system32\SETEF.tmp
c:\windows\system32\SETFD.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-03-11 to 2012-04-11 )))))))))))))))))))))))))))))))
.
.
2012-04-09 03:46 . 2012-04-09 03:46 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-04-09 03:46 . 2012-04-09 03:46 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-04-02 04:47 . 2012-04-02 04:55 -------- d-----w- C:\4-1-2012
2012-03-31 00:17 . 2012-03-31 00:17 -------- d-----w- C:\VMS
2012-03-31 00:16 . 2012-03-31 00:19 -------- d-----w- c:\documents and settings\VMS
2012-03-31 00:06 . 2012-04-11 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor
2012-03-31 00:06 . 2012-03-31 00:06 -------- d-----w- c:\documents and settings\Doug\Local Settings\Application Data\blekkotb
2012-03-31 00:06 . 2012-04-02 20:47 -------- d-----w- c:\documents and settings\Doug\Application Data\blekkotb
2012-03-31 00:06 . 2012-03-31 00:06 -------- d-----w- c:\program files\blekkotb
2012-03-30 02:40 . 2012-03-30 02:40 -------- d-----w- c:\windows\system32\LogFiles
2012-03-30 02:35 . 2012-03-30 02:35 -------- d-----w- c:\program files\BlueStacks
2012-03-30 02:35 . 2012-03-30 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\BlueStacks
2012-03-30 02:03 . 2012-04-01 21:32 -------- d-----w- c:\documents and settings\Doug\Local Settings\Application Data\BlueStacks
2012-03-29 17:58 . 2012-03-29 17:58 -------- d-----w- c:\program files\Common Files\Java
2012-03-29 17:58 . 2012-03-29 17:57 476904 ----a-w- c:\program files\Mozilla Firefox\Plugins\npdeployJava1.dll
2012-03-29 17:58 . 2012-03-29 17:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-28 18:44 . 2012-03-28 18:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2012-03-26 21:11 . 2012-03-26 21:11 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-03-26 21:03 . 2012-03-26 21:03 -------- d-----w- c:\documents and settings\Doug\Local Settings\Application Data\APN
2012-03-26 21:02 . 2012-03-30 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2012-03-23 14:16 . 2012-03-20 18:52 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-03-23 14:16 . 2012-03-23 14:17 -------- d-----w- c:\program files\Soluto
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-20 19:59 . 2012-03-20 19:59 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 22:56 . 2011-10-23 05:19 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 17:57 . 2011-10-23 05:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-03 09:22 . 2008-04-14 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2011-10-23 04:53 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-23 15:19 . 2011-10-23 05:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-09 03:46 . 2011-10-23 05:19 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-10-23 05:21 . 2011-10-23 05:21 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6}]
2012-01-17 19:28 262312 ----a-w- c:\program files\blekkotb\auxi\blekkoAu.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]
2012-01-17 19:28 86696 ----a-w- c:\program files\blekkotb\blekkoDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{26c9e18c-3717-4be1-a225-04e4471f5b6e}"= "c:\program files\blekkotb\blekkoDx.dll" [2012-01-17 86696]
.
[HKEY_CLASSES_ROOT\clsid\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 03:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 03:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 03:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DisplayFusion"="c:\program files\DisplayFusion\DisplayFusion.exe" [2011-10-03 2456992]
"CursorFX"="c:\program files\Stardock\CursorFX\CursorFX.exe" [2010-03-23 417280]
"Eye-Fi"="c:\program files\Eye-Fi\Helper\EyeFiHelper.exe" [2011-12-22 3961464]
"QuickLaunch"="c:\program files\Schwab\StreetSmart Edge\QuickLaunch.exe" [2012-01-19 12288]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2011-05-03 487424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\\isuspm.exe" [2010-05-21 324976]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RTHDCPL"="RTHDCPL.EXE" [2007-12-20 16860672]
"V0230Mon.exe"="c:\windows\V0230Mon.exe" [2006-09-07 32768]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"PPort9reminder"="c:\program files\ScanSoft\PaperPort\WebEreg\Ereg.exe" [2003-01-27 729088]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-01-17 232616]
.
c:\documents and settings\Doug\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112]
Google Chrome 9-10-11.lnk - c:\documents and settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe [2011-12-18 1224176]
StreetSmart Edge.lnk - c:\program files\Schwab\StreetSmart Edge\SSEdge.exe [2011-10-23 75776]
Texter.lnk - c:\program files\Texter\texter.exe [2007-11-6 377303]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 15:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]
2011-12-26 21:06 743560 ----a-w- c:\program files\EASEUS\Todo Backup\bin\TrayNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]
2011-12-23 07:09 70792 ----a-w- c:\program files\EASEUS\Todo Backup\bin\EuWatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2011-10-23 05:21 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 09:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2003-02-27 10:40 40960 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 08:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2003-02-27 10:12 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFProHook]
2011-07-01 08:07 607592 ----a-w- c:\program files\Nuance\PDF Viewer Plus\PdfPro7Hook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 16:20 17151624 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\WinTV\\WinTV7\\WinTV7.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\OpenPhotoBooth\\opb_gui.exe"=
"c:\\Program Files\\Eye-Fi\\Helper\\EyeFiHelper.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Documents and Settings\\Doug\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\EASEUS\\Todo Backup\\bin\\Agent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=
"c:\\Program Files\\Soluto\\SolutoService.exe"=
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2/29/2012 6:41 PM 50312]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2/29/2012 6:41 PM 43784]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [10/22/2011 10:22 PM 14776]
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [3/23/2012 7:16 AM 51144]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2/29/2012 6:41 PM 16008]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2/29/2012 6:41 PM 185864]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [3/28/2012 9:21 PM 66912]
R2 EaseUS Agent;EaseUS Agent;c:\program files\EASEUS\Todo Backup\bin\Agent.exe [2/29/2012 6:39 PM 61064]
R2 Guard Agent;Guard Agent;c:\program files\EASEUS\Todo Backup\bin\GuardAgent.exe [2/29/2012 6:39 PM 23176]
R2 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\WinTV\TVServer\HAUPPA~1.EXE [10/22/2011 10:28 PM 602624]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [3/20/2012 12:08 PM 571936]
R3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\drivers\hcw72ADFilter.sys [10/22/2011 10:25 PM 28928]
R3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\drivers\hcw72ATV.sys [10/22/2011 10:24 PM 1217920]
R3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\drivers\hcw72DTV.sys [10/22/2011 10:24 PM 1220224]
R3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [3/24/2006 2:00 AM 6272]
R3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [9/29/2006 2:01 AM 500480]
S0 cerc6;cerc6; [x]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/29/2012 9:16 AM 158856]
S3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe [3/28/2012 9:21 PM 401760]
S3 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [3/28/2012 9:21 PM 385376]
S3 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [10/22/2011 10:33 PM 20328]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [10/22/2011 10:27 PM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [10/22/2011 10:27 PM 8456]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/22/2011 10:21 PM 30192]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-08 c:\windows\Tasks\AdobeAAMUpdater-1.0-DOUG-7C388E4B75-Doug.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-12-30 01:42]
.
2012-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-04-10 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 04:12]
.
2012-04-11 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 04:12]
.
2012-04-11 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 04:12]
.
2012-04-10 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 04:12]
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-343818398-1801674531-1003Core.job
- c:\documents and settings\Doug\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-23 04:49]
.
2012-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-343818398-1801674531-1003UA.job
- c:\documents and settings\Doug\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-23 04:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://blekko.com?source=c3348dd4&tbp=homepage&toolbarid=blekkotb&u=2012033132B64C498B125D11813D8C71
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Open with PDF Viewer 7 - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\Doug\Application Data\Mozilla\Firefox\Profiles\m6wpu69h.default\
FF - prefs.js: browser.search.selectedEngine - Blekko
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=3&src=sp&cf=d155aae0-432c-11e1-87cf-00219b1372e1&q=
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-DriverMax - (no file)
HKCU-Run-DriverMax_RESTART - (no file)
HKCU-Run-BTLive - c:\documents and settings\Doug\Application Data\BTLive\BTLive.exe
AddRemove-{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{52357~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-11 08:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(768)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1976)
c:\windows\system32\WININET.dll
c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\program files\DisplayFusion\Hooks\AppHookx86_E9464B29-24CC-4807-9B39-7F16C319BC61.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\program files\Stardock\CursorFX\CurXP0.dll
c:\windows\system32\webcheck.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\FolderSize\FolderSizeSvc.exe
c:\progra~1\WinTV\TVServer\CAPTUR~4.EXE
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\isuspm.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\cli.exe
.
**************************************************************************
.
Completion time: 2012-04-11 08:19:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-11 15:19
.
Pre-Run: 105,221,828,608 bytes free
Post-Run: 117,649,440,768 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 84142643B8FB21786CD22C4E6D3E2698

#8 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,379 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 11 April 2012 - 01:52 PM

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb
c:\documents and settings\Doug\Application Data\blekkotb
c:\program files\blekkotb

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]
[-HKEY_CLASSES_ROOT\clsid\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{26c9e18c-3717-4be1-a225-04e4471f5b6e}"=-

FireFox::
FF - ProfilePath - c:\documents and settings\Doug\Application Data\Mozilla\Firefox\Profiles\m6wpu69h.default\
FF - prefs.js: browser.search.selectedEngine - Blekko
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=3&src=sp&cf=d155aae0-432c-11e1-87cf-00219b1372e1&q=

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#9 rdy4trvl

rdy4trvl

    New Member

  • Members
  • Pip
  • 8 posts

Posted 12 April 2012 - 07:33 PM

Ok, here's the next Log - in two pieces...it was too long: Thanks



ComboFix 12-04-11.03 - Doug 04/12/2012 14:05:55.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2369 [GMT -7:00]
Running from: c:\documents and settings\Doug\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Doug\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}\Setup.ico
c:\documents and settings\All Users\Application Data\Tarma Installer\{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}\TsuDll.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Doug\Application Data\blekkotb
c:\documents and settings\Doug\Application Data\blekkotb\coupons\blekkotb.json
c:\documents and settings\Doug\Application Data\blekkotb\coupons\merchants.json
c:\documents and settings\Doug\Application Data\blekkotb\dtx.ini
c:\documents and settings\Doug\Application Data\blekkotb\geodata.xml
c:\documents and settings\Doug\Application Data\blekkotb\guid.dat
c:\documents and settings\Doug\Application Data\blekkotb\log.txt
c:\documents and settings\Doug\Application Data\blekkotb\messages\64475d64e98bc63d6f54679ea109f6a0
c:\documents and settings\Doug\Application Data\blekkotb\messages\messageTypes.xml
c:\documents and settings\Doug\Application Data\blekkotb\messages\state.xml
c:\documents and settings\Doug\Application Data\blekkotb\preferences.dat
c:\documents and settings\Doug\Application Data\blekkotb\stats.dat
c:\documents and settings\Doug\Application Data\blekkotb\uninstallIE.dat
c:\documents and settings\Doug\Application Data\blekkotb\version.xml
c:\documents and settings\Doug\Application Data\blekkotb\weather\45b17b5330bdad94b56b6eb39a076fd6
c:\documents and settings\Doug\Application Data\blekkotb\weather\50e1282863ff8eb0f0860eb8a2da0692
c:\documents and settings\Doug\Application Data\blekkotb\weather\forecasts_cache.xml
c:\documents and settings\Doug\Application Data\blekkotb\weather\observations_cache.xml
c:\documents and settings\Doug\Application Data\blekkotb\weatherbutton_prefs.xml
c:\documents and settings\Doug\Application Data\blekkotb\widgets_cache\050b22171ac09ad2f000d8688d701103
c:\documents and settings\Doug\Application Data\blekkotb\widgets_cache\category_cache.xml
c:\documents and settings\Doug\Application Data\blekkotb\widgets_cache\cea2db778b5e373ffb40fcdd5e8909c4
c:\documents and settings\Doug\Application Data\blekkotb\widgets_cache\widget_cache.xml
c:\documents and settings\Doug\g2mdlhlpx.exe
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\catalog.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408122029-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408122029-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408124030-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408124030-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408124445-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408124445-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408131524-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408131524-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408132043-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408132043-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408141637-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408141637-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408144054-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408144054-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408151752-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408151752-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408152106-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408152106-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408154115-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408154115-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408161844-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408161844-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408164939-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408164939-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408172017-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408172017-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408174029-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408174029-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408182107-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408182107-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408182212-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408182212-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408184113-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408184113-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408192225-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408192225-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408192333-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408192333-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408202459-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408202459-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408212614-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408212614-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408214102-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408214102-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408215651-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408215651-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408222109-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408222109-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408224115-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408224115-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408225807-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408225807-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408234023-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408234023-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408235924-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408235924-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409003004-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409003004-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409004041-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409004041-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409010046-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409010046-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409020210-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409020210-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409023257-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409023257-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409030337-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409030337-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409033418-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409033418-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409040503-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409040503-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409042056-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409042056-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409044102-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409044102-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409050104-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409050104-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409050622-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409050622-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409052113-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409052113-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409054117-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409054117-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409060740-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409060740-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409063056-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409063056-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409064028-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409064028-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409070855-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409070855-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409073934-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409073934-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409080120-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409080120-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409080948-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409080948-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409082024-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409082024-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409084028-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409084028-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409091103-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409091103-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409092036-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409092036-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409100046-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409100046-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409101118-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409101118-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409101227-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409101227-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409102056-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409102056-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409104201-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409104201-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409104309-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409104309-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409110107-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409110107-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409111349-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409111349-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409114323-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409114323-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409114430-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409114430-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409121402-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409121402-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409121509-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409121509-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409122029-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409122029-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409124030-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409124030-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409124445-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409124445-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409131630-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409131630-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409141747-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409141747-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409142103-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409142103-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409144103-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409144103-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409144828-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409144828-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409151909-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409151909-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409162032-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409162032-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409164039-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409164039-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409172048-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409172048-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409172153-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409172153-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409174012-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409174012-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409182019-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409182019-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409182333-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409182333-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409184032-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409184032-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409185313-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409185313-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409185420-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409185420-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409192508-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409192508-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409194104-f.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409195552-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409195552-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409202012-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409202012-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409202530-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409202530-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409202637-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409202637-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409205614-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409205614-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409205722-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409205722-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409212803-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409212803-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409214046-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409214046-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409215740-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409215740-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409215847-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409215847-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409222103-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409222103-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409224007-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409224007-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409230011-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409230011-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409233056-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409233056-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409234029-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409234029-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410000138-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410000138-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410003219-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410003219-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410004050-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410004050-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410010259-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410010259-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410013344-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410013344-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410020426-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410020426-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410030549-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410030549-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410031007-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410031007-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410040707-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410040707-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410043025-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410043025-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410050829-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410050829-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410055051-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410055051-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410060953-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410060953-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410062031-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410062031-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410064038-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410064038-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410071124-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410071124-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410074208-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410074208-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410080041-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410080041-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410081115-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410081115-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410081222-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410081222-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410084154-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410084154-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410084302-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410084302-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410091342-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410091342-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410094423-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410094423-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410101500-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410101500-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410104434-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410104434-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410104541-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410104541-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410111621-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410111621-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410114701-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410114701-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410121742-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410121742-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410124823-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410124823-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410131903-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410131903-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410142022-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410142022-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410152139-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410152139-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410155223-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410155223-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410162304-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410162304-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410165346-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410165346-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410172428-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410172428-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410182445-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410182445-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410182552-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410182552-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410185635-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410185635-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410192645-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410192645-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410202806-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410202806-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410205849-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410205849-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410212933-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410212933-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410215947-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410215947-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410223016-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410223016-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410233157-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410233157-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411003321-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411003321-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411010402-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411010402-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411013443-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411013443-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411020527-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411020527-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411023610-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411023610-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411030652-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411030652-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411033735-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411033735-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411040818-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411040818-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411042102-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411042102-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411050938-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411050938-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411054020-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411054020-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411061101-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411061101-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411064146-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411064146-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411071229-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411071229-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411182234-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411182234-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411205320-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411205320-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120412114803-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120412114803-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120412163247-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120412163247-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120412164636-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120412164636-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120412171713-l.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120412171713-m.list
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\temp.zip
c:\program files\blekkotb
c:\program files\blekkotb\auxi\blekkoAu.dll
c:\program files\blekkotb\auxi\config.xml
c:\program files\blekkotb\blekkoDx.dll
c:\program files\blekkotb\blekkotb.dll
c:\program files\blekkotb\chrome\content\custom.js
c:\program files\blekkotb\chrome\content\lib\about.xml
c:\program files\blekkotb\chrome\content\lib\dtxpanel.xul
c:\program files\blekkotb\chrome\content\lib\dtxpaneltransparent.xul
c:\program files\blekkotb\chrome\content\lib\dtxpanelwin.xul
c:\program files\blekkotb\chrome\content\lib\dtxprefwin.xul
c:\program files\blekkotb\chrome\content\lib\dtxtransparentwin.xul
c:\program files\blekkotb\chrome\content\lib\dtxwin.xul
c:\program files\blekkotb\chrome\content\lib\emailnotifierproviders.xml
c:\program files\blekkotb\chrome\content\lib\external.js
c:\program files\blekkotb\chrome\content\lib\neterror.xhtml
c:\program files\blekkotb\chrome\content\lib\rsspreview.html
c:\program files\blekkotb\chrome\content\lib\rsswin.xml
c:\program files\blekkotb\chrome\content\lib\rsswin.xsl
c:\program files\blekkotb\chrome\content\modules\datastore.jsm
c:\program files\blekkotb\chrome\content\modules\nsDragAndDrop.js
c:\program files\blekkotb\chrome\content\newtab\images\btn_search.gif
c:\program files\blekkotb\chrome\content\newtab\images\bullet.gif
c:\program files\blekkotb\chrome\content\newtab\images\field_bg.gif
c:\program files\blekkotb\chrome\content\newtab\images\powered_by_yahoo.gif
c:\program files\blekkotb\chrome\content\newtab\newtab.html
c:\program files\blekkotb\chrome\content\preferences.xml
c:\program files\blekkotb\chrome\content\toolbar.htm
c:\program files\blekkotb\chrome\content\toolbar.xul
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\css\dialog.css
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrow-grey.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrows_grey-left.gif
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrows_grey-right.gif
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\bg.gif
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\btn-search-over.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\btn-search.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\throbber.gif
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\index.html
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\css\dialog.css
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\1x1_transparent.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\bg.gif
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-search.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-wide-close-over.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-wide-close.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn_close_x.gif
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\default.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\transparent.gif
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-left.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-mdl.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-right-resize.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-right.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\main.html
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\scripts\defscript.js
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\tb_icon.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\widget.js
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\widget.xml
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\widget_version.txt
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\.project
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\alert_coupon.css
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-next-off.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-next.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-previous-off.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-previous.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\bg-coupon-blue.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\bg-save.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\blank_image.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\border-radius.htc
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-getcoupon.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-next-blue.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-previous-blue.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-wide-close-over.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-wide-close.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\checked.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\coupon-activated.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\couponTooltip.js
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\css\appversion.css
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\css\dialog.css
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\css\IE7Styles.css
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-coupon-hover.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-coupon.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-dollar.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrow-grey.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-left.gif
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-right.gif
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\bg_top.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-back.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-getcoupon.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-search.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\coupon-activated.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\delete.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\loader.gif
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\save.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb-disable.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb-down.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt-disable.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt-down.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\sprite.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-arrow-hover.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-arrow.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-l.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-l_BAK.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-r.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-r_BAK.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-on-l.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-on-r.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-over-l.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-over-r.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-left.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-mdl.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-right.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\vid-bg.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\index.html
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\jquery.contextMenu.css
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\jquery.contextMenu.js
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\appversion.js
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery-1.4.2.min.js
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.event.wheel.js
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.pagination.js
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.scrollTo-min.js
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\JSON.js
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\listnav.js
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\main.js
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\main.js.bak
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\page_white_copy.gif
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\panel.html
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\partner.xml
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\placeholder-logo.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css\dialog.css
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\bg.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-disablealert-over.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-disablealert.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-enablealert-over.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-enablealert.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-help-over.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-help.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-managealerts-over.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-managealerts.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-showalert-over.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-showalert.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-wide-close-over.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-wide-close.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\default.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\power-couponcamp.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\poweredby-couponwinner.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\transparent.gif
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-left.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-left_old.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-mdl.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-mdl_old.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right-resize.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right_old.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\main.html
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts\defscript.js
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\tb_icon.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\unchecked.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\widget.js
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\widget.xml
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\widget_version.txt
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Grooveshark\tb_icon.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Grooveshark\widget.js
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Grooveshark\widget.xml
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Grooveshark\widget_version.txt
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\css\messageContent.css
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\css\messageList.css
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\images\bg_header.jpg
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\images\btn-close-grey.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\images\mail.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\images\msg-btn.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\messageContent.html
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\messageList.html
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\scripts\messageList.js
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\tb_icon.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\widget.js
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\widget.xml
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\.cvsignore
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\css\dialog.css
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrow-grey.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-left.gif
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-right.gif
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\back.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search-over.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\delete.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-disable.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-down.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-disable.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-down.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow-hover.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-l.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-r.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-l.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-r.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-l.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-r.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-left.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-mdl.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-right.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-left.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-mdl.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-right.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\throbber.gif
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\vid-bg.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\youtube.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\index.html
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\function.js
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\jquery-1.4.2.min.js
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\JSON.js
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css\dialog.css
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\bg-facebook.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\blank.gif
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close-over.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\default.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\transparent.gif
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-left.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-mdl.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right-resize.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\main.html
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\defscript.js
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\jquery-1.4.2.min.js
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\tb_icon.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.js
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.xml
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget_version.txt
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-buffering.gif
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-connecting.gif
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-playing.gif
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-stopped.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta.ico
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\tb_icon.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\widget.js
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\widget.xml
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\css\twitter.css
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login-over.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\btn-submit.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\loginbg.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\refresh-over.gif
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\refresh.gif
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-disable.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-down.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-over.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-disable.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-down.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-over.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-l.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-r.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-l.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-r.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\throbber.gif
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\twitter-logo48.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\twitter_top.png
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\index.html
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\js\defscript.js
c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\js\jquery.js

#10 rdy4trvl

rdy4trvl

    New Member

  • Members
  • Pip
  • 8 posts

Posted 12 April 2012 - 07:33 PM

<p>...and Part 2</p>
<p> </p>
<p> </p>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\js\scripts.js</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\login.html</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\css\dialog.css</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\bg.gif</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close-over.png</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close.png</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\default.png</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\transparent.gif</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-left.png</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-mdl.png</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right-resize.png</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right.png</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\main.html</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts\defscript.js</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\tb_icon.png</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\widget.js</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\widget.xml</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\widget_version.txt</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\css\autocomplete.css</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\css\dialog.css</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrow-grey.png</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrows_grey-left.gif</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrows_grey-right.gif</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\bg.gif</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\btn-search-over.png</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\btn-search.png</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\powered-by-youtube.gif</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-off-l.png</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-off-r.png</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-on-l.png</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-on-r.png</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-red-left.png</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-red-mdl.png</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-red-right.png</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-white-left.png</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-white-mdl.png</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-white-right.png</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\throbber.gif</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\vid-bg.png</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\youtube.png</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\index.html</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\js\autocomplete.js</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\js\jquery-1.4.3.min.js</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\js\paginator.js</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\js\youtube.js</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\css\dialog.css</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\bg.gif</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\btn-search.png</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\btn-wide-close-over.png</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\btn-wide-close.png</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\default.png</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-off-l.png</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-off-r.png</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-on-l.png</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-on-r.png</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\transparent.gif</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-left.png</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-mdl.png</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-right-resize.png</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-right.png</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\main.html</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\scripts\defscript.js</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\tb_icon.png</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\widget.js</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\widget.xml</div>
<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\widget_version.txt</div>
<div>c:\program files\blekkotb\chrome\data\search\engines.xml</div>
<div>c:\program files\blekkotb\chrome\data\search\search.xsl</div>
<div>c:\program files\blekkotb\chrome\skin\bg-btnover-mdl_ff_bluelite.png</div>
<div>c:\program files\blekkotb\chrome\skin\bg-btnover-mdl_ff_bluesky.png</div>
<div>c:\program files\blekkotb\chrome\skin\blekko16.png</div>
<div>c:\program files\blekkotb\chrome\skin\blogger.png</div>
<div>c:\program files\blekkotb\chrome\skin\bluelite.gif</div>
<div>c:\program files\blekkotb\chrome\skin\bluesky.gif</div>
<div>c:\program files\blekkotb\chrome\skin\btn-search-over.png</div>
<div>c:\program files\blekkotb\chrome\skin\btn-search.png</div>
<div>c:\program files\blekkotb\chrome\skin\btn-settings-over.png</div>
<div>c:\program files\blekkotb\chrome\skin\btn-settings.png</div>
<div>c:\program files\blekkotb\chrome\skin\btn-widgets-over.png</div>
<div>c:\program files\blekkotb\chrome\skin\btn-widgets.png</div>
<div>c:\program files\blekkotb\chrome\skin\coupons-hover.png</div>
<div>c:\program files\blekkotb\chrome\skin\coupons.png</div>
<div>c:\program files\blekkotb\chrome\skin\custom.css</div>
<div>c:\program files\blekkotb\chrome\skin\dictionary.png</div>
<div>c:\program files\blekkotb\chrome\skin\downloadcom.png</div>
<div>c:\program files\blekkotb\chrome\skin\dtxlogo.png</div>
<div>c:\program files\blekkotb\chrome\skin\facebook-blekko-hover.png</div>
<div>c:\program files\blekkotb\chrome\skin\facebook-blekko.png</div>
<div>c:\program files\blekkotb\chrome\skin\facebook-hover.png</div>
<div>c:\program files\blekkotb\chrome\skin\facebook.png</div>
<div>c:\program files\blekkotb\chrome\skin\fb.png</div>
<div>c:\program files\blekkotb\chrome\skin\games.png</div>
<div>c:\program files\blekkotb\chrome\skin\google.png</div>
<div>c:\program files\blekkotb\chrome\skin\graphna.png</div>
<div>c:\program files\blekkotb\chrome\skin\graphred0.png</div>
<div>c:\program files\blekkotb\chrome\skin\graphred0_5.png</div>
<div>c:\program files\blekkotb\chrome\skin\graphred1.png</div>
<div>c:\program files\blekkotb\chrome\skin\graphred1_5.png</div>
<div>c:\program files\blekkotb\chrome\skin\graphred2.png</div>
<div>c:\program files\blekkotb\chrome\skin\graphred2_5.png</div>
<div>c:\program files\blekkotb\chrome\skin\graphred3.png</div>
<div>c:\program files\blekkotb\chrome\skin\graphred3_5.png</div>
<div>c:\program files\blekkotb\chrome\skin\graphred4.png</div>
<div>c:\program files\blekkotb\chrome\skin\graphred4_5.png</div>
<div>c:\program files\blekkotb\chrome\skin\graphred5.png</div>
<div>c:\program files\blekkotb\chrome\skin\graphredna.png</div>
<div>c:\program files\blekkotb\chrome\skin\grey.gif</div>
<div>c:\program files\blekkotb\chrome\skin\hulu.png</div>
<div>c:\program files\blekkotb\chrome\skin\ico-digg.png</div>
<div>c:\program files\blekkotb\chrome\skin\ico-shield.png</div>
<div>c:\program files\blekkotb\chrome\skin\icon_blekko.png</div>
<div>c:\program files\blekkotb\chrome\skin\images.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\add.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\aol.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\arrow-dn.gif</div>
<div>c:\program files\blekkotb\chrome\skin\lib\arrow-right-disabled.gif</div>
<div>c:\program files\blekkotb\chrome\skin\lib\arrow-right.gif</div>
<div>c:\program files\blekkotb\chrome\skin\lib\arrow-up.gif</div>
<div>c:\program files\blekkotb\chrome\skin\lib\bg-btn-end.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\bg-btn-mdl.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\bg-btn-mdl_ff.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\bg-btn-start.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\bg-btnover-end.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\bg-btnover-mdl.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\bg-btnover-mdl_ff.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\bg-btnover-start.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\blank.gif</div>
<div>c:\program files\blekkotb\chrome\skin\lib\btnback-down-vista.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\btnback-vista.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\btnleft-down-vista.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\btnleft-vista.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\btnright-down-vista.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\btnright-vista.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\button-splitter-down-vista.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\button-splitter-vista.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\checkmark.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\chevron.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\collapse.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\dtx.css</div>
<div>c:\program files\blekkotb\chrome\skin\lib\edit-back-hot.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\edit-back.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\expand.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\found.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\gmail.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\highlight.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\highlight_blue.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\highlight_cyan.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\highlight_lime.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\highlight_magenta.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\highlight_yellow.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\hotmail.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\imap.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\lastsearch-thumb-back.gif</div>
<div>c:\program files\blekkotb\chrome\skin\lib\loadingMid.gif</div>
<div>c:\program files\blekkotb\chrome\skin\lib\lock.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\mailcom.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\menu_bg-basic.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\menu_separator_bar.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\menuitem-splitter.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\menuitemback-down-vista.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\menuitemback-vista.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\menuitemleft-down-vista.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\menuitemleft-vista.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\menuitemright-down-vista.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\menuitemright-vista.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\modify.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\move.gif</div>
<div>c:\program files\blekkotb\chrome\skin\lib\movetarget.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\css\popupAbout.css</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\css\popupWidgets.css</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\default\css\dialog.css</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\default\images\bg.gif</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\default\images\btn-wide-close-over.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\default\images\btn-wide-close.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\default\images\default.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\default\images\transparent.gif</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\default\images\win-btm-left.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\default\images\win-btm-mdl.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\default\images\win-btm-right-resize.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\default\images\win-btm-right.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\default\main.html</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\default\scripts\defscript.js</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\arrow-sml-drop.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\arrow-sml.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\arrowr-bluew5.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\bg-aboutbox.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\bg-btnover.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\bg-pnl520x390.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\btn-addtoolbar-left.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\btn-addtoolbar-right.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\btn-close-grey.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\btn-close-greyover.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\btn-drag.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\btn-mdl-over.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\btn-mdl.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\btn-next-over.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\btn-next.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\btn-previous-over.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\btn-previous.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\btn-right-over.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\btn-search-pnlbtm.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\gamethumb-on.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\ico-calendar.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\ico-download.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\ico-tags.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\icon-Add.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\icon-Info.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\menul-bgon.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\menul-bgover.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\panel-botm-noscroll.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\scroll-bg-206.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\scroll-bg.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\scroll-topwin.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\scrollb-disable.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\scrollb-down.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\scrollb-over.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\scrollb.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\scrollt-disable.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\scrollt-down.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\scrollt-over.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\scrollt.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\searchbox-pnlbtm.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\star_x_grey.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\star_x_orange.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\throbber.gif</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\TRUSTe_about.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\view-detailed-on.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\view-detailed-over.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\view-thumb-on.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\view-thumb-over.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\widgets-square-16px.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\widgets-square-24px.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\panels\popupWidgets.html</div>
<div>c:\program files\blekkotb\chrome\skin\lib\pop.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\radio.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\reload.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\remove.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\rename.gif</div>
<div>c:\program files\blekkotb\chrome\skin\lib\resize-box.gif</div>
<div>c:\program files\blekkotb\chrome\skin\lib\rss.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\rsschannelback.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\RSSLogo.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\rsstabdivider.gif</div>
<div>c:\program files\blekkotb\chrome\skin\lib\scroll-left.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\scroll-right.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\search-go.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\search.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\text-ellipsis.xml</div>
<div>c:\program files\blekkotb\chrome\skin\lib\throbber.gif</div>
<div>c:\program files\blekkotb\chrome\skin\lib\toolbarsplitter.gif</div>
<div>c:\program files\blekkotb\chrome\skin\lib\transparent_1px.gif</div>
<div>c:\program files\blekkotb\chrome\skin\lib\uwa\border_02.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\uwa\border_03.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\uwa\border_04.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\uwa\border_06.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\uwa\border_07.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\uwa\border_08.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\uwa\border_09.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\uwa\border_10.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\uwa\border_11.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\uwa\border_12.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\uwa\border_13.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\uwa\border_14.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\uwa\border_15.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\uwa\border_16.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\uwa\border_18.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\uwa\border_19.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\uwa\border_20.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\uwa\border_21.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\uwa\btn-close-grey.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\uwa\btn-close-greyover.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\uwa\close-hot.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\uwa\close-normal.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\uwa\loadingMid.gif</div>
<div>c:\program files\blekkotb\chrome\skin\lib\uwa\paneltemplate.html</div>
<div>c:\program files\blekkotb\chrome\skin\lib\uwa\proxy.html</div>
<div>c:\program files\blekkotb\chrome\skin\lib\uwa\template.html</div>
<div>c:\program files\blekkotb\chrome\skin\lib\uwa\template.xml</div>
<div>c:\program files\blekkotb\chrome\skin\lib\uwa\templateFF.html</div>
<div>c:\program files\blekkotb\chrome\skin\lib\uwa\throbber.gif</div>
<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\icons\cond999.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\icons\icons.xml</div>
<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\icons\na-s.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\icons\na.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\icons\weather.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\add.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\box-check.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\ico-check.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\options-weather.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\over-blue.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\over-orange.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png</div>
<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\popupWeather.css</div>
<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\popupWeather.html</div>
<div>c:\program files\blekkotb\chrome\skin\lib\yahoo.png</div>
<div>c:\program files\blekkotb\chrome\skin\lichen.gif</div>
<div>c:\program files\blekkotb\chrome\skin\local-deals-hover.png</div>
<div>c:\program files\blekkotb\chrome\skin\local-deals.png</div>
<div>c:\program files\blekkotb\chrome\skin\logo-about.png</div>
<div>c:\program files\blekkotb\chrome\skin\logo-over.png</div>
<div>c:\program files\blekkotb\chrome\skin\logo.png</div>
<div>c:\program files\blekkotb\chrome\skin\mail-blekko-hover.png</div>
<div>c:\program files\blekkotb\chrome\skin\mail-blekko.png</div>
<div>c:\program files\blekkotb\chrome\skin\mail-hover.png</div>
<div>c:\program files\blekkotb\chrome\skin\mail.png</div>
<div>c:\program files\blekkotb\chrome\skin\modify-save.png</div>
<div>c:\program files\blekkotb\chrome\skin\modify.png</div>
<div>c:\program files\blekkotb\chrome\skin\music.png</div>
<div>c:\program files\blekkotb\chrome\skin\myspace.png</div>
<div>c:\program files\blekkotb\chrome\skin\news.png</div>
<div>c:\program files\blekkotb\chrome\skin\options-main.png</div>
<div>c:\program files\blekkotb\chrome\skin\options-search.png</div>
<div>c:\program files\blekkotb\chrome\skin\options\options-main.png</div>
<div>c:\program files\blekkotb\chrome\skin\options\options-search.png</div>
<div>c:\program files\blekkotb\chrome\skin\options\options-weather.png</div>
<div>c:\program files\blekkotb\chrome\skin\options\options-widgets.png</div>
<div>c:\program files\blekkotb\chrome\skin\orange.gif</div>
<div>c:\program files\blekkotb\chrome\skin\p_yahoo.png</div>
<div>c:\program files\blekkotb\chrome\skin\rss-collapse.png</div>
<div>c:\program files\blekkotb\chrome\skin\rss-delete.png</div>
<div>c:\program files\blekkotb\chrome\skin\rss-expand.png</div>
<div>c:\program files\blekkotb\chrome\skin\rss-feed.png</div>
<div>c:\program files\blekkotb\chrome\skin\rss-folder-remove.png</div>
<div>c:\program files\blekkotb\chrome\skin\rss-folder-rename.png</div>
<div>c:\program files\blekkotb\chrome\skin\rss-folder.png</div>
<div>c:\program files\blekkotb\chrome\skin\rss-found.png</div>
<div>c:\program files\blekkotb\chrome\skin\rss-reload.png</div>
<div>c:\program files\blekkotb\chrome\skin\rss-subscribe.png</div>
<div>c:\program files\blekkotb\chrome\skin\rss.png</div>
<div>c:\program files\blekkotb\chrome\skin\rssback.gif</div>
<div>c:\program files\blekkotb\chrome\skin\rsstopback.gif</div>
<div>c:\program files\blekkotb\chrome\skin\search.png</div>
<div>c:\program files\blekkotb\chrome\skin\settings.png</div>
<div>c:\program files\blekkotb\chrome\skin\shopping.png</div>
<div>c:\program files\blekkotb\chrome\skin\skin-bluelite.png</div>
<div>c:\program files\blekkotb\chrome\skin\skin-bluesky.png</div>
<div>c:\program files\blekkotb\chrome\skin\skin-grey.png</div>
<div>c:\program files\blekkotb\chrome\skin\skin-lichen.png</div>
<div>c:\program files\blekkotb\chrome\skin\skin-orange.png</div>
<div>c:\program files\blekkotb\chrome\skin\skin-yellow.png</div>
<div>c:\program files\blekkotb\chrome\skin\social_delicious.png</div>
<div>c:\program files\blekkotb\chrome\skin\social_stumbleupon.png</div>
<div>c:\program files\blekkotb\chrome\skin\technorati.png</div>
<div>c:\program files\blekkotb\chrome\skin\throbber.gif</div>
<div>c:\program files\blekkotb\chrome\skin\toolbarsplitter.png</div>
<div>c:\program files\blekkotb\chrome\skin\twitter-blekko-hover.png</div>
<div>c:\program files\blekkotb\chrome\skin\twitter-blekko.png</div>
<div>c:\program files\blekkotb\chrome\skin\twitter-hover.png</div>
<div>c:\program files\blekkotb\chrome\skin\twitter.png</div>
<div>c:\program files\blekkotb\chrome\skin\weather-blekko.png</div>
<div>c:\program files\blekkotb\chrome\skin\web.png</div>
<div>c:\program files\blekkotb\chrome\skin\websearch.png</div>
<div>c:\program files\blekkotb\chrome\skin\wikipedia.png</div>
<div>c:\program files\blekkotb\chrome\skin\yahoosearch.png</div>
<div>c:\program files\blekkotb\chrome\skin\yellow.gif</div>
<div>c:\program files\blekkotb\chrome\skin\youtube.png</div>
<div>c:\program files\blekkotb\components\windowmediator.js</div>
<div>c:\program files\blekkotb\install.ico</div>
<div>c:\program files\blekkotb\manifest.xml</div>
<div>c:\program files\blekkotb\search.ico</div>
<div>c:\program files\blekkotb\uninstall.exe</div>
<div>c:\program files\StartSearch plugin</div>
<div>c:\program files\StartSearch plugin\StartBar.dll</div>
<div>c:\program files\StartSearch plugin\uninst.exe</div>
<div>C:\RECYCLER(2)</div>
<div>c:\recycler(2)\S-1-5-21-725345543-343818398-1801674531-1003(2)\INFO2</div>
<div>c:\windows\EventSystem.log</div>
<div>c:\windows\system32\ccrpTmr6.dll</div>
<div>.</div>
<div>.</div>
<div>(((((((((((((((((((((((((   Files Created from 2012-03-12 to 2012-04-12  )))))))))))))))))))))))))))))))</div>
<div>.</div>
<div>.</div>
<div>2012-04-12 20:32 . 2012-04-12 20:32<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Ditto</div>
<div>2012-04-11 23:07 . 2012-04-11 23:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wbem\Repository</div>
<div>2012-04-11 22:38 . 2012-04-11 22:38<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\LocalService\Local Settings\Application Data\Adobe</div>
<div>2012-04-09 03:46 . 2012-04-09 03:46<span class="Apple-tab-span" style="white-space:pre"> </span>592824<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Mozilla Firefox\gkmedias.dll</div>
<div>2012-04-09 03:46 . 2012-04-09 03:46<span class="Apple-tab-span" style="white-space:pre"> </span>44472<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Mozilla Firefox\mozglue.dll</div>
<div>2012-04-04 05:53 . 2012-04-04 05:53<span class="Apple-tab-span" style="white-space:pre"> </span>182160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Mozilla Firefox\Plugins\nppdf32.dll</div>
<div>2012-04-04 05:53 . 2012-04-04 05:53<span class="Apple-tab-span" style="white-space:pre"> </span>182160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Internet Explorer\Plugins\nppdf32.dll</div>
<div>2012-04-02 04:47 . 2012-04-02 04:55<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\4-1-2012</div>
<div>2012-03-31 00:17 . 2012-03-31 00:17<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\VMS</div>
<div>2012-03-31 00:16 . 2012-03-31 00:19<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\VMS</div>
<div>2012-03-31 00:06 . 2012-04-12 21:14<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor</div>
<div>2012-03-30 02:40 . 2012-03-30 02:40<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\LogFiles</div>
<div>2012-03-30 02:35 . 2012-03-30 02:35<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\BlueStacks</div>
<div>2012-03-30 02:35 . 2012-03-30 02:35<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\All Users\Application Data\BlueStacks</div>
<div>2012-03-30 02:03 . 2012-04-01 21:32<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\Doug\Local Settings\Application Data\BlueStacks</div>
<div>2012-03-29 17:58 . 2012-03-29 17:58<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\Java</div>
<div>2012-03-29 17:58 . 2012-03-29 17:57<span class="Apple-tab-span" style="white-space:pre"> </span>476904<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Mozilla Firefox\Plugins\npdeployJava1.dll</div>
<div>2012-03-29 17:58 . 2012-03-29 17:57<span class="Apple-tab-span" style="white-space:pre"> </span>73728<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\javacpl.cpl</div>
<div>2012-03-28 18:44 . 2012-03-28 18:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\NetworkService\Local Settings\Application Data\Google</div>
<div>2012-03-26 21:11 . 2012-04-11 21:30<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d--h--w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\GroupPolicy</div>
<div>2012-03-26 21:03 . 2012-03-26 21:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\Doug\Local Settings\Application Data\APN</div>
<div>2012-03-26 21:02 . 2012-03-30 03:48<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\All Users\Application Data\Avira</div>
<div>2012-03-23 14:16 . 2012-03-20 18:52<span class="Apple-tab-span" style="white-space:pre"> </span>51144<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\Soluto.sys</div>
<div>2012-03-23 14:16 . 2012-03-23 14:17<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Soluto</div>
<div>2012-03-22 19:12 . 2012-03-22 19:12<span class="Apple-tab-span" style="white-space:pre"> </span>4435968<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\GPhotos.scr</div>
<div>2012-03-20 19:59 . 2012-03-20 19:59<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\Skype</div>
<div>.</div>
<div>.</div>
<div>.</div>
<div>((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))</div>
<div>.</div>
<div>2012-04-04 22:56 . 2011-10-23 05:19<span class="Apple-tab-span" style="white-space:pre"> </span>22344<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div>
<div>2012-03-29 17:57 . 2011-10-23 05:26<span class="Apple-tab-span" style="white-space:pre"> </span>472808<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\deployJava1.dll</div>
<div>2012-03-01 11:01 . 2008-04-14 12:00<span class="Apple-tab-span" style="white-space:pre"> </span>916992<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wininet.dll</div>
<div>2012-03-01 11:01 . 2008-04-14 12:00<span class="Apple-tab-span" style="white-space:pre"> </span>43520<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\licmgr10.dll</div>
<div>2012-03-01 11:01 . 2008-04-14 12:00<span class="Apple-tab-span" style="white-space:pre"> </span>1469440<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\inetcpl.cpl</div>
<div>2012-02-29 14:10 . 2008-04-14 12:00<span class="Apple-tab-span" style="white-space:pre"> </span>177664<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wintrust.dll</div>
<div>2012-02-29 14:10 . 2008-04-14 12:00<span class="Apple-tab-span" style="white-space:pre"> </span>148480<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\imagehlp.dll</div>
<div>2012-02-29 12:17 . 2008-04-14 12:00<span class="Apple-tab-span" style="white-space:pre"> </span>385024<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\html.iec</div>
<div>2012-02-07 18:02 . 2012-02-07 18:02<span class="Apple-tab-span" style="white-space:pre"> </span>1070352<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\MSCOMCTL.OCX</div>
<div>2012-02-03 09:22 . 2008-04-14 12:00<span class="Apple-tab-span" style="white-space:pre"> </span>1860096<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\win32k.sys</div>
<div>2012-01-31 12:44 . 2011-10-23 04:53<span class="Apple-tab-span" style="white-space:pre"> </span>237072<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\MpSigStub.exe</div>
<div>2012-01-23 15:19 . 2011-10-23 05:19<span class="Apple-tab-span" style="white-space:pre"> </span>414368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\FlashPlayerCPLApp.cpl</div>
<div>2012-04-09 03:46 . 2011-10-23 05:19<span class="Apple-tab-span" style="white-space:pre"> </span>97208<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\mozilla firefox\components\browsercomps.dll</div>
<div>2011-10-23 05:21 . 2011-10-23 05:21<span class="Apple-tab-span" style="white-space:pre"> </span>119808<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll</div>
<div>.</div>
<div>.</div>
<div>(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))</div>
<div>.</div>
<div>.</div>
<div>*Note* empty entries &amp; legit default entries are not shown </div>
<div>REGEDIT4</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]</div>
<div>2012-02-10 18:28<span class="Apple-tab-span" style="white-space:pre"> </span>1307928<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Microsoft\BingBar\7.1.361.0\BingExt.dll</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]</div>
<div>&quot;{eec0f710-38b5-4aba-99bf-ec87564a4e13}&quot;= &quot;c:\program files\Microsoft\BingBar\7.1.361.0\BingExt.dll&quot; [2012-02-10 1307928]</div>
<div>.</div>
<div>[HKEY_CLASSES_ROOT\clsid\{eec0f710-38b5-4aba-99bf-ec87564a4e13}]</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]</div>
<div>@=&quot;{95A27763-F62A-4114-9072-E81D87DE3B68}&quot;</div>
<div>[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]</div>
<div>2011-03-04 03:52<span class="Apple-tab-span" style="white-space:pre"> </span>762000<span class="Apple-tab-span" style="white-space:pre"> </span>----a-r-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]</div>
<div>@=&quot;{E300CD91-100F-4E67-9AF3-1384A6124015}&quot;</div>
<div>[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]</div>
<div>2011-03-04 03:52<span class="Apple-tab-span" style="white-space:pre"> </span>762000<span class="Apple-tab-span" style="white-space:pre"> </span>----a-r-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]</div>
<div>@=&quot;{5E529433-B50E-4bef-A63B-16A6B71B071A}&quot;</div>
<div>[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]</div>
<div>2011-03-04 03:52<span class="Apple-tab-span" style="white-space:pre"> </span>762000<span class="Apple-tab-span" style="white-space:pre"> </span>----a-r-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll</div>
<div>.</div>
<div>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>
<div>&quot;DisplayFusion&quot;=&quot;c:\program files\DisplayFusion\DisplayFusion.exe&quot; [2011-10-03 2456992]</div>
<div>&quot;DriverMax&quot;=&quot;&quot; [BU]</div>
<div>&quot;DriverMax_RESTART&quot;=&quot;&quot; [BU]</div>
<div>&quot;CursorFX&quot;=&quot;c:\program files\Stardock\CursorFX\CursorFX.exe&quot; [2010-03-23 417280]</div>
<div>&quot;Eye-Fi&quot;=&quot;c:\program files\Eye-Fi\Helper\EyeFiHelper.exe&quot; [2011-12-22 3961464]</div>
<div>&quot;QuickLaunch&quot;=&quot;c:\program files\Schwab\StreetSmart Edge\QuickLaunch.exe&quot; [2012-01-19 12288]</div>
<div>&quot;BTLive&quot;=&quot;c:\documents and settings\Doug\Application Data\BTLive\BTLive.exe&quot; [BU]</div>
<div>&quot;Gadwin PrintScreen&quot;=&quot;c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe&quot; [2011-05-03 487424]</div>
<div>&quot;Ditto&quot;=&quot;c:\program files\Ditto\Ditto.exe&quot; [2012-01-04 1350144]</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>
<div>&quot;ATICCC&quot;=&quot;c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe&quot; [2006-09-25 90112]</div>
<div>&quot;ISUSPM&quot;=&quot;c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\\isuspm.exe&quot; [2010-05-21 324976]</div>
<div>&quot;Adobe ARM&quot;=&quot;c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe&quot; [2012-01-03 843712]</div>
<div>&quot;RTHDCPL&quot;=&quot;RTHDCPL.EXE&quot; [2007-12-20 16860672]</div>
<div>&quot;V0230Mon.exe&quot;=&quot;c:\windows\V0230Mon.exe&quot; [2006-09-07 32768]</div>
<div>&quot;AdobeAAMUpdater-1.0&quot;=&quot;c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe&quot; [2011-03-16 499608]</div>
<div>&quot;AdobeCS5.5ServiceManager&quot;=&quot;c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe&quot; [2011-01-12 1523360]</div>
<div>&quot;PPort9reminder&quot;=&quot;c:\program files\ScanSoft\PaperPort\WebEreg\Ereg.exe&quot; [2003-01-27 729088]</div>
<div>&quot;Carbonite Backup&quot;=&quot;c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe&quot; [2011-03-04 948880]</div>
<div>&quot;QuickTime Task&quot;=&quot;c:\program files\QuickTime\QTTask.exe&quot; [2011-07-06 421888]</div>
<div>&quot;SunJavaUpdateSched&quot;=&quot;c:\program files\Common Files\Java\Java Update\jusched.exe&quot; [2012-01-18 254696]</div>
<div>&quot;Anti-phishing Domain Advisor&quot;=&quot;c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe&quot; [2012-01-17 232616]</div>
<div>.</div>
<div>c:\documents and settings\Doug\Start Menu\Programs\Startup\</div>
<div>EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112]</div>
<div>Google Chrome 9-10-11.lnk - c:\documents and settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe [2011-12-18 1224176]</div>
<div>StreetSmart Edge.lnk - c:\program files\Schwab\StreetSmart Edge\SSEdge.exe [2011-10-23 75776]</div>
<div>Texter.lnk - c:\program files\Texter\texter.exe [2007-11-6 377303]</div>
<div>.</div>
<div>[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]</div>
<div>&quot;{1984DD45-52CF-49cd-AB77-18F378FEA264}&quot;= &quot;c:\program files\Stardock\Fences\FencesMenu.dll&quot; [2010-06-22 202088]</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]</div>
<div>BootExecute<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ   <span class="Apple-tab-span" style="white-space:pre"> </span>autocheck autochk *\0SmartDefragBootTime.exe</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]</div>
<div>@=&quot;Service&quot;</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]</div>
<div>2011-09-27 15:22<span class="Apple-tab-span" style="white-space:pre"> </span>59240<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]</div>
<div>2011-12-26 21:06<span class="Apple-tab-span" style="white-space:pre"> </span>743560<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\EASEUS\Todo Backup\bin\TrayNotify.exe</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]</div>
<div>2011-12-23 07:09<span class="Apple-tab-span" style="white-space:pre"> </span>70792<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\EASEUS\Todo Backup\bin\EuWatch.exe</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]</div>
<div>2011-10-23 05:21<span class="Apple-tab-span" style="white-space:pre"> </span>30192<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Google\Google Desktop Search\GoogleDesktop.exe</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]</div>
<div>2007-01-01 21:22<span class="Apple-tab-span" style="white-space:pre"> </span>3739648<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Google\Google Talk\googletalk.exe</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]</div>
<div>2011-05-10 09:41<span class="Apple-tab-span" style="white-space:pre"> </span>49208<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\HP\HP Software Update\hpwuschd2.exe</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]</div>
<div>2003-02-27 10:40<span class="Apple-tab-span" style="white-space:pre"> </span>40960<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\ScanSoft\PaperPort\IndexSearch.exe</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]</div>
<div>2011-11-13 08:24<span class="Apple-tab-span" style="white-space:pre"> </span>421736<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\iTunes\iTunesHelper.exe</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]</div>
<div>2003-02-27 10:12<span class="Apple-tab-span" style="white-space:pre"> </span>57393<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\ScanSoft\PaperPort\pptd40nt.exe</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFProHook]</div>
<div>2011-07-01 08:07<span class="Apple-tab-span" style="white-space:pre"> </span>607592<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Nuance\PDF Viewer Plus\PdfPro7Hook.exe</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]</div>
<div>2012-02-29 16:20<span class="Apple-tab-span" style="white-space:pre"> </span>17151624<span class="Apple-tab-span" style="white-space:pre"> </span>----a-r-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Skype\Phone\Skype.exe</div>
<div>.</div>
<div>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]</div>
<div>&quot;%windir%\\Network Diagnostic\\xpnetdiag.exe&quot;=</div>
<div>&quot;%windir%\\system32\\sessmgr.exe&quot;=</div>
<div>&quot;c:\\Program Files\\Google\\Google Talk\\googletalk.exe&quot;=</div>
<div>&quot;c:\\Program Files\\WinTV\\WinTV7\\WinTV7.exe&quot;=</div>
<div>&quot;c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe&quot;=</div>
<div>&quot;c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE&quot;=</div>
<div>&quot;c:\\Program Files\\OpenPhotoBooth\\opb_gui.exe&quot;=</div>
<div>&quot;c:\\Program Files\\Eye-Fi\\Helper\\EyeFiHelper.exe&quot;=</div>
<div>&quot;c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe&quot;=</div>
<div>&quot;c:\\Program Files\\Bonjour\\mDNSResponder.exe&quot;=</div>
<div>&quot;c:\\Program Files\\iTunes\\iTunes.exe&quot;=</div>
<div>&quot;c:\\Program Files\\Orbitdownloader\\orbitdm.exe&quot;=</div>
<div>&quot;c:\\Program Files\\Orbitdownloader\\orbitnet.exe&quot;=</div>
<div>&quot;c:\\Documents and Settings\\Doug\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe&quot;=</div>
<div>&quot;c:\\Program Files\\EASEUS\\Todo Backup\\bin\\Agent.exe&quot;=</div>
<div>&quot;c:\\Program Files\\Skype\\Phone\\Skype.exe&quot;=</div>
<div>&quot;c:\\Program Files\\Soluto\\Soluto.exe&quot;=</div>
<div>&quot;c:\\Program Files\\Soluto\\SolutoService.exe&quot;=</div>
<div>&quot;c:\\Program Files\\Soluto\\SolutoConsole.exe&quot;=</div>
<div>&quot;c:\\Program Files\\Soluto\\SolutoUpdateService.exe&quot;=</div>
<div>&quot;c:\\Program Files\\Ditto\\Ditto.exe&quot;=</div>
<div>.</div>
<div>R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2/29/2012 6:41 PM 50312]</div>
<div>R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2/29/2012 6:41 PM 43784]</div>
<div>R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [10/22/2011 10:22 PM 14776]</div>
<div>R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [3/23/2012 7:16 AM 51144]</div>
<div>R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2/29/2012 6:41 PM 16008]</div>
<div>R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2/29/2012 6:41 PM 185864]</div>
<div>R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2/10/2012 11:28 AM 193816]</div>
<div>R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [3/28/2012 9:21 PM 66912]</div>
<div>R2 EaseUS Agent;EaseUS Agent;c:\program files\EASEUS\Todo Backup\bin\Agent.exe [2/29/2012 6:39 PM 61064]</div>
<div>R2 Guard Agent;Guard Agent;c:\program files\EASEUS\Todo Backup\bin\GuardAgent.exe [2/29/2012 6:39 PM 23176]</div>
<div>R2 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\WinTV\TVServer\HAUPPA~1.EXE [10/22/2011 10:28 PM 602624]</div>
<div>R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [3/20/2012 12:08 PM 571936]</div>
<div>R3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [3/24/2006 2:00 AM 6272]</div>
<div>R3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [9/29/2006 2:01 AM 500480]</div>
<div>S0 cerc6;cerc6; [x]</div>
<div>S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/29/2012 9:16 AM 158856]</div>
<div>S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2/10/2012 11:28 AM 240408]</div>
<div>S3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe [3/28/2012 9:21 PM 401760]</div>
<div>S3 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [3/28/2012 9:21 PM 385376]</div>
<div>S3 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]</div>
<div>S3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [10/22/2011 10:33 PM 20328]</div>
<div>S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --&gt; c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]</div>
<div>S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [10/22/2011 10:27 PM 13192]</div>
<div>S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [10/22/2011 10:27 PM 8456]</div>
<div>S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/22/2011 10:21 PM 30192]</div>
<div>S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\drivers\hcw72ADFilter.sys [10/22/2011 10:25 PM 28928]</div>
<div>S3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\drivers\hcw72ATV.sys [10/22/2011 10:24 PM 1217920]</div>
<div>S3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\drivers\hcw72DTV.sys [10/22/2011 10:24 PM 1220224]</div>
<div>S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]</div>
<div>.</div>
<div>--- Other Services/Drivers In Memory ---</div>
<div>.</div>
<div>*NewlyCreated* - BBSVC</div>
<div>.</div>
<div>Contents of the &#39;Scheduled Tasks&#39; folder</div>
<div>.</div>
<div>2012-04-08 c:\windows\Tasks\AdobeAAMUpdater-1.0-DOUG-7C388E4B75-Doug.job</div>
<div>- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-12-30 01:42]</div>
<div>.</div>
<div>2012-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job</div>
<div>- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]</div>
<div>.</div>
<div>2012-04-12 c:\windows\Tasks\At1.job</div>
<div>- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 04:12]</div>
<div>.</div>
<div>2012-04-12 c:\windows\Tasks\At2.job</div>
<div>- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 04:12]</div>
<div>.</div>
<div>2012-04-12 c:\windows\Tasks\At3.job</div>
<div>- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 04:12]</div>
<div>.</div>
<div>2012-04-12 c:\windows\Tasks\At4.job</div>
<div>- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 04:12]</div>
<div>.</div>
<div>2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-343818398-1801674531-1003Core.job</div>
<div>- c:\documents and settings\Doug\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-23 04:49]</div>
<div>.</div>
<div>2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-343818398-1801674531-1003UA.job</div>
<div>- c:\documents and settings\Doug\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-23 04:49]</div>
<div>.</div>
<div>.</div>
<div>------- Supplementary Scan -------</div>
<div>.</div>
<div>uStart Page = hxxp://blekko.com?source=c3348dd4&amp;tbp=homepage&amp;toolbarid=blekkotb&amp;u=2012033132B64C498B125D11813D8C71</div>
<div>uDefault_Search_URL = hxxp://www.google.com/ie</div>
<div>mStart Page = hxxp://www.google.com</div>
<div>uInternet Settings,ProxyOverride = *.local</div>
<div>uSearchAssistant = hxxp://www.google.com/ie</div>
<div>uSearchURL,(Default) = hxxp://www.google.com/search?q=%s</div>
<div>IE: &amp;Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201</div>
<div>IE: &amp;Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204</div>
<div>IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204</div>
<div>IE: Add to Google Photos Screensa&amp;ver - c:\windows\system32\GPhotos.scr/200</div>
<div>IE: Do&amp;wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203</div>
<div>IE: Down&amp;load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202</div>
<div>IE: E&amp;xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000</div>
<div>IE: Open with PDF Viewer 7 - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm</div>
<div>TCP: DhcpNameServer = 75.75.75.75 75.75.76.76</div>
<div>FF - ProfilePath - c:\documents and settings\Doug\Application Data\Mozilla\Firefox\Profiles\m6wpu69h.default\</div>
<div>FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/</div>
<div>.</div>
<div>- - - - ORPHANS REMOVED - - - -</div>
<div>.</div>
<div>AddRemove-blekkotb - c:\program files\blekkotb\uninstall.exe</div>
<div>AddRemove-StartSearch Toolbar - c:\program files\StartSearch plugin\uninst.exe</div>
<div>.</div>
<div>.</div>
<div>.</div>
<div>**************************************************************************</div>
<div>.</div>
<div>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net</div>
<div>Rootkit scan 2012-04-12 14:14</div>
<div>Windows 5.1.2600 Service Pack 3 NTFS</div>
<div>.</div>
<div>scanning hidden processes ...  </div>
<div>.</div>
<div>scanning hidden autostart entries ... </div>
<div>.</div>
<div>scanning hidden files ...  </div>
<div>.</div>
<div>scan completed successfully</div>
<div>hidden files: 0</div>
<div>.</div>
<div>**************************************************************************</div>
<div>.</div>
<div>--------------------- DLLs Loaded Under Running Processes ---------------------</div>
<div>.</div>
<div>- - - - - - - &gt; &#39;winlogon.exe&#39;(764)</div>
<div>c:\windows\system32\Ati2evxx.dll</div>
<div>.</div>
<div>- - - - - - - &gt; &#39;explorer.exe&#39;(5844)</div>
<div>c:\windows\system32\WININET.dll</div>
<div>c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.dll</div>
<div>c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll</div>
<div>c:\program files\DisplayFusion\Hooks\AppHookx86_E9464B29-24CC-4807-9B39-7F16C319BC61.dll</div>
<div>c:\windows\system32\ieframe.dll</div>
<div>c:\windows\system32\msi.dll</div>
<div>c:\program files\Stardock\Fences\FencesMenu.dll</div>
<div>c:\windows\system32\webcheck.dll</div>
<div>c:\program files\stardock\fences\DesktopDock.dll</div>
<div>c:\program files\Stardock\CursorFX\CurXP0.dll</div>
<div>.</div>
<div>------------------------ Other Running Processes ------------------------</div>
<div>.</div>
<div>c:\windows\system32\Ati2evxx.exe</div>
<div>c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe</div>
<div>c:\windows\system32\Ati2evxx.exe</div>
<div>c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</div>
<div>c:\program files\Bonjour\mDNSResponder.exe</div>
<div>c:\program files\FolderSize\FolderSizeSvc.exe</div>
<div>c:\program files\Canon\CAL\CALMAIN.exe</div>
<div>c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe</div>
<div>c:\windows\system32\wscntfy.exe</div>
<div>c:\program files\ATI Technologies\ATI.ACE\CLI.EXE</div>
<div>c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\isuspm.exe</div>
<div>c:\windows\RTHDCPL.EXE</div>
<div>c:\windows\system32\msiexec.exe</div>
<div>c:\program files\ATI Technologies\ATI.ACE\cli.exe</div>
<div>c:\program files\WinTV\WinTV7\WinTV7.exe</div>
<div>.</div>
<div>**************************************************************************</div>
<div>.</div>
<div>Completion time: 2012-04-12  14:23:49 - machine was rebooted</div>
<div>ComboFix-quarantined-files.txt  2012-04-12 21:23</div>
<div>ComboFix2.txt  2012-04-11 15:19</div>
<div>.</div>
<div>Pre-Run: 110,998,507,520 bytes free</div>
<div>Post-Run: 112,248,832,000 bytes free</div>
<div>.</div>
<div>WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe</div>
<div>[boot loader]</div>
<div>timeout=2</div>
<div>default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS</div>
<div>[operating systems]</div>
<div>c:\cmdcons\BOOTSECT.DAT=&quot;Microsoft Windows Recovery Console&quot; /cmdcons</div>
<div>UnsupportedDebug=&quot;do not select this&quot; /debug</div>
<div>multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=&quot;Microsoft Windows XP Professional&quot; /noexecute=optin /fastdetect</div>
<div>.</div>
<div>- - End Of File - - 80BA558109A6684FF90BA0BDF1201363</div>
<div> </div>


#11 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,379 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 13 April 2012 - 08:43 AM

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#12 rdy4trvl

rdy4trvl

    New Member

  • Members
  • Pip
  • 8 posts

Posted 13 April 2012 - 11:29 AM

<p>Looks like you solved the problem.  Huge Thanks!</p>
<p> </p>
<p> </p>
<div>Malwarebytes Anti-Malware 1.61.0.1400</div>
<div>www.malwarebytes.org</div>
<div> </div>
<div>Database version: v2012.04.13.04</div>
<div> </div>
<div>Windows XP Service Pack 3 x86 NTFS</div>
<div>Internet Explorer 8.0.6001.18702</div>
<div>Doug :: DOUG-7C388E4B75 [administrator]</div>
<div> </div>
<div>4/13/2012 7:33:25 AM</div>
<div>mbam-log-2012-04-13 (07-33-25).txt</div>
<div> </div>
<div>Scan type: Quick scan</div>
<div>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM</div>
<div>Scan options disabled: P2P</div>
<div>Objects scanned: 196748</div>
<div>Time elapsed: 6 minute(s), 31 second(s)</div>
<div> </div>
<div>Memory Processes Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>Memory Modules Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>Registry Keys Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>Registry Values Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>Registry Data Items Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>Folders Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>Files Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>(end)</div>


#13 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,379 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 13 April 2012 - 11:35 AM

Glad I could help! :)

Please uninstall ComboFix:
www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstall

Next, manually delete DDS.

Some malware prevention tips:
http://forums.malwar...=0

Antivirus software is very important. Very strongly recommend you immediately install an antivirus program. This is the most important prevention.


Safe surfing! :)
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#14 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 14 April 2012 - 09:54 AM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users