raddy

Members
  • Content count

    14
  • Joined

  • Last visited

About raddy

  • Rank
    New Member
  1. ComboFix is uninstalled. Thank you so much for your time and help. I appreciate it so much.
  2. Pages are loading quickly and I'm not getting redirected at all. Seems to be back to normal.
  3. ComboFix 12-03-18.04 - dougg 03/21/2012 17:37:49.3.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2505 [GMT -4:00] Running from: c:\users\dougg\Desktop\ComboFix.exe Command switches used :: c:\users\dougg\Desktop\CFScript.txt AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\blekkotb c:\program files (x86)\blekkotb\auxi\blekkoAu.dll c:\program files (x86)\blekkotb\auxi\config.xml c:\program files (x86)\blekkotb\blekkoDx.dll c:\program files (x86)\blekkotb\blekkotb.dll c:\program files (x86)\blekkotb\chrome\content\custom.js c:\program files (x86)\blekkotb\chrome\content\lib\about.xml c:\program files (x86)\blekkotb\chrome\content\lib\dtxpanel.xul c:\program files (x86)\blekkotb\chrome\content\lib\dtxpaneltransparent.xul c:\program files (x86)\blekkotb\chrome\content\lib\dtxpanelwin.xul c:\program files (x86)\blekkotb\chrome\content\lib\dtxprefwin.xul c:\program files (x86)\blekkotb\chrome\content\lib\dtxtransparentwin.xul c:\program files (x86)\blekkotb\chrome\content\lib\dtxwin.xul c:\program files (x86)\blekkotb\chrome\content\lib\emailnotifierproviders.xml c:\program files (x86)\blekkotb\chrome\content\lib\external.js c:\program files (x86)\blekkotb\chrome\content\lib\neterror.xhtml c:\program files (x86)\blekkotb\chrome\content\lib\rsspreview.html c:\program files (x86)\blekkotb\chrome\content\lib\rsswin.xml c:\program files (x86)\blekkotb\chrome\content\lib\rsswin.xsl c:\program files (x86)\blekkotb\chrome\content\modules\datastore.jsm c:\program files (x86)\blekkotb\chrome\content\modules\nsDragAndDrop.js c:\program files (x86)\blekkotb\chrome\content\newtab\images\btn_search.gif c:\program files (x86)\blekkotb\chrome\content\newtab\images\bullet.gif c:\program files (x86)\blekkotb\chrome\content\newtab\images\field_bg.gif c:\program files (x86)\blekkotb\chrome\content\newtab\images\powered_by_yahoo.gif c:\program files (x86)\blekkotb\chrome\content\newtab\newtab.html c:\program files (x86)\blekkotb\chrome\content\preferences.xml c:\program files (x86)\blekkotb\chrome\content\toolbar.htm c:\program files (x86)\blekkotb\chrome\content\toolbar.xul c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\css\dialog.css c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrow-grey.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrows_grey-left.gif c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrows_grey-right.gif c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\bg.gif c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\btn-search-over.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\btn-search.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\throbber.gif c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\index.html c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\css\dialog.css c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\1x1_transparent.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\bg.gif c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-search.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-wide-close-over.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-wide-close.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn_close_x.gif c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\default.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\transparent.gif c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-left.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-mdl.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-right-resize.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-right.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\main.html c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\scripts\defscript.js c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\tb_icon.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\widget.js c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\widget.xml c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\widget_version.txt c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\.project c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\alert_coupon.css c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-next-off.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-next.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-previous-off.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-previous.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\bg-coupon-blue.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\bg-save.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\blank_image.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\border-radius.htc c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-getcoupon.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-next-blue.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-previous-blue.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-wide-close-over.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-wide-close.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\checked.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\coupon-activated.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\couponTooltip.js c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\css\appversion.css c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\css\dialog.css c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\css\IE7Styles.css c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-coupon-hover.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-coupon.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-dollar.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrow-grey.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-left.gif c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-right.gif c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\bg_top.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-back.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-getcoupon.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-search.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\coupon-activated.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\delete.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\loader.gif c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\save.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb-disable.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb-down.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt-disable.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt-down.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\sprite.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-arrow-hover.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-arrow.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-l.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-l_BAK.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-r.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-r_BAK.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-on-l.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-on-r.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-over-l.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-over-r.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-left.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-mdl.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-right.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\vid-bg.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\index.html c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\jquery.contextMenu.css c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\jquery.contextMenu.js c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\appversion.js c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery-1.4.2.min.js c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.event.wheel.js c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.pagination.js c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.scrollTo-min.js c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\JSON.js c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\listnav.js c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\main.js c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\main.js.bak c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\page_white_copy.gif c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\panel.html c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\partner.xml c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\placeholder-logo.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css\dialog.css c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\bg.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-disablealert-over.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-disablealert.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-enablealert-over.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-enablealert.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-help-over.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-help.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-managealerts-over.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-managealerts.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-showalert-over.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-showalert.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-wide-close-over.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-wide-close.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\default.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\power-couponcamp.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\poweredby-couponwinner.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\transparent.gif c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-left.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-left_old.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-mdl.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-mdl_old.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right-resize.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right_old.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\main.html c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts\defscript.js c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\tb_icon.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\unchecked.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\widget.js c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\widget.xml c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\widget_version.txt c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Grooveshark\tb_icon.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Grooveshark\widget.js c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Grooveshark\widget.xml c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Grooveshark\widget_version.txt c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\css\messageContent.css c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\css\messageList.css c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\images\bg_header.jpg c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\images\btn-close-grey.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\images\mail.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\images\msg-btn.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\messageContent.html c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\messageList.html c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\scripts\messageList.js c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\tb_icon.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\widget.js c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\widget.xml c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\.cvsignore c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\css\dialog.css c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrow-grey.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-left.gif c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-right.gif c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\back.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search-over.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\delete.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-disable.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-down.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-disable.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-down.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow-hover.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-l.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-r.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-l.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-r.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-l.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-r.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-left.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-mdl.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-right.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-left.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-mdl.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-right.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\throbber.gif c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\vid-bg.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\youtube.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\index.html c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\function.js c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\jquery-1.4.2.min.js c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\JSON.js c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css\dialog.css c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\bg-facebook.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\blank.gif c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close-over.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\default.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\transparent.gif c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-left.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-mdl.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right-resize.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\main.html c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\defscript.js c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\jquery-1.4.2.min.js c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\tb_icon.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.js c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.xml c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget_version.txt c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-buffering.gif c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-connecting.gif c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-playing.gif c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-stopped.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta.ico c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\tb_icon.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\widget.js c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\widget.xml c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\css\twitter.css c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login-over.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\btn-submit.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\loginbg.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\refresh-over.gif c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\refresh.gif c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-disable.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-down.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-over.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-disable.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-down.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-over.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-l.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-r.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-l.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-r.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\throbber.gif c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\twitter-logo48.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\twitter_top.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\index.html c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\js\defscript.js c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\js\jquery.js c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\js\scripts.js c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\login.html c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\css\dialog.css c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\bg.gif c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close-over.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\default.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\transparent.gif c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-left.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-mdl.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right-resize.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\main.html c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts\defscript.js c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\tb_icon.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\widget.js c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\widget.xml c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\widget_version.txt c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\css\autocomplete.css c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\css\dialog.css c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrow-grey.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrows_grey-left.gif c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrows_grey-right.gif c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\bg.gif c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\btn-search-over.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\btn-search.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\powered-by-youtube.gif c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-off-l.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-off-r.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-on-l.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-on-r.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-red-left.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-red-mdl.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-red-right.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-white-left.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-white-mdl.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-white-right.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\throbber.gif c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\vid-bg.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\youtube.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\index.html c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\js\autocomplete.js c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\js\jquery-1.4.3.min.js c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\js\paginator.js c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\js\youtube.js c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\css\dialog.css c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\bg.gif c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\btn-search.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\btn-wide-close-over.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\btn-wide-close.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\default.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-off-l.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-off-r.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-on-l.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-on-r.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\transparent.gif c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-left.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-mdl.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-right-resize.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-right.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\main.html c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\scripts\defscript.js c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\tb_icon.png c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\widget.js c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\widget.xml c:\program files (x86)\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\widget_version.txt c:\program files (x86)\blekkotb\chrome\data\search\engines.xml c:\program files (x86)\blekkotb\chrome\data\search\search.xsl c:\program files (x86)\blekkotb\chrome\skin\bg-btnover-mdl_ff_bluelite.png c:\program files (x86)\blekkotb\chrome\skin\bg-btnover-mdl_ff_bluesky.png c:\program files (x86)\blekkotb\chrome\skin\blekko16.png c:\program files (x86)\blekkotb\chrome\skin\blogger.png c:\program files (x86)\blekkotb\chrome\skin\bluelite.gif c:\program files (x86)\blekkotb\chrome\skin\bluesky.gif c:\program files (x86)\blekkotb\chrome\skin\btn-search-over.png c:\program files (x86)\blekkotb\chrome\skin\btn-search.png c:\program files (x86)\blekkotb\chrome\skin\btn-settings-over.png c:\program files (x86)\blekkotb\chrome\skin\btn-settings.png c:\program files (x86)\blekkotb\chrome\skin\btn-widgets-over.png c:\program files (x86)\blekkotb\chrome\skin\btn-widgets.png c:\program files (x86)\blekkotb\chrome\skin\coupons-hover.png c:\program files (x86)\blekkotb\chrome\skin\coupons.png c:\program files (x86)\blekkotb\chrome\skin\custom.css c:\program files (x86)\blekkotb\chrome\skin\dictionary.png c:\program files (x86)\blekkotb\chrome\skin\downloadcom.png c:\program files (x86)\blekkotb\chrome\skin\dtxlogo.png c:\program files (x86)\blekkotb\chrome\skin\facebook-blekko-hover.png c:\program files (x86)\blekkotb\chrome\skin\facebook-blekko.png c:\program files (x86)\blekkotb\chrome\skin\facebook-hover.png c:\program files (x86)\blekkotb\chrome\skin\facebook.png c:\program files (x86)\blekkotb\chrome\skin\fb.png c:\program files (x86)\blekkotb\chrome\skin\games.png c:\program files (x86)\blekkotb\chrome\skin\google.png c:\program files (x86)\blekkotb\chrome\skin\graphna.png c:\program files (x86)\blekkotb\chrome\skin\graphred0.png c:\program files (x86)\blekkotb\chrome\skin\graphred0_5.png c:\program files (x86)\blekkotb\chrome\skin\graphred1.png c:\program files (x86)\blekkotb\chrome\skin\graphred1_5.png c:\program files (x86)\blekkotb\chrome\skin\graphred2.png c:\program files (x86)\blekkotb\chrome\skin\graphred2_5.png c:\program files (x86)\blekkotb\chrome\skin\graphred3.png c:\program files (x86)\blekkotb\chrome\skin\graphred3_5.png c:\program files (x86)\blekkotb\chrome\skin\graphred4.png c:\program files (x86)\blekkotb\chrome\skin\graphred4_5.png c:\program files (x86)\blekkotb\chrome\skin\graphred5.png c:\program files (x86)\blekkotb\chrome\skin\graphredna.png c:\program files (x86)\blekkotb\chrome\skin\grey.gif c:\program files (x86)\blekkotb\chrome\skin\hulu.png c:\program files (x86)\blekkotb\chrome\skin\ico-digg.png c:\program files (x86)\blekkotb\chrome\skin\ico-shield.png c:\program files (x86)\blekkotb\chrome\skin\icon_blekko.png c:\program files (x86)\blekkotb\chrome\skin\images.png c:\program files (x86)\blekkotb\chrome\skin\lib\add.png c:\program files (x86)\blekkotb\chrome\skin\lib\aol.png c:\program files (x86)\blekkotb\chrome\skin\lib\arrow-dn.gif c:\program files (x86)\blekkotb\chrome\skin\lib\arrow-right-disabled.gif c:\program files (x86)\blekkotb\chrome\skin\lib\arrow-right.gif c:\program files (x86)\blekkotb\chrome\skin\lib\arrow-up.gif c:\program files (x86)\blekkotb\chrome\skin\lib\bg-btn-end.png c:\program files (x86)\blekkotb\chrome\skin\lib\bg-btn-mdl.png c:\program files (x86)\blekkotb\chrome\skin\lib\bg-btn-mdl_ff.png c:\program files (x86)\blekkotb\chrome\skin\lib\bg-btn-start.png c:\program files (x86)\blekkotb\chrome\skin\lib\bg-btnover-end.png c:\program files (x86)\blekkotb\chrome\skin\lib\bg-btnover-mdl.png c:\program files (x86)\blekkotb\chrome\skin\lib\bg-btnover-mdl_ff.png c:\program files (x86)\blekkotb\chrome\skin\lib\bg-btnover-start.png c:\program files (x86)\blekkotb\chrome\skin\lib\blank.gif c:\program files (x86)\blekkotb\chrome\skin\lib\btnback-down-vista.png c:\program files (x86)\blekkotb\chrome\skin\lib\btnback-vista.png c:\program files (x86)\blekkotb\chrome\skin\lib\btnleft-down-vista.png c:\program files (x86)\blekkotb\chrome\skin\lib\btnleft-vista.png c:\program files (x86)\blekkotb\chrome\skin\lib\btnright-down-vista.png c:\program files (x86)\blekkotb\chrome\skin\lib\btnright-vista.png c:\program files (x86)\blekkotb\chrome\skin\lib\button-splitter-down-vista.png c:\program files (x86)\blekkotb\chrome\skin\lib\button-splitter-vista.png c:\program files (x86)\blekkotb\chrome\skin\lib\checkmark.png c:\program files (x86)\blekkotb\chrome\skin\lib\chevron.png c:\program files (x86)\blekkotb\chrome\skin\lib\collapse.png c:\program files (x86)\blekkotb\chrome\skin\lib\dtx.css c:\program files (x86)\blekkotb\chrome\skin\lib\edit-back-hot.png c:\program files (x86)\blekkotb\chrome\skin\lib\edit-back.png c:\program files (x86)\blekkotb\chrome\skin\lib\expand.png c:\program files (x86)\blekkotb\chrome\skin\lib\found.png c:\program files (x86)\blekkotb\chrome\skin\lib\gmail.png c:\program files (x86)\blekkotb\chrome\skin\lib\highlight.png c:\program files (x86)\blekkotb\chrome\skin\lib\highlight_blue.png c:\program files (x86)\blekkotb\chrome\skin\lib\highlight_cyan.png c:\program files (x86)\blekkotb\chrome\skin\lib\highlight_lime.png c:\program files (x86)\blekkotb\chrome\skin\lib\highlight_magenta.png c:\program files (x86)\blekkotb\chrome\skin\lib\highlight_yellow.png c:\program files (x86)\blekkotb\chrome\skin\lib\hotmail.png c:\program files (x86)\blekkotb\chrome\skin\lib\imap.png c:\program files (x86)\blekkotb\chrome\skin\lib\lastsearch-thumb-back.gif c:\program files (x86)\blekkotb\chrome\skin\lib\loadingMid.gif c:\program files (x86)\blekkotb\chrome\skin\lib\lock.png c:\program files (x86)\blekkotb\chrome\skin\lib\mailcom.png c:\program files (x86)\blekkotb\chrome\skin\lib\menu_bg-basic.png c:\program files (x86)\blekkotb\chrome\skin\lib\menu_separator_bar.png c:\program files (x86)\blekkotb\chrome\skin\lib\menuitem-splitter.png c:\program files (x86)\blekkotb\chrome\skin\lib\menuitemback-down-vista.png c:\program files (x86)\blekkotb\chrome\skin\lib\menuitemback-vista.png c:\program files (x86)\blekkotb\chrome\skin\lib\menuitemleft-down-vista.png c:\program files (x86)\blekkotb\chrome\skin\lib\menuitemleft-vista.png c:\program files (x86)\blekkotb\chrome\skin\lib\menuitemright-down-vista.png c:\program files (x86)\blekkotb\chrome\skin\lib\menuitemright-vista.png c:\program files (x86)\blekkotb\chrome\skin\lib\modify.png c:\program files (x86)\blekkotb\chrome\skin\lib\move.gif c:\program files (x86)\blekkotb\chrome\skin\lib\movetarget.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\css\popupAbout.css c:\program files (x86)\blekkotb\chrome\skin\lib\panels\css\popupWidgets.css c:\program files (x86)\blekkotb\chrome\skin\lib\panels\default\css\dialog.css c:\program files (x86)\blekkotb\chrome\skin\lib\panels\default\images\bg.gif c:\program files (x86)\blekkotb\chrome\skin\lib\panels\default\images\btn-wide-close-over.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\default\images\btn-wide-close.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\default\images\default.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\default\images\transparent.gif c:\program files (x86)\blekkotb\chrome\skin\lib\panels\default\images\win-btm-left.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\default\images\win-btm-mdl.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\default\images\win-btm-right-resize.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\default\images\win-btm-right.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\default\main.html c:\program files (x86)\blekkotb\chrome\skin\lib\panels\default\scripts\defscript.js c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\arrow-sml-drop.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\arrow-sml.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\arrowr-bluew5.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\bg-aboutbox.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\bg-btnover.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\bg-pnl520x390.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-addtoolbar-left.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-addtoolbar-right.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-close-grey.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-close-greyover.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-drag.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-mdl-over.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-mdl.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-next-over.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-next.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-previous-over.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-previous.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-right-over.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\btn-search-pnlbtm.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\gamethumb-on.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\ico-calendar.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\ico-download.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\ico-tags.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\icon-Add.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\icon-Info.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\menul-bgon.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\menul-bgover.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\panel-botm-noscroll.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\scroll-bg-206.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\scroll-bg.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\scroll-topwin.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\scrollb-disable.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\scrollb-down.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\scrollb-over.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\scrollb.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\scrollt-disable.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\scrollt-down.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\scrollt-over.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\scrollt.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\searchbox-pnlbtm.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\star_x_grey.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\star_x_orange.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\throbber.gif c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\TRUSTe_about.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\view-detailed-on.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\view-detailed-over.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\view-thumb-on.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\view-thumb-over.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\widgets-square-16px.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\images\widgets-square-24px.png c:\program files (x86)\blekkotb\chrome\skin\lib\panels\popupWidgets.html c:\program files (x86)\blekkotb\chrome\skin\lib\pop.png c:\program files (x86)\blekkotb\chrome\skin\lib\radio.png c:\program files (x86)\blekkotb\chrome\skin\lib\reload.png c:\program files (x86)\blekkotb\chrome\skin\lib\remove.png c:\program files (x86)\blekkotb\chrome\skin\lib\rename.gif c:\program files (x86)\blekkotb\chrome\skin\lib\resize-box.gif c:\program files (x86)\blekkotb\chrome\skin\lib\rss.png c:\program files (x86)\blekkotb\chrome\skin\lib\rsschannelback.png c:\program files (x86)\blekkotb\chrome\skin\lib\RSSLogo.png c:\program files (x86)\blekkotb\chrome\skin\lib\rsstabdivider.gif c:\program files (x86)\blekkotb\chrome\skin\lib\scroll-left.png c:\program files (x86)\blekkotb\chrome\skin\lib\scroll-right.png c:\program files (x86)\blekkotb\chrome\skin\lib\search-go.png c:\program files (x86)\blekkotb\chrome\skin\lib\search.png c:\program files (x86)\blekkotb\chrome\skin\lib\text-ellipsis.xml c:\program files (x86)\blekkotb\chrome\skin\lib\throbber.gif c:\program files (x86)\blekkotb\chrome\skin\lib\toolbarsplitter.gif c:\program files (x86)\blekkotb\chrome\skin\lib\transparent_1px.gif c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_02.png c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_03.png c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_04.png c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_06.png c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_07.png c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_08.png c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_09.png c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_10.png c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_11.png c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_12.png c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_13.png c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_14.png c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_15.png c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_16.png c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_18.png c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_19.png c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_20.png c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\border_21.png c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\btn-close-grey.png c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\btn-close-greyover.png c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\close-hot.png c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\close-normal.png c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\loadingMid.gif c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\paneltemplate.html c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\proxy.html c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\template.html c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\template.xml c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\templateFF.html c:\program files (x86)\blekkotb\chrome\skin\lib\uwa\throbber.gif c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\icons\cond999.png c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\icons\icons.xml c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\icons\na-s.png c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\icons\na.png c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\icons\weather.png c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\add.png c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\box-check.png c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\ico-check.png c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\options-weather.png c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\over-blue.png c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\over-orange.png c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\popupWeather.css c:\program files (x86)\blekkotb\chrome\skin\lib\weatherbutton\panels\popupWeather.html c:\program files (x86)\blekkotb\chrome\skin\lib\yahoo.png c:\program files (x86)\blekkotb\chrome\skin\lichen.gif c:\program files (x86)\blekkotb\chrome\skin\local-deals-hover.png c:\program files (x86)\blekkotb\chrome\skin\local-deals.png c:\program files (x86)\blekkotb\chrome\skin\logo-about.png c:\program files (x86)\blekkotb\chrome\skin\logo-over.png c:\program files (x86)\blekkotb\chrome\skin\logo.png c:\program files (x86)\blekkotb\chrome\skin\mail-blekko-hover.png c:\program files (x86)\blekkotb\chrome\skin\mail-blekko.png c:\program files (x86)\blekkotb\chrome\skin\mail-hover.png c:\program files (x86)\blekkotb\chrome\skin\mail.png c:\program files (x86)\blekkotb\chrome\skin\modify-save.png c:\program files (x86)\blekkotb\chrome\skin\modify.png c:\program files (x86)\blekkotb\chrome\skin\music.png c:\program files (x86)\blekkotb\chrome\skin\myspace.png c:\program files (x86)\blekkotb\chrome\skin\news.png c:\program files (x86)\blekkotb\chrome\skin\options-main.png c:\program files (x86)\blekkotb\chrome\skin\options-search.png c:\program files (x86)\blekkotb\chrome\skin\options\options-main.png c:\program files (x86)\blekkotb\chrome\skin\options\options-search.png c:\program files (x86)\blekkotb\chrome\skin\options\options-weather.png c:\program files (x86)\blekkotb\chrome\skin\options\options-widgets.png c:\program files (x86)\blekkotb\chrome\skin\orange.gif c:\program files (x86)\blekkotb\chrome\skin\p_yahoo.png c:\program files (x86)\blekkotb\chrome\skin\rss-collapse.png c:\program files (x86)\blekkotb\chrome\skin\rss-delete.png c:\program files (x86)\blekkotb\chrome\skin\rss-expand.png c:\program files (x86)\blekkotb\chrome\skin\rss-feed.png c:\program files (x86)\blekkotb\chrome\skin\rss-folder-remove.png c:\program files (x86)\blekkotb\chrome\skin\rss-folder-rename.png c:\program files (x86)\blekkotb\chrome\skin\rss-folder.png c:\program files (x86)\blekkotb\chrome\skin\rss-found.png c:\program files (x86)\blekkotb\chrome\skin\rss-reload.png c:\program files (x86)\blekkotb\chrome\skin\rss-subscribe.png c:\program files (x86)\blekkotb\chrome\skin\rss.png c:\program files (x86)\blekkotb\chrome\skin\rssback.gif c:\program files (x86)\blekkotb\chrome\skin\rsstopback.gif c:\program files (x86)\blekkotb\chrome\skin\search.png c:\program files (x86)\blekkotb\chrome\skin\settings.png c:\program files (x86)\blekkotb\chrome\skin\shopping.png c:\program files (x86)\blekkotb\chrome\skin\skin-bluelite.png c:\program files (x86)\blekkotb\chrome\skin\skin-bluesky.png c:\program files (x86)\blekkotb\chrome\skin\skin-grey.png c:\program files (x86)\blekkotb\chrome\skin\skin-lichen.png c:\program files (x86)\blekkotb\chrome\skin\skin-orange.png c:\program files (x86)\blekkotb\chrome\skin\skin-yellow.png c:\program files (x86)\blekkotb\chrome\skin\social_delicious.png c:\program files (x86)\blekkotb\chrome\skin\social_stumbleupon.png c:\program files (x86)\blekkotb\chrome\skin\technorati.png c:\program files (x86)\blekkotb\chrome\skin\throbber.gif c:\program files (x86)\blekkotb\chrome\skin\toolbarsplitter.png c:\program files (x86)\blekkotb\chrome\skin\twitter-blekko-hover.png c:\program files (x86)\blekkotb\chrome\skin\twitter-blekko.png c:\program files (x86)\blekkotb\chrome\skin\twitter-hover.png c:\program files (x86)\blekkotb\chrome\skin\twitter.png c:\program files (x86)\blekkotb\chrome\skin\weather-blekko.png c:\program files (x86)\blekkotb\chrome\skin\web.png c:\program files (x86)\blekkotb\chrome\skin\websearch.png c:\program files (x86)\blekkotb\chrome\skin\wikipedia.png c:\program files (x86)\blekkotb\chrome\skin\yahoosearch.png c:\program files (x86)\blekkotb\chrome\skin\yellow.gif c:\program files (x86)\blekkotb\chrome\skin\youtube.png c:\program files (x86)\blekkotb\components\windowmediator.js c:\program files (x86)\blekkotb\install.ico c:\program files (x86)\blekkotb\manifest.xml c:\program files (x86)\blekkotb\search.ico c:\program files (x86)\blekkotb\uninstall.exe . . ((((((((((((((((((((((((( Files Created from 2012-02-21 to 2012-03-21 ))))))))))))))))))))))))))))))) . . 2012-03-21 21:50 . 2012-03-21 21:50 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-03-21 21:50 . 2012-03-21 21:50 -------- d-----w- c:\users\Mcx1-DOUG-PC\AppData\Local\temp 2012-03-21 21:50 . 2012-03-21 21:50 -------- d-----w- c:\users\Guest\AppData\Local\temp 2012-03-21 21:50 . 2012-03-21 21:50 -------- d-----w- c:\users\Doug\AppData\Local\temp 2012-03-21 21:50 . 2012-03-21 21:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-20 21:25 . 2012-03-01 18:21 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{82A05B51-0363-4E2F-B248-6ECC3549C05C}\mpengine.dll 2012-03-15 01:07 . 2012-03-15 01:07 -------- d-----w- c:\program files (x86)\ESET 2012-03-15 00:21 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-15 00:21 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-03-15 00:21 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-03-14 22:11 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 22:11 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 22:11 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-03-14 22:11 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-14 22:11 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-14 22:11 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-14 22:11 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll 2012-03-14 22:11 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-14 22:11 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-03-14 22:11 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-14 22:11 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-06 03:32 . 2012-03-06 03:32 -------- d-----w- c:\users\dougg\.idlerc 2012-03-05 05:46 . 2012-03-05 05:46 -------- d-----w- C:\Python27 2012-03-05 01:06 . 2012-03-05 01:06 -------- d-----w- c:\users\dougg\AppData\Roaming\SpeedyPC Software 2012-03-05 01:06 . 2012-03-05 01:06 -------- d-----w- c:\users\dougg\AppData\Roaming\DriverCure 2012-03-05 01:06 . 2012-03-05 01:06 -------- d-----w- c:\programdata\SpeedyPC Software 2012-03-05 01:06 . 2012-03-05 01:06 -------- d-----w- c:\program files (x86)\SpeedyPC Software 2012-03-05 01:06 . 2012-03-05 01:06 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software 2012-03-04 19:16 . 2012-03-04 19:16 -------- d-----w- c:\users\dougg\AppData\Roaming\SUPERAntiSpyware.com 2012-03-04 19:14 . 2012-03-05 00:45 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-03-04 19:14 . 2012-03-04 19:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-03-03 08:31 . 2012-03-03 08:36 -------- d-----w- c:\users\dougg\AppData\Roaming\GRETECH 2012-03-03 08:30 . 2012-03-03 08:30 -------- d-----w- c:\users\dougg\AppData\Local\blekkotb 2012-03-03 08:30 . 2012-03-21 21:29 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor 2012-03-03 08:30 . 2012-03-03 08:36 -------- d-----w- c:\program files (x86)\GRETECH 2012-02-26 03:28 . 2012-02-27 21:27 -------- d-----w- c:\users\dougg\AppData\Roaming\vlc 2012-02-26 03:28 . 2012-02-26 03:28 -------- d-----w- c:\program files (x86)\VideoLAN 2012-02-21 04:26 . 2012-02-21 04:26 -------- d-----w- c:\program files (x86)\uTorrent 2012-02-21 04:26 . 2012-03-21 21:51 -------- d-----w- c:\users\dougg\AppData\Roaming\uTorrent . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-21 21:52 . 2010-06-24 00:20 25640 ----a-w- c:\windows\gdrv.sys 2012-02-23 13:18 . 2010-06-23 23:59 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-02-17 21:18 . 2010-07-29 07:29 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-02-17 20:41 . 2011-06-01 20:42 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-01-10 23:05 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-01-10 23:05 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-01-10 02:18 . 2012-01-10 02:18 51496 ----a-w- c:\windows\system32\drivers\stflt.sys 2012-01-04 10:44 . 2012-02-15 03:27 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-01-04 08:58 . 2012-02-15 03:27 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll 2011-12-30 06:26 . 2012-02-15 03:27 515584 ----a-w- c:\windows\system32\timedate.cpl 2011-12-30 05:27 . 2012-02-15 03:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl 2011-12-28 03:59 . 2012-02-15 03:27 498688 ----a-w- c:\windows\system32\drivers\afd.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-03-20_01.18.26 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2012-03-20 01:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-03-21 21:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-03-20 01:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-03-21 21:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-03-20 12:41 . 2012-03-21 21:31 52234 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-03-21 21:31 37982 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-11-22 22:32 . 2012-03-21 21:31 15692 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-877017928-3376076803-442139301-1003_UserData.bin - 2010-06-23 23:39 . 2012-03-20 01:06 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-06-23 23:39 . 2012-03-21 21:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-06-23 23:39 . 2012-03-20 01:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-06-23 23:39 . 2012-03-21 21:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-03-20 01:06 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-03-21 21:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-06-23 23:47 . 2012-03-20 01:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-06-23 23:47 . 2012-03-21 21:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-06-23 23:47 . 2012-03-21 21:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-06-23 23:47 . 2012-03-20 01:16 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-06-23 23:47 . 2012-03-20 01:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-06-23 23:47 . 2012-03-21 21:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-06-23 23:47 . 2012-03-20 01:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-06-23 23:47 . 2012-03-21 22:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-06-23 23:47 . 2012-03-20 01:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-06-23 23:47 . 2012-03-21 22:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-03-21 21:35 . 2012-03-21 21:35 9560 c:\windows\system32\NetworkList\Icons\{9DCD3DB9-C6E2-485F-AC02-CC6F96E07F6A}_48.bin + 2012-03-21 21:35 . 2012-03-21 21:35 4280 c:\windows\system32\NetworkList\Icons\{9DCD3DB9-C6E2-485F-AC02-CC6F96E07F6A}_32.bin + 2012-03-21 21:35 . 2012-03-21 21:35 2456 c:\windows\system32\NetworkList\Icons\{9DCD3DB9-C6E2-485F-AC02-CC6F96E07F6A}_24.bin + 2012-03-21 21:52 . 2012-03-21 21:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-03-20 01:14 . 2012-03-20 01:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-03-20 01:14 . 2012-03-20 01:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-03-21 21:52 . 2012-03-21 21:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 04:54 . 2012-03-20 01:14 311296 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-03-21 21:52 311296 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-06-24 00:32 . 2012-03-21 01:08 286062 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin - 2009-07-14 02:36 . 2012-03-18 20:19 624606 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-03-21 21:56 624606 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-03-18 20:19 106724 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-03-21 21:56 106724 c:\windows\system32\perfc009.dat + 2009-07-14 05:01 . 2012-03-21 21:51 560512 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-03-20 01:13 560512 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2010-12-23 05:55 . 2012-03-21 21:51 21304132 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-877017928-3376076803-442139301-1003-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dyyno Launcher"="c:\program files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" [2011-01-15 2151776] "Akamai NetSession Interface"="c:\users\dougg\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-15 17146504] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-03-06 741240] "SUPERAntiSpyware"="c:\program files\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE" [2012-01-20 5487488] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736] "Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-01-17 232616] . c:\users\dougg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERANTISPYWARE\SASCORE64.EXE [2011-08-11 140672] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360] S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 Dyyno Launcher;Dyyno Service;c:\program files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [2011-01-15 415072] S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2012-01-13 103440] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [x] S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [2011-11-22 1148632] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-06-08 240232] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 PAC207;Webcam;c:\windows\system32\DRIVERS\PFC027.SYS [x] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2012-03-05 c:\windows\Tasks\SpeedyPC Pro.job - c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2011-10-09 01:19] . 2012-03-05 c:\windows\Tasks\SpeedyPC Registration3.job - c:\windows\system32\rundll32.exe [2009-07-13 01:14] . 2012-03-05 c:\windows\Tasks\SpeedyPC Update Version3.job - c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2011-10-06 16:18] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584] "PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584] "SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2012-02-20 2786480] "SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2012-02-20 3669680] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 167.206.254.2 167.206.254.1 192.168.1.1 FF - ProfilePath - c:\users\dougg\AppData\Roaming\Mozilla\Firefox\Profiles\xm5exn3q.default\ FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: network.proxy.type - 0 FF - user.js: network.protocol-handler.warn-external.dnupdate - false . - - - - ORPHANS REMOVED - - - - . AddRemove-blekkotb - c:\program files (x86)\blekkotb\uninstall.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10y_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10y_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\rundll32.exe . ************************************************************************** . Completion time: 2012-03-21 18:24:06 - machine was rebooted ComboFix-quarantined-files.txt 2012-03-21 22:23 ComboFix2.txt 2012-03-20 01:34 ComboFix3.txt 2012-03-14 23:00 . Pre-Run: 730,066,997,248 bytes free Post-Run: 729,633,361,920 bytes free . - - End Of File - - A4867463E21539E0BE25C10029C84FCD
  4. I cant seem to disable this properly. I tried following the guide you linked me before but i couldn't figure it out. http://imgur.com/nxq3o
  5. It seems like this problem comes and goes. It starts with a 404 bad gateway and then i start to get redirected occasionally. It's not just google searches that redirect me either. Thank You. Combo Fix Log: ComboFix 12-03-18.04 - dougg 03/19/2012 20:24:19.2.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2608 [GMT -4:00] Running from: c:\users\dougg\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-02-20 to 2012-03-20 ))))))))))))))))))))))))))))))) . . 2012-03-20 01:12 . 2012-03-20 01:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-03-20 01:12 . 2012-03-20 01:12 -------- d-----w- c:\users\Mcx1-DOUG-PC\AppData\Local\temp 2012-03-20 01:12 . 2012-03-20 01:12 -------- d-----w- c:\users\Guest\AppData\Local\temp 2012-03-20 01:12 . 2012-03-20 01:12 -------- d-----w- c:\users\Doug\AppData\Local\temp 2012-03-20 01:12 . 2012-03-20 01:12 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-15 01:07 . 2012-03-15 01:07 -------- d-----w- c:\program files (x86)\ESET 2012-03-15 00:21 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-15 00:21 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-03-15 00:21 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-03-14 22:11 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 22:11 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 22:11 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-03-14 22:11 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-14 22:11 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-14 22:11 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-14 22:11 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll 2012-03-14 22:11 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-14 22:11 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-03-14 22:11 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-14 22:11 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-06 03:32 . 2012-03-06 03:32 -------- d-----w- c:\users\dougg\.idlerc 2012-03-05 05:46 . 2012-03-05 05:46 -------- d-----w- C:\Python27 2012-03-05 01:06 . 2012-03-05 01:06 -------- d-----w- c:\users\dougg\AppData\Roaming\SpeedyPC Software 2012-03-05 01:06 . 2012-03-05 01:06 -------- d-----w- c:\users\dougg\AppData\Roaming\DriverCure 2012-03-05 01:06 . 2012-03-05 01:06 -------- d-----w- c:\programdata\SpeedyPC Software 2012-03-05 01:06 . 2012-03-05 01:06 -------- d-----w- c:\program files (x86)\SpeedyPC Software 2012-03-05 01:06 . 2012-03-05 01:06 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software 2012-03-04 19:16 . 2012-03-04 19:16 -------- d-----w- c:\users\dougg\AppData\Roaming\SUPERAntiSpyware.com 2012-03-04 19:14 . 2012-03-05 00:45 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-03-04 19:14 . 2012-03-04 19:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-03-03 08:31 . 2012-03-03 08:36 -------- d-----w- c:\users\dougg\AppData\Roaming\GRETECH 2012-03-03 08:30 . 2012-03-03 08:30 -------- d-----w- c:\users\dougg\AppData\Local\blekkotb 2012-03-03 08:30 . 2012-03-18 20:15 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor 2012-03-03 08:30 . 2012-03-03 08:36 -------- d-----w- c:\program files (x86)\GRETECH 2012-03-03 08:30 . 2012-03-03 08:30 -------- d-----w- c:\program files (x86)\blekkotb 2012-02-26 03:28 . 2012-02-27 21:27 -------- d-----w- c:\users\dougg\AppData\Roaming\vlc 2012-02-26 03:28 . 2012-02-26 03:28 -------- d-----w- c:\program files (x86)\VideoLAN 2012-02-21 04:26 . 2012-02-21 04:26 -------- d-----w- c:\program files (x86)\uTorrent 2012-02-21 04:26 . 2012-03-20 01:13 -------- d-----w- c:\users\dougg\AppData\Roaming\uTorrent . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-20 01:14 . 2010-06-24 00:20 25640 ----a-w- c:\windows\gdrv.sys 2012-02-23 13:18 . 2010-06-23 23:59 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-02-17 21:18 . 2010-07-29 07:29 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-02-17 20:41 . 2011-06-01 20:42 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-01-10 23:05 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-01-10 23:05 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-01-10 02:18 . 2012-01-10 02:18 51496 ----a-w- c:\windows\system32\drivers\stflt.sys 2012-01-04 10:44 . 2012-02-15 03:27 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-01-04 08:58 . 2012-02-15 03:27 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll 2011-12-30 06:26 . 2012-02-15 03:27 515584 ----a-w- c:\windows\system32\timedate.cpl 2011-12-30 05:27 . 2012-02-15 03:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl 2011-12-28 03:59 . 2012-02-15 03:27 498688 ----a-w- c:\windows\system32\drivers\afd.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6}] 2012-01-17 19:28 262312 ----a-w- c:\program files (x86)\blekkotb\auxi\blekkoAu.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{26c9e18c-3717-4be1-a225-04e4471f5b6e}] 2012-01-17 19:28 86696 ----a-w- c:\program files (x86)\blekkotb\blekkoDx.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{26c9e18c-3717-4be1-a225-04e4471f5b6e}"= "c:\program files (x86)\blekkotb\blekkoDx.dll" [2012-01-17 86696] . [HKEY_CLASSES_ROOT\clsid\{26c9e18c-3717-4be1-a225-04e4471f5b6e}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dyyno Launcher"="c:\program files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" [2011-01-15 2151776] "Akamai NetSession Interface"="c:\users\dougg\AppData\Local\Akamai\netsession_win.exe" [2012-02-02 3329824] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-15 17146504] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-03-06 741240] "SUPERAntiSpyware"="c:\program files\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE" [2012-01-20 5487488] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736] "Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-01-17 232616] . c:\users\dougg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERANTISPYWARE\SASCORE64.EXE [2011-08-11 140672] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360] S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 Dyyno Launcher;Dyyno Service;c:\program files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [2011-01-15 415072] S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2012-01-13 103440] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [x] S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [2011-11-22 1148632] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-06-08 240232] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 PAC207;Webcam;c:\windows\system32\DRIVERS\PFC027.SYS [x] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2012-03-05 c:\windows\Tasks\SpeedyPC Pro.job - c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2011-10-09 01:19] . 2012-03-05 c:\windows\Tasks\SpeedyPC Registration3.job - c:\windows\system32\rundll32.exe [2009-07-13 01:14] . 2012-03-05 c:\windows\Tasks\SpeedyPC Update Version3.job - c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2011-10-06 16:18] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584] "PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584] "SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2012-02-20 2786480] "SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2012-02-20 3669680] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421; IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 167.206.254.1 167.206.254.2 FF - ProfilePath - c:\users\dougg\AppData\Roaming\Mozilla\Firefox\Profiles\xm5exn3q.default\ FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: network.proxy.type - 0 FF - user.js: network.protocol-handler.warn-external.dnupdate - false . - - - - ORPHANS REMOVED - - - - . AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10y_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10y_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\rundll32.exe . ************************************************************************** . Completion time: 2012-03-19 21:34:48 - machine was rebooted ComboFix-quarantined-files.txt 2012-03-20 01:34 ComboFix2.txt 2012-03-14 23:00 . Pre-Run: 729,603,268,608 bytes free Post-Run: 729,260,109,824 bytes free . - - End Of File - - A0F23C631C7D1DF95D4DD9D6B2808AE6
  6. I posted the same issue about a week ago and everything seemed to be resolved, but now I'm getting 404 bad gateway and redirected to mydomainadvisor.com again. Here is the link to the original thread: http://forums.malwar...l=&fromsearch=1
  7. So it has been a day or two and I've had no problems! Thank you SO much. Was changing that option to "No Proxy" a complete fix or just like a way around it? Thank You SO much again and I'm considering purchasing the full version of MBAM!
  8. I followed the last step, is there anything else that I need to do?
  9. Very long scan. Here it is: ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=3d9b8e9180f9ae46b193d91ac2116264 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-03-15 04:37:39 # local_time=2012-03-15 12:37:39 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=1797 16775165 100 94 0 68177457 0 0 # compatibility_mode=5893 16776574 100 94 0 83317407 0 0 # compatibility_mode=7937 16777214 28 75 498057 1116503 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=266784 # found=0 # cleaned=0 # scan_time=12301
  10. Everything seemed to be working fine and then I began to get 404 error and then I got redirected to http://partner37.mydomainadvisor.com/search.php?pr=vmn&id=blekkotb&v=1_0_1_32&ent=antiphishing_dn&q=www.techsupportforum.com. Looks like the virus is not gone. Thanks, Raddy
  11. I ran the scan and my computer seems to be running fine now. I've made some searches on google and went to some sites. I haven't been redirected and it seems to be back to normal speeds. Thank you very much, Raddy Here is the log: ComboFix 12-03-14.01 - dougg 03/14/2012 18:31:04.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2091 [GMT -4:00] Running from: c:\users\dougg\Desktop\ComboFix.exe AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\dougg\AppData\Roaming\RIFT c:\users\dougg\AppData\Roaming\RIFT\rift.cfg . . ((((((((((((((((((((((((( Files Created from 2012-02-14 to 2012-03-14 ))))))))))))))))))))))))))))))) . . 2012-03-14 22:40 . 2012-03-14 22:40 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-03-14 22:40 . 2012-03-14 22:40 -------- d-----w- c:\users\Mcx1-DOUG-PC\AppData\Local\temp 2012-03-14 22:40 . 2012-03-14 22:40 -------- d-----w- c:\users\Guest\AppData\Local\temp 2012-03-14 22:40 . 2012-03-14 22:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-06 03:32 . 2012-03-06 03:32 -------- d-----w- c:\users\dougg\.idlerc 2012-03-05 05:46 . 2012-03-05 05:46 -------- d-----w- C:\Python27 2012-03-05 01:06 . 2012-03-05 01:06 -------- d-----w- c:\users\dougg\AppData\Roaming\SpeedyPC Software 2012-03-05 01:06 . 2012-03-05 01:06 -------- d-----w- c:\users\dougg\AppData\Roaming\DriverCure 2012-03-05 01:06 . 2012-03-05 01:06 -------- d-----w- c:\programdata\SpeedyPC Software 2012-03-05 01:06 . 2012-03-05 01:06 -------- d-----w- c:\program files (x86)\SpeedyPC Software 2012-03-05 01:06 . 2012-03-05 01:06 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software 2012-03-04 19:16 . 2012-03-04 19:16 -------- d-----w- c:\users\dougg\AppData\Roaming\SUPERAntiSpyware.com 2012-03-04 19:14 . 2012-03-05 00:45 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-03-04 19:14 . 2012-03-04 19:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-03-03 08:31 . 2012-03-03 08:36 -------- d-----w- c:\users\dougg\AppData\Roaming\GRETECH 2012-03-03 08:30 . 2012-03-03 08:30 -------- d-----w- c:\users\dougg\AppData\Local\blekkotb 2012-03-03 08:30 . 2012-03-14 22:04 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor 2012-03-03 08:30 . 2012-03-03 08:36 -------- d-----w- c:\program files (x86)\GRETECH 2012-03-03 08:30 . 2012-03-03 08:30 -------- d-----w- c:\program files (x86)\blekkotb 2012-02-26 03:28 . 2012-02-27 21:27 -------- d-----w- c:\users\dougg\AppData\Roaming\vlc 2012-02-26 03:28 . 2012-02-26 03:28 -------- d-----w- c:\program files (x86)\VideoLAN 2012-02-21 04:26 . 2012-02-21 04:26 -------- d-----w- c:\program files (x86)\uTorrent 2012-02-21 04:26 . 2012-03-14 22:41 -------- d-----w- c:\users\dougg\AppData\Roaming\uTorrent 2012-02-18 17:17 . 2012-02-18 17:18 -------- d-----w- c:\program files\iTunes 2012-02-18 17:17 . 2012-02-18 17:18 -------- d-----w- c:\program files (x86)\iTunes 2012-02-18 17:17 . 2012-02-18 17:17 -------- d-----w- c:\program files\iPod 2012-02-17 21:21 . 2012-02-17 21:21 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-02-17 21:08 . 2012-02-17 21:08 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-02-15 03:27 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-02-15 03:27 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll 2012-02-15 03:27 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl 2012-02-15 03:27 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl 2012-02-15 03:27 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-02-15 03:27 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys 2012-02-15 03:27 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll 2012-02-15 03:27 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-14 22:42 . 2010-06-24 00:20 25640 ----a-w- c:\windows\gdrv.sys 2012-02-17 21:18 . 2010-07-29 07:29 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-02-17 20:41 . 2011-06-01 20:42 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-01-10 23:05 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-01-10 23:05 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-01-10 02:18 . 2012-01-10 02:18 51496 ----a-w- c:\windows\system32\drivers\stflt.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6}] 2012-01-17 19:28 262312 ----a-w- c:\program files (x86)\blekkotb\auxi\blekkoAu.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{26c9e18c-3717-4be1-a225-04e4471f5b6e}] 2012-01-17 19:28 86696 ----a-w- c:\program files (x86)\blekkotb\blekkoDx.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{26c9e18c-3717-4be1-a225-04e4471f5b6e}"= "c:\program files (x86)\blekkotb\blekkoDx.dll" [2012-01-17 86696] . [HKEY_CLASSES_ROOT\clsid\{26c9e18c-3717-4be1-a225-04e4471f5b6e}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dyyno Launcher"="c:\program files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" [2011-01-15 2151776] "Akamai NetSession Interface"="c:\users\dougg\AppData\Local\Akamai\netsession_win.exe" [2012-02-02 3329824] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-15 17146504] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-03-06 741240] "SUPERAntiSpyware"="c:\program files\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE" [2012-01-20 5487488] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736] "Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-01-17 232616] . c:\users\dougg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERANTISPYWARE\SASCORE64.EXE [2011-08-11 140672] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360] S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 Dyyno Launcher;Dyyno Service;c:\program files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [2011-01-15 415072] S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2012-01-13 103440] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [x] S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [2011-11-22 1148632] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-06-08 240232] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 PAC207;Webcam;c:\windows\system32\DRIVERS\PFC027.SYS [x] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2012-03-05 c:\windows\Tasks\SpeedyPC Pro.job - c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2011-10-09 01:19] . 2012-03-05 c:\windows\Tasks\SpeedyPC Registration3.job - c:\windows\system32\rundll32.exe [2009-07-13 01:14] . 2012-03-05 c:\windows\Tasks\SpeedyPC Update Version3.job - c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2011-10-06 16:18] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584] "PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584] "SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2012-02-20 2786480] "SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2012-02-20 3669680] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421; IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 167.206.254.1 167.206.254.2 FF - ProfilePath - c:\users\dougg\AppData\Roaming\Mozilla\Firefox\Profiles\xm5exn3q.default\ FF - prefs.js: browser.startup.homepage - about:home FF - user.js: network.protocol-handler.warn-external.dnupdate - false . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-AdobeBridge - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10y_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10y_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\rundll32.exe . ************************************************************************** . Completion time: 2012-03-14 18:59:56 - machine was rebooted ComboFix-quarantined-files.txt 2012-03-14 22:59 . Pre-Run: 704,920,489,984 bytes free Post-Run: 717,207,429,120 bytes free . - - End Of File - - CD87D440B0E2C7B93EBB8B07B9AE9DCB
  12. Thank you for responding. Here is the scan log: 18:08:08.0752 3952 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43 18:08:09.0013 3952 ============================================================ 18:08:09.0013 3952 Current date / time: 2012/03/14 18:08:09.0013 18:08:09.0013 3952 SystemInfo: 18:08:09.0013 3952 18:08:09.0013 3952 OS Version: 6.1.7601 ServicePack: 1.0 18:08:09.0013 3952 Product type: Workstation 18:08:09.0014 3952 ComputerName: DOUG-PC 18:08:09.0014 3952 UserName: dougg 18:08:09.0014 3952 Windows directory: C:\Windows 18:08:09.0014 3952 System windows directory: C:\Windows 18:08:09.0014 3952 Running under WOW64 18:08:09.0014 3952 Processor architecture: Intel x64 18:08:09.0014 3952 Number of processors: 4 18:08:09.0014 3952 Page size: 0x1000 18:08:09.0014 3952 Boot type: Normal boot 18:08:09.0014 3952 ============================================================ 18:08:23.0138 3952 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040 18:08:23.0141 3952 \Device\Harddisk0\DR0: 18:08:23.0150 3952 MBR used 18:08:23.0150 3952 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 18:08:23.0150 3952 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800 18:08:23.0170 3952 Initialize success 18:08:23.0170 3952 ============================================================ 18:08:59.0256 3888 ============================================================ 18:08:59.0256 3888 Scan started 18:08:59.0256 3888 Mode: Manual; SigCheck; TDLFS; 18:08:59.0256 3888 ============================================================ 18:09:03.0241 3888 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 18:09:03.0553 3888 1394ohci - ok 18:09:03.0789 3888 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 18:09:03.0808 3888 ACPI - ok 18:09:04.0019 3888 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 18:09:04.0393 3888 AcpiPmi - ok 18:09:04.0998 3888 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 18:09:05.0063 3888 adp94xx - ok 18:09:05.0167 3888 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 18:09:05.0255 3888 adpahci - ok 18:09:05.0539 3888 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 18:09:05.0613 3888 adpu320 - ok 18:09:05.0773 3888 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 18:09:05.0885 3888 AFD - ok 18:09:06.0092 3888 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 18:09:06.0111 3888 agp440 - ok 18:09:06.0250 3888 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 18:09:06.0309 3888 aliide - ok 18:09:06.0566 3888 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 18:09:06.0586 3888 amdide - ok 18:09:06.0782 3888 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 18:09:06.0896 3888 AmdK8 - ok 18:09:07.0226 3888 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 18:09:07.0307 3888 AmdPPM - ok 18:09:07.0599 3888 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 18:09:07.0644 3888 amdsata - ok 18:09:07.0946 3888 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 18:09:08.0012 3888 amdsbs - ok 18:09:08.0249 3888 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 18:09:08.0273 3888 amdxata - ok 18:09:08.0465 3888 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 18:09:09.0521 3888 AppID - ok 18:09:09.0733 3888 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 18:09:09.0761 3888 arc - ok 18:09:09.0835 3888 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 18:09:09.0861 3888 arcsas - ok 18:09:09.0896 3888 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 18:09:10.0991 3888 AsyncMac - ok 18:09:11.0206 3888 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 18:09:11.0217 3888 atapi - ok 18:09:11.0371 3888 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys 18:09:11.0410 3888 avgntflt - ok 18:09:11.0600 3888 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys 18:09:11.0615 3888 avipbb - ok 18:09:11.0870 3888 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 18:09:11.0974 3888 b06bdrv - ok 18:09:12.0167 3888 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 18:09:12.0255 3888 b57nd60a - ok 18:09:12.0397 3888 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 18:09:12.0451 3888 Beep - ok 18:09:12.0691 3888 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 18:09:12.0737 3888 blbdrive - ok 18:09:13.0084 3888 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 18:09:13.0163 3888 bowser - ok 18:09:13.0266 3888 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 18:09:13.0569 3888 BrFiltLo - ok 18:09:13.0806 3888 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 18:09:13.0828 3888 BrFiltUp - ok 18:09:13.0929 3888 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 18:09:14.0006 3888 Brserid - ok 18:09:14.0165 3888 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 18:09:14.0210 3888 BrSerWdm - ok 18:09:14.0387 3888 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 18:09:14.0429 3888 BrUsbMdm - ok 18:09:14.0695 3888 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 18:09:14.0790 3888 BrUsbSer - ok 18:09:14.0951 3888 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 18:09:14.0993 3888 BTHMODEM - ok 18:09:15.0175 3888 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 18:09:15.0273 3888 cdfs - ok 18:09:15.0524 3888 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 18:09:15.0593 3888 cdrom - ok 18:09:15.0849 3888 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 18:09:15.0880 3888 circlass - ok 18:09:15.0984 3888 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 18:09:16.0003 3888 CLFS - ok 18:09:16.0204 3888 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 18:09:16.0271 3888 CmBatt - ok 18:09:16.0365 3888 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 18:09:16.0398 3888 cmdide - ok 18:09:16.0521 3888 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 18:09:16.0586 3888 CNG - ok 18:09:16.0649 3888 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 18:09:16.0706 3888 Compbatt - ok 18:09:16.0805 3888 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 18:09:16.0866 3888 CompositeBus - ok 18:09:17.0042 3888 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 18:09:17.0082 3888 crcdisk - ok 18:09:17.0279 3888 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys 18:09:17.0414 3888 CSC - ok 18:09:17.0678 3888 DCamUSBEMPIA (b1c55a95006d621d04fe4a23f86c0a54) C:\Windows\system32\DRIVERS\emDevice64.sys 18:09:17.0740 3888 DCamUSBEMPIA - ok 18:09:17.0911 3888 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 18:09:17.0978 3888 DfsC - ok 18:09:18.0195 3888 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 18:09:18.0251 3888 discache - ok 18:09:18.0381 3888 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 18:09:18.0413 3888 Disk - ok 18:09:18.0646 3888 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 18:09:18.0724 3888 drmkaud - ok 18:09:18.0947 3888 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 18:09:18.0974 3888 DXGKrnl - ok 18:09:19.0536 3888 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system
  13. Thank you for responding. I've updated and I ran a new MBAM full scan. I havn't been using my computer lately becuase of the virus but when I was using it, when I tryed to search on google occasionally I would be redirected to mydomanadvisor.com. Also my computer has been slower opening websites. Scan Results: Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.14.01 Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking) Internet Explorer 8.0.7601.17514 dougg :: DOUG-PC [administrator] 3/13/2012 9:57:39 PM mbam-log-2012-03-13 (21-57-39).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 504015 Time elapsed: 49 minute(s), 21 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  14. Hi, I've been having the problem of sometimes getting redirected when I search on google. My internet seems to be slower than normal as well. I've tryed running malwarebytes along with a bunch of other adware/spyware removers. I've tried to maunelly remove the virus but I wasn't able to figure it out on my own. Thanks in advance for your help and here are the logs. Raddy . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31 Run by dougg at 18:58:17 on 2012-03-07 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2543 [GMT -5:00] . AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\WINDOWS\SYSTEM32\NVVSVC.EXE C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\SCHED.EXE C:\PROGRAM FILES\SUPERANTISPYWARE\SASCORE64.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\SysWOW64\svchost.exe -k Akamai C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE C:\PROGRA~2\MCAFEE\SITEAD~1\MCSACORE.EXE C:\PROGRAM FILES (X86)\SECUNIA\PSI\PSIA.EXE C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVXDSYNC.EXE C:\WINDOWS\SYSTEM32\NVVSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\VIRTUALIZATION HANDLER\CVHSVC.EXE C:\Program Files (x86)\Secunia\PSI\sua.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\WINDOWS\EXPLORER.EXE C:\Windows\PixArt\Pac207\Monitor.exe C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe C:\Users\dougg\AppData\Local\Akamai\netsession_win.exe C:\PROGRAM FILES (X86)\SKYPE\PHONE\SKYPE.EXE C:\PROGRAM FILES (X86)\UTORRENT\UTORRENT.EXE C:\USERS\DOUGG\APPDATA\LOCAL\AKAMAI\NETSESSION_WIN.EXE C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE C:\PROGRAM FILES (X86)\SECUNIA\PSI\PSI_TRAY.EXE C:\PROGRAM FILES (X86)\OPENOFFICE.ORG 3\PROGRAM\SOFFICE.EXE C:\PROGRAM FILES (X86)\OPENOFFICE.ORG 3\PROGRAM\SOFFICE.BIN C:\PROGRAM FILES (X86)\DEVICEVM\BROWSER CONFIGURATION UTILITY\BCU.EXE C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE C:\PROGRAM FILES (X86)\ITUNES\ITUNESHELPER.EXE C:\PROGRAMDATA\ANTI-PHISHING DOMAIN ADVISOR\VISICOM_ANTIPHISHING.EXE C:\PROGRAM FILES\IPOD\BIN\IPODSERVICE.EXE C:\WINDOWS\SYSTEM32\SEARCHINDEXER.EXE C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORUPDATE.EXE C:\PROGRAM FILES\NVIDIA CORPORATION\DISPLAY\NVTRAY.EXE C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE C:\PROGRAM FILES (X86)\NVIDIA CORPORATION\NVIDIA UPDATUS\DAEMONU.EXE C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGIN-CONTAINER.EXE C:\PROGRA~2\MCAFEE\SITEAD~1\SAUI.EXE C:\WINDOWS\SYSTEM32\DLLHOST.EXE C:\WINDOWS\SYSTEM32\DLLHOST.EXE C:\WINDOWS\SYSWOW64\CMD.EXE C:\WINDOWS\SYSTEM32\CONHOST.EXE C:\WINDOWS\SYSWOW64\CSCRIPT.EXE C:\WINDOWS\SYSTEM32\DLLHOST.EXE . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421; uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Updater For Spam Free Search Bar: {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll BHO: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll TB: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [AdobeBridge] uRun: [Dyyno Launcher] "C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" 30100 30101 30102 30103 30104 uRun: [Akamai NetSession Interface] "C:\Users\dougg\AppData\Local\Akamai\netsession_win.exe" uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED uRun: [sUPERAntiSpyware] C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe" StartupFolder: C:\Users\dougg\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{625DF876-5507-4C7E-A96B-FC08AA40C167} : DhcpNameServer = 192.168.1.1 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Updater For Spam Free Search Bar: {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll BHO-X64: Updater For Spam Free Search Bar - No File BHO-X64: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll BHO-X64: Spam Free Search Bar - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll TB-X64: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll TB-X64: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File mRun-x64: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe" . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\dougg\AppData\Roaming\Mozilla\Firefox\Profiles\xm5exn3q.default\ FF - prefs.js: browser.startup.homepage - about:home FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false ============= SERVICES / DRIVERS =============== . R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-6-23 136360] R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-6-23 269480] R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?] R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-6-23 219360] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 Dyyno Launcher;Dyyno Service;C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [2011-1-14 415072] R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2010-6-23 68136] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2012-2-25 103440] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-1-10 2214504] R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360] R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 sp_rsdrv2;Spyware Terminator Driver Filter;C:\Windows\system32\DRIVERS\stflt.sys --> C:\Windows\system32\DRIVERS\stflt.sys [?] R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [2012-1-9 1148632] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-6-7 240232] R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 PAC207;Webcam;C:\Windows\system32\DRIVERS\PFC027.SYS --> C:\Windows\system32\DRIVERS\PFC027.SYS [?] R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-6 704864] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-03-07 23:09:39 709968 ----a-w- C:\Windows\isRS-000.tmp 2012-03-06 03:32:34 -------- d-----w- C:\Users\dougg\.idlerc 2012-03-05 05:46:10 -------- d-----w- C:\Python27 2012-03-05 01:06:10 -------- d-----w- C:\Users\dougg\AppData\Roaming\SpeedyPC Software 2012-03-05 01:06:10 -------- d-----w- C:\Users\dougg\AppData\Roaming\DriverCure 2012-03-05 01:06:06 -------- d-----w- C:\ProgramData\SpeedyPC Software 2012-03-05 01:06:06 -------- d-----w- C:\Program Files (x86)\SpeedyPC Software 2012-03-05 01:06:06 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedyPC Software 2012-03-04 19:16:06 -------- d-----w- C:\Users\dougg\AppData\Roaming\SUPERAntiSpyware.com 2012-03-04 19:14:50 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2012-03-04 19:14:49 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2012-03-03 08:30:40 -------- d-----w- C:\Users\dougg\AppData\Local\blekkotb 2012-03-03 08:30:38 -------- d-----w- C:\ProgramData\Anti-phishing Domain Advisor 2012-03-03 08:30:24 -------- d-----w- C:\Program Files (x86)\GRETECH 2012-03-03 08:30:03 -------- d-----w- C:\Program Files (x86)\blekkotb 2012-02-26 03:28:11 -------- d-----w- C:\Program Files (x86)\VideoLAN 2012-02-21 04:26:54 -------- d-----w- C:\Program Files (x86)\uTorrent 2012-02-21 04:26:03 -------- d-----w- C:\Users\dougg\AppData\Roaming\uTorrent 2012-02-18 17:17:40 -------- d-----w- C:\Program Files\iTunes 2012-02-18 17:17:40 -------- d-----w- C:\Program Files\iPod 2012-02-18 17:17:40 -------- d-----w- C:\Program Files (x86)\iTunes 2012-02-15 03:27:18 509952 ----a-w- C:\Windows\System32\ntshrui.dll 2012-02-15 03:27:18 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll 2012-02-15 03:27:16 515584 ----a-w- C:\Windows\System32\timedate.cpl 2012-02-15 03:27:16 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl 2012-02-15 03:27:15 3145728 ----a-w- C:\Windows\System32\win32k.sys 2012-02-15 03:27:13 498688 ----a-w- C:\Windows\System32\drivers\afd.sys 2012-02-15 03:27:07 634880 ----a-w- C:\Windows\System32\msvcrt.dll 2012-02-15 03:27:06 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll 2012-02-11 07:24:03 -------- d-----w- C:\Users\dougg\AppData\Roaming\Adobe Mini Bridge CS5.1 . ==================== Find3M ==================== . 2012-03-07 23:47:10 25640 ----a-w- C:\Windows\gdrv.sys 2012-02-17 21:18:52 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-02-17 20:41:23 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-01-10 23:05:45 175616 ----a-w- C:\Windows\System32\msclmd.dll 2012-01-10 23:05:45 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2012-01-10 02:18:07 51496 ----a-w- C:\Windows\System32\drivers\stflt.sys 2011-12-16 08:47:38 1188864 ----a-w- C:\Windows\System32\wininet.dll 2011-12-16 07:54:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-12-16 06:44:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-12-16 06:09:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys . ============= FINISH: 18:59:06.82 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 6/23/2010 7:45:11 PM System Uptime: 3/7/2012 6:46:34 PM (0 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | GA-770T-USB3 Processor: AMD Athlon™ II X4 635 Processor | Socket M2 | 2900/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 931 GiB total, 656.831 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP263: 2/17/2012 4:17:25 PM - Installed Java™ 6 Update 31 RP264: 2/28/2012 5:08:45 PM - Scheduled Checkpoint RP265: 3/5/2012 12:44:57 AM - Installed Python 2.7.2 . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) µTorrent Adobe AIR Adobe Community Help Adobe Download Assistant Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Media Player Adobe Photoshop CS5.1 Adobe Reader X (10.1.2) Adobe Shockwave Player 11.6 Age of Empires III AIM 7 Akamai NetSession Interface Akamai NetSession Interface Service Anti-phishing Domain Advisor Apple Application Support Apple Software Update Avira AntiVir Personal - Free Antivirus Browser Configuration Utility Counter-Strike: Source Curse Client Download Updater (AOL LLC) Dyyno Broadcaster EasyBits GO EasySaver B9.1214.1 FFmpeg for Audacity on Windows Fraps GOM Player GOMTV Streamer IC 435C Webcam Java Auto Updater Java™ 6 Update 31 Junk Mail filter update Killing Floor Knoll Light Factory EZ Studio League of Legends Left 4 Dead 2 Malwarebytes Anti-Malware version 1.60.1.1000 McAfee Security Scan Plus McAfee SiteAdvisor Microsoft Choice Guard Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Click-to-Run 2010 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2010 - English Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 Mozilla Firefox 10.0.2 (x86 en-US) MSVCRT MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser (KB973685) NEC Electronics USB 3.0 Host Controller Driver NVIDIA PhysX NVIDIA Stereoscopic 3D Driver OpenAL OpenOffice.org 3.3 Pando Media Booster PDF Settings CS5 Pinnacle Studio 14 Pinnacle Studio Ultimate Plugins Puzzle Quest Python 2.7.2 QuickTime Realtek Ethernet Controller Driver For Windows Vista and Later Realtek High Definition Audio Driver Red Giant ToonIt Studio Secunia PSI (2.0.0.4003) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Skype Click to Call Skype™ 5.8 Spam Free Search Bar SpeedyPC Pro Spyware Terminator 2012 Star Wars: The Old Republic StarCraft II Steam swMSM Team Fortress 2 The Polynomial Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 (KB974631) Update for Microsoft Office Word 2007 Help (KB963665) VLC media player 2.0.0 Vtune 7.6 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer World of Warcraft . ==== Event Viewer Messages From Past Week ======== . 3/7/2012 6:48:38 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143. 3/7/2012 6:47:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom 3/7/2012 6:47:13 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 3/7/2012 6:47:11 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 3/7/2012 6:47:10 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 3/7/2012 6:47:10 PM, Error: Service Control Manager [7000] - The TBPanel service failed to start due to the following error: The system cannot find the file specified. 3/7/2012 6:25:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service lltdsvc with arguments "" in order to run the server: {5BF9AA75-D7FF-4AEE-AA2C-96810586456D} 3/7/2012 6:25:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 3/7/2012 6:25:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 3/7/2012 6:12:58 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 3/7/2012 6:12:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C} 3/7/2012 6:11:12 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 3/7/2012 6:11:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 3/7/2012 6:11:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 3/7/2012 6:11:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 3/7/2012 6:11:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 3/7/2012 6:10:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B} 3/7/2012 6:10:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb cdrom discache SASDIFSV SASKUTIL spldr Wanarpv6 3/7/2012 6:10:58 PM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 3/7/2012 6:10:58 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 3/7/2012 6:10:58 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start. 3/4/2012 5:53:26 PM, Error: cdrom [15] - The device, \Device\CdRom0, is not ready for access yet. 3/4/2012 5:53:26 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort3. 3/4/2012 5:03:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C} 3/4/2012 5:00:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb discache SASDIFSV SASKUTIL spldr Wanarpv6 3/4/2012 11:47:33 AM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0. 3/3/2012 2:23:24 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.100 with the system having network hardware address 00-0D-4B-6B-AE-65. Network operations on this system may be disrupted as a result. . ==== End Of File =========================== Bump