rdy4trvl

Malware.Packer.Gen & Trojan.Agent are not removed

14 posts in this topic

After running Malwarebytes, removing the malicious software and restarting the problem item reappears. I'm not sure but it seems to add one set of Malware.Packer.Gen and Trojan.Agent each time the computer starts.

There are no apparent operating issues - computer seems (!!!) to be running fine (and probably sending all my data to some hacker in a foreign land....or to the neighbor next door).

Any Suggestions?

Malwarebytes returns these two lines after a full analysis:

Malware.Packer.Gen C:\........Temp\_MEI20163\IPHLPAPI.DLL

Trojan.Agent C:\........Temp\_MEI20163\kernel32.dll

DDS and Attach files are attached.

Thanks

dds.txt

attach.txt

Share this post


Link to post
Share on other sites

Hello rdy4trvl! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

I want to see the log file, so proceed with the next step, but is very important those and every step after to be executed in Normal mode, not in Safe Mode.

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file

Share this post


Link to post
Share on other sites

The infection continues. DDS and Log are pasted below.

Thanks again for your assistance.

DDS:

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31

Run by Doug at 9:59:45 on 2012-04-10

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.1645 [GMT -7:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe

C:\Program Files\FolderSize\FolderSizeSvc.exe

C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe

C:\PROGRA~1\WinTV\TVServer\HAUPPA~1.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\isuspm.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\V0230Mon.exe

C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe

C:\Program Files\DisplayFusion\DisplayFusion.exe

C:\Program Files\Stardock\CursorFX\CursorFX.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe

C:\Program Files\Schwab\StreetSmart Edge\QuickLaunch.exe

C:\Documents and Settings\Doug\Application Data\BTLive\BTLive.exe

C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe

C:\Program Files\Evernote\Evernote\EvernoteClipper.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Schwab\StreetSmart Edge\SSEdge.exe

C:\Program Files\Texter\texter.exe

C:\Documents and Settings\Doug\Application Data\BTLive\BTLive.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe

C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\FOXIT READER.EXE

C:\WINDOWS\System32\vssvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\dllhost.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://blekko.com?source=c3348dd4&tbp=homepage&toolbarid=blekkotb&u=2012033132B64C498B125D11813D8C71

uSearch Page = hxxp://www.google.com

uWindow Title = Internet Explorer, optimized for Bing and MSN

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Updater For Spam Free Search Bar: {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - c:\program files\blekkotb\auxi\blekkoAu.dll

BHO: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - c:\program files\blekkotb\blekkoDx.dll

BHO: bxNewFolder: {51c8bca8-2524-4523-bf09-738c4eebfc58} - c:\progra~1\bxnewf~1\BXNEWF~1.DLL

BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll

BHO: Do Not Track Plus: {6e45f3e8-2683-4824-a6be-08108022fb36} - c:\program files\donottrackplus\ScriptHost.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll

BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\documents and settings\all users\application data\wecarereminder\IEHelperv2.5.0.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: @c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll

TB: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - c:\program files\blekkotb\blekkoDx.dll

uRun: [Google Update] "c:\documents and settings\doug\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe"

uRun: [DriverMax]

uRun: [DriverMax_RESTART]

uRun: [CursorFX] "c:\program files\stardock\cursorfx\CursorFX.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Eye-Fi] "c:\program files\eye-fi\helper\EyeFiHelper.exe"

uRun: [QuickLaunch] c:\program files\schwab\streetsmart edge\QuickLaunch.exe

uRun: [bTLive] c:\documents and settings\doug\application data\btlive\BTLive.exe

uRun: [Gadwin PrintScreen] c:\program files\gadwin systems\printscreen\PrintScreen.exe /nosplash

mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [iSUSPM] c:\documents and settings\all users\application data\flexnet\connect\11\\isuspm.exe -scheduler

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [V0230Mon.exe] c:\windows\V0230Mon.exe

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [PPort9reminder] "c:\program files\scansoft\paperport\webereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\9\config\ereg.ini"

mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Anti-phishing Domain Advisor] "c:\documents and settings\all users\application data\anti-phishing domain advisor\visicom_antiphishing.exe"

StartupFolder: c:\docume~1\doug\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe

StartupFolder: c:\docume~1\doug\startm~1\programs\startup\google~1.lnk - c:\documents and settings\doug\local settings\application data\google\chrome\application\chrome.exe

StartupFolder: c:\docume~1\doug\startm~1\programs\startup\street~1.lnk - c:\program files\schwab\streetsmart edge\SSEdge.exe

StartupFolder: c:\docume~1\doug\startm~1\programs\startup\texter.lnk - c:\program files\texter\texter.exe

IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204

IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000

IE: Open with PDF Viewer 7 - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {6E45F3E8-2683-4824-A6BE-08108022FB36} - {23249465-AA46-4DED-BD4B-8EFB20F968FE} - c:\program files\donottrackplus\ScriptHost.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL

DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{16150EFA-70A3-4B53-A838-A00B76325BEC} : DhcpNameServer = 75.75.75.75 75.75.76.76

Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\doug\application data\mozilla\firefox\profiles\m6wpu69h.default\

FF - prefs.js: browser.search.selectedEngine - Blekko

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=3&src=sp&cf=d155aae0-432c-11e1-87cf-00219b1372e1&q=

FF - plugin: c:\documents and settings\doug\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\doug\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\doug\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\nuance\pdf viewer plus\bin\nppdf.dll

.

============= SERVICES / DRIVERS ===============

.

R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2012-2-29 50312]

R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2012-2-29 43784]

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-10-22 14776]

R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2012-2-29 16008]

R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2012-2-29 185864]

R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\bluestacks\HD-Hypervisor-x86.sys [2012-3-28 66912]

R2 EaseUS Agent;EaseUS Agent;c:\program files\easeus\todo backup\bin\Agent.exe [2012-2-29 61064]

R2 Guard Agent;Guard Agent;c:\program files\easeus\todo backup\bin\GuardAgent.exe [2012-2-29 23176]

R2 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\wintv\tvserver\HAUPPA~1.EXE [2011-10-22 602624]

R3 cpuz135;cpuz135;\??\c:\windows\temp\cpuz135\cpuz135_x32.sys --> c:\windows\temp\cpuz135\cpuz135_x32.sys [?]

R3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\drivers\hcw72ADFilter.sys [2011-10-22 28928]

R3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\drivers\hcw72ATV.sys [2011-10-22 1217920]

R3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\drivers\hcw72DTV.sys [2011-10-22 1220224]

R3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [2006-3-24 6272]

R3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [2006-9-29 500480]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S0 cerc6;cerc6; [x]

S0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2012-3-23 51144]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]

S2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2012-3-20 571936]

S3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\bluestacks\HD-Service.exe [2012-3-28 401760]

S3 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\bluestacks\HD-LogRotatorService.exe [2012-3-28 385376]

S3 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 cpuz134;cpuz134;c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys [2011-10-22 20328]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-10-22 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-10-22 8456]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-10-22 30192]

.

=============== Created Last 30 ================

.

2012-04-09 03:46:54 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll

2012-04-09 03:46:54 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll

2012-04-02 04:47:53 -------- d-----w- C:\4-1-2012

2012-03-31 00:17:17 -------- d-----w- C:\VMS

2012-03-31 00:06:32 -------- d-----w- c:\documents and settings\doug\local settings\application data\blekkotb

2012-03-31 00:06:32 -------- d-----w- c:\documents and settings\all users\application data\Anti-phishing Domain Advisor

2012-03-31 00:06:24 -------- d-----w- c:\documents and settings\doug\application data\blekkotb

2012-03-31 00:06:23 -------- d-----w- c:\program files\blekkotb

2012-03-30 03:56:29 -------- d-----w- c:\windows\pss

2012-03-30 02:40:25 -------- d-----w- c:\windows\system32\LogFiles

2012-03-30 02:35:42 -------- d-----w- c:\program files\BlueStacks

2012-03-30 02:35:42 -------- d-----w- c:\documents and settings\all users\application data\BlueStacks

2012-03-30 02:03:28 -------- d-----w- c:\documents and settings\doug\local settings\application data\BlueStacksSetup

2012-03-30 02:03:27 -------- d-----w- c:\documents and settings\doug\local settings\application data\BlueStacks

2012-03-29 17:58:27 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-03-29 17:58:27 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2012-03-26 21:11:39 -------- d--h--w- c:\windows\system32\GroupPolicy

2012-03-26 21:03:05 -------- d-----w- c:\documents and settings\doug\local settings\application data\APN

2012-03-26 21:02:45 -------- d-----w- c:\documents and settings\all users\application data\Avira

2012-03-23 14:16:59 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys

2012-03-23 14:16:53 -------- d-----w- c:\program files\Soluto

2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr

.

==================== Find3M ====================

.

2012-03-29 17:57:46 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-08 17:00:24 60304 ----a-w- c:\documents and settings\doug\g2mdlhlpx.exe

2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-23 15:19:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll

.

============= FINISH: 10:00:12.59 ===============

Log

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.04.08.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Doug :: DOUG-7C388E4B75 [administrator]

4/10/2012 8:44:47 AM

mbam-log-2012-04-10 (08-44-47).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 202676

Time elapsed: 10 minute(s), 16 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 4

C:\Documents and Settings\Doug\Local Settings\Temp\_MEI21442\IPHLPAPI.DLL (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Doug\Local Settings\Temp\_MEI21442\kernel32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Doug\Local Settings\Temp\_MEI28682\IPHLPAPI.DLL (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Doug\Local Settings\Temp\_MEI28682\kernel32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

Share this post


Link to post
Share on other sites

Please strictly follow my instructions. Your database is still out-of-date:

Database version: v2012.04.08.01

Share this post


Link to post
Share on other sites

Sorry, second try with updated db version. LOG and DDS follows:

LOG

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.10.09

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Doug :: DOUG-7C388E4B75 [administrator]

4/10/2012 12:11:49 PM

mbam-log-2012-04-10 (12-11-49).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 203036

Time elapsed: 10 minute(s), 19 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Documents and Settings\Doug\Local Settings\Temp\_MEI5922\IPHLPAPI.DLL (Malware.Packer.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Doug\Local Settings\Temp\_MEI5922\kernel32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

DDS

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31

Run by Doug at 17:24:40 on 2012-04-10

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.1934 [GMT -7:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Soluto\soluto.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe

C:\Program Files\FolderSize\FolderSizeSvc.exe

C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe

C:\PROGRA~1\WinTV\TVServer\HAUPPA~1.EXE

C:\Program Files\Soluto\SolutoService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\isuspm.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\V0230Mon.exe

C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe

C:\Program Files\DisplayFusion\DisplayFusion.exe

C:\Program Files\Stardock\CursorFX\CursorFX.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Eye-Fi\Helper\EyeFiHelper.exe

C:\Program Files\Schwab\StreetSmart Edge\QuickLaunch.exe

C:\Documents and Settings\Doug\Application Data\BTLive\BTLive.exe

C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe

C:\Program Files\Evernote\Evernote\EvernoteClipper.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Schwab\StreetSmart Edge\SSEdge.exe

C:\Program Files\Texter\texter.exe

C:\Documents and Settings\Doug\Application Data\BTLive\BTLive.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://blekko.com?source=c3348dd4&tbp=homepage&toolbarid=blekkotb&u=2012033132B64C498B125D11813D8C71

uSearch Page = hxxp://www.google.com

uWindow Title = Internet Explorer, optimized for Bing and MSN

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Updater For Spam Free Search Bar: {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - c:\program files\blekkotb\auxi\blekkoAu.dll

BHO: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - c:\program files\blekkotb\blekkoDx.dll

BHO: bxNewFolder: {51c8bca8-2524-4523-bf09-738c4eebfc58} - c:\progra~1\bxnewf~1\BXNEWF~1.DLL

BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll

BHO: Do Not Track Plus: {6e45f3e8-2683-4824-a6be-08108022fb36} - c:\program files\donottrackplus\ScriptHost.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll

BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\documents and settings\all users\application data\wecarereminder\IEHelperv2.5.0.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: @c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll

TB: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - c:\program files\blekkotb\blekkoDx.dll

uRun: [Google Update] "c:\documents and settings\doug\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe"

uRun: [DriverMax]

uRun: [DriverMax_RESTART]

uRun: [CursorFX] "c:\program files\stardock\cursorfx\CursorFX.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Eye-Fi] "c:\program files\eye-fi\helper\EyeFiHelper.exe"

uRun: [QuickLaunch] c:\program files\schwab\streetsmart edge\QuickLaunch.exe

uRun: [bTLive] c:\documents and settings\doug\application data\btlive\BTLive.exe

uRun: [Gadwin PrintScreen] c:\program files\gadwin systems\printscreen\PrintScreen.exe /nosplash

mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [iSUSPM] c:\documents and settings\all users\application data\flexnet\connect\11\\isuspm.exe -scheduler

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [V0230Mon.exe] c:\windows\V0230Mon.exe

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [PPort9reminder] "c:\program files\scansoft\paperport\webereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\9\config\ereg.ini"

mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Anti-phishing Domain Advisor] "c:\documents and settings\all users\application data\anti-phishing domain advisor\visicom_antiphishing.exe"

StartupFolder: c:\docume~1\doug\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe

StartupFolder: c:\docume~1\doug\startm~1\programs\startup\google~1.lnk - c:\documents and settings\doug\local settings\application data\google\chrome\application\chrome.exe

StartupFolder: c:\docume~1\doug\startm~1\programs\startup\street~1.lnk - c:\program files\schwab\streetsmart edge\SSEdge.exe

StartupFolder: c:\docume~1\doug\startm~1\programs\startup\texter.lnk - c:\program files\texter\texter.exe

IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204

IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000

IE: Open with PDF Viewer 7 - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {6E45F3E8-2683-4824-A6BE-08108022FB36} - {23249465-AA46-4DED-BD4B-8EFB20F968FE} - c:\program files\donottrackplus\ScriptHost.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL

DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{16150EFA-70A3-4B53-A838-A00B76325BEC} : DhcpNameServer = 75.75.75.75 75.75.76.76

Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\doug\application data\mozilla\firefox\profiles\m6wpu69h.default\

FF - prefs.js: browser.search.selectedEngine - Blekko

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=3&src=sp&cf=d155aae0-432c-11e1-87cf-00219b1372e1&q=

FF - plugin: c:\documents and settings\doug\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\doug\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\doug\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\nuance\pdf viewer plus\bin\nppdf.dll

.

============= SERVICES / DRIVERS ===============

.

R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2012-2-29 50312]

R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2012-2-29 43784]

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-10-22 14776]

R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2012-3-23 51144]

R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2012-2-29 16008]

R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2012-2-29 185864]

R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\bluestacks\HD-Hypervisor-x86.sys [2012-3-28 66912]

R2 EaseUS Agent;EaseUS Agent;c:\program files\easeus\todo backup\bin\Agent.exe [2012-2-29 61064]

R2 Guard Agent;Guard Agent;c:\program files\easeus\todo backup\bin\GuardAgent.exe [2012-2-29 23176]

R2 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\wintv\tvserver\HAUPPA~1.EXE [2011-10-22 602624]

R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2012-3-20 571936]

R3 cpuz135;cpuz135;\??\c:\windows\temp\cpuz135\cpuz135_x32.sys --> c:\windows\temp\cpuz135\cpuz135_x32.sys [?]

R3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\drivers\hcw72ADFilter.sys [2011-10-22 28928]

R3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\drivers\hcw72ATV.sys [2011-10-22 1217920]

R3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\drivers\hcw72DTV.sys [2011-10-22 1220224]

R3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [2006-3-24 6272]

R3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [2006-9-29 500480]

S0 cerc6;cerc6; [x]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]

S3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\bluestacks\HD-Service.exe [2012-3-28 401760]

S3 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\bluestacks\HD-LogRotatorService.exe [2012-3-28 385376]

S3 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 cpuz134;cpuz134;c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys [2011-10-22 20328]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-10-22 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-10-22 8456]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-10-22 30192]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-10 40776]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-04-10 19:11:05 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-04-09 03:46:54 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll

2012-04-09 03:46:54 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll

2012-04-02 04:47:53 -------- d-----w- C:\4-1-2012

2012-03-31 00:17:17 -------- d-----w- C:\VMS

2012-03-31 00:06:32 -------- d-----w- c:\documents and settings\doug\local settings\application data\blekkotb

2012-03-31 00:06:32 -------- d-----w- c:\documents and settings\all users\application data\Anti-phishing Domain Advisor

2012-03-31 00:06:24 -------- d-----w- c:\documents and settings\doug\application data\blekkotb

2012-03-31 00:06:23 -------- d-----w- c:\program files\blekkotb

2012-03-30 03:56:29 -------- d-----w- c:\windows\pss

2012-03-30 02:40:25 -------- d-----w- c:\windows\system32\LogFiles

2012-03-30 02:35:42 -------- d-----w- c:\program files\BlueStacks

2012-03-30 02:35:42 -------- d-----w- c:\documents and settings\all users\application data\BlueStacks

2012-03-30 02:03:28 -------- d-----w- c:\documents and settings\doug\local settings\application data\BlueStacksSetup

2012-03-30 02:03:27 -------- d-----w- c:\documents and settings\doug\local settings\application data\BlueStacks

2012-03-29 17:58:27 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-03-29 17:58:27 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2012-03-26 21:11:39 -------- d--h--w- c:\windows\system32\GroupPolicy

2012-03-26 21:03:05 -------- d-----w- c:\documents and settings\doug\local settings\application data\APN

2012-03-26 21:02:45 -------- d-----w- c:\documents and settings\all users\application data\Avira

2012-03-23 14:16:59 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys

2012-03-23 14:16:53 -------- d-----w- c:\program files\Soluto

2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr

.

==================== Find3M ====================

.

2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-29 17:57:46 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-08 17:00:24 60304 ----a-w- c:\documents and settings\doug\g2mdlhlpx.exe

2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-23 15:19:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

============= FINISH: 17:28:53.12 ===============

Share this post


Link to post
Share on other sites

Step 1

Please uninstall the following applications:

BitTorrent Live - It is against our policy. Take a look here

StartSearch Toolbar 1.3

Step 2

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Share this post


Link to post
Share on other sites

Details of ComboFix follow. The program did ask that no programs start after it rebooted. I have two programs that start with each reboot - Google Chrome and a program called StreetSmartEdge....plus, probably plenty behind the scenes. I'm unsure if they had any impact. Thanks again for your assistance.

ComboFix 12-04-11.03 - Doug 04/11/2012 8:05.1.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2369 [GMT -7:00]

Running from: c:\documents and settings\Doug\My Documents\Downloads\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\Tarma Installer

c:\documents and settings\All Users\Application Data\Tarma Installer\{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}\_Setup.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}\Setup.dat

c:\documents and settings\All Users\Application Data\Tarma Installer\{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}\Setup.exe

c:\documents and settings\All Users\Application Data\Tarma Installer\{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}\Setup.ico

c:\documents and settings\All Users\Application Data\Tarma Installer\{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}\TsuDll.dll

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Doug\g2mdlhlpx.exe

c:\windows\system32\ccrpTmr6.dll

c:\windows\system32\SET104.tmp

c:\windows\system32\SET10E.tmp

c:\windows\system32\SET116.tmp

c:\windows\system32\SET129.tmp

c:\windows\system32\SET143.tmp

c:\windows\system32\SET150.tmp

c:\windows\system32\SET197.tmp

c:\windows\system32\SET1A8.tmp

c:\windows\system32\SETB3.tmp

c:\windows\system32\SETBB.tmp

c:\windows\system32\SETC1.tmp

c:\windows\system32\SETEF.tmp

c:\windows\system32\SETFD.tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-03-11 to 2012-04-11 )))))))))))))))))))))))))))))))

.

.

2012-04-09 03:46 . 2012-04-09 03:46 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll

2012-04-09 03:46 . 2012-04-09 03:46 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll

2012-04-02 04:47 . 2012-04-02 04:55 -------- d-----w- C:\4-1-2012

2012-03-31 00:17 . 2012-03-31 00:17 -------- d-----w- C:\VMS

2012-03-31 00:16 . 2012-03-31 00:19 -------- d-----w- c:\documents and settings\VMS

2012-03-31 00:06 . 2012-04-11 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor

2012-03-31 00:06 . 2012-03-31 00:06 -------- d-----w- c:\documents and settings\Doug\Local Settings\Application Data\blekkotb

2012-03-31 00:06 . 2012-04-02 20:47 -------- d-----w- c:\documents and settings\Doug\Application Data\blekkotb

2012-03-31 00:06 . 2012-03-31 00:06 -------- d-----w- c:\program files\blekkotb

2012-03-30 02:40 . 2012-03-30 02:40 -------- d-----w- c:\windows\system32\LogFiles

2012-03-30 02:35 . 2012-03-30 02:35 -------- d-----w- c:\program files\BlueStacks

2012-03-30 02:35 . 2012-03-30 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\BlueStacks

2012-03-30 02:03 . 2012-04-01 21:32 -------- d-----w- c:\documents and settings\Doug\Local Settings\Application Data\BlueStacks

2012-03-29 17:58 . 2012-03-29 17:58 -------- d-----w- c:\program files\Common Files\Java

2012-03-29 17:58 . 2012-03-29 17:57 476904 ----a-w- c:\program files\Mozilla Firefox\Plugins\npdeployJava1.dll

2012-03-29 17:58 . 2012-03-29 17:57 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-03-28 18:44 . 2012-03-28 18:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2012-03-26 21:11 . 2012-03-26 21:11 -------- d--h--w- c:\windows\system32\GroupPolicy

2012-03-26 21:03 . 2012-03-26 21:03 -------- d-----w- c:\documents and settings\Doug\Local Settings\Application Data\APN

2012-03-26 21:02 . 2012-03-30 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2012-03-23 14:16 . 2012-03-20 18:52 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys

2012-03-23 14:16 . 2012-03-23 14:17 -------- d-----w- c:\program files\Soluto

2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr

2012-03-20 19:59 . 2012-03-20 19:59 -------- d-----w- c:\program files\Common Files\Skype

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-04 22:56 . 2011-10-23 05:19 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-29 17:57 . 2011-10-23 05:26 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-03 09:22 . 2008-04-14 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-31 12:44 . 2011-10-23 04:53 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-23 15:19 . 2011-10-23 05:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-09 03:46 . 2011-10-23 05:19 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-10-23 05:21 . 2011-10-23 05:21 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6}]

2012-01-17 19:28 262312 ----a-w- c:\program files\blekkotb\auxi\blekkoAu.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]

2012-01-17 19:28 86696 ----a-w- c:\program files\blekkotb\blekkoDx.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{26c9e18c-3717-4be1-a225-04e4471f5b6e}"= "c:\program files\blekkotb\blekkoDx.dll" [2012-01-17 86696]

.

[HKEY_CLASSES_ROOT\clsid\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2011-03-04 03:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2011-03-04 03:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2011-03-04 03:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DisplayFusion"="c:\program files\DisplayFusion\DisplayFusion.exe" [2011-10-03 2456992]

"CursorFX"="c:\program files\Stardock\CursorFX\CursorFX.exe" [2010-03-23 417280]

"Eye-Fi"="c:\program files\Eye-Fi\Helper\EyeFiHelper.exe" [2011-12-22 3961464]

"QuickLaunch"="c:\program files\Schwab\StreetSmart Edge\QuickLaunch.exe" [2012-01-19 12288]

"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2011-05-03 487424]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\\isuspm.exe" [2010-05-21 324976]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"RTHDCPL"="RTHDCPL.EXE" [2007-12-20 16860672]

"V0230Mon.exe"="c:\windows\V0230Mon.exe" [2006-09-07 32768]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]

"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"PPort9reminder"="c:\program files\ScanSoft\PaperPort\WebEreg\Ereg.exe" [2003-01-27 729088]

"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-01-17 232616]

.

c:\documents and settings\Doug\Start Menu\Programs\Startup\

EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112]

Google Chrome 9-10-11.lnk - c:\documents and settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe [2011-12-18 1224176]

StreetSmart Edge.lnk - c:\program files\Schwab\StreetSmart Edge\SSEdge.exe [2011-10-23 75776]

Texter.lnk - c:\program files\Texter\texter.exe [2007-11-6 377303]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2011-09-27 15:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]

2011-12-26 21:06 743560 ----a-w- c:\program files\EASEUS\Todo Backup\bin\TrayNotify.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]

2011-12-23 07:09 70792 ----a-w- c:\program files\EASEUS\Todo Backup\bin\EuWatch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2011-10-23 05:21 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2011-05-10 09:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]

2003-02-27 10:40 40960 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-11-13 08:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]

2003-02-27 10:12 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFProHook]

2011-07-01 08:07 607592 ----a-w- c:\program files\Nuance\PDF Viewer Plus\PdfPro7Hook.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2012-02-29 16:20 17151624 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\Program Files\\WinTV\\WinTV7\\WinTV7.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\OpenPhotoBooth\\opb_gui.exe"=

"c:\\Program Files\\Eye-Fi\\Helper\\EyeFiHelper.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=

"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=

"c:\\Documents and Settings\\Doug\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\EASEUS\\Todo Backup\\bin\\Agent.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Soluto\\Soluto.exe"=

"c:\\Program Files\\Soluto\\SolutoService.exe"=

"c:\\Program Files\\Soluto\\SolutoConsole.exe"=

"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=

.

R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2/29/2012 6:41 PM 50312]

R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2/29/2012 6:41 PM 43784]

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [10/22/2011 10:22 PM 14776]

R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [3/23/2012 7:16 AM 51144]

R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2/29/2012 6:41 PM 16008]

R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2/29/2012 6:41 PM 185864]

R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [3/28/2012 9:21 PM 66912]

R2 EaseUS Agent;EaseUS Agent;c:\program files\EASEUS\Todo Backup\bin\Agent.exe [2/29/2012 6:39 PM 61064]

R2 Guard Agent;Guard Agent;c:\program files\EASEUS\Todo Backup\bin\GuardAgent.exe [2/29/2012 6:39 PM 23176]

R2 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\WinTV\TVServer\HAUPPA~1.EXE [10/22/2011 10:28 PM 602624]

R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [3/20/2012 12:08 PM 571936]

R3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\drivers\hcw72ADFilter.sys [10/22/2011 10:25 PM 28928]

R3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\drivers\hcw72ATV.sys [10/22/2011 10:24 PM 1217920]

R3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\drivers\hcw72DTV.sys [10/22/2011 10:24 PM 1220224]

R3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [3/24/2006 2:00 AM 6272]

R3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [9/29/2006 2:01 AM 500480]

S0 cerc6;cerc6; [x]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/29/2012 9:16 AM 158856]

S3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe [3/28/2012 9:21 PM 401760]

S3 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [3/28/2012 9:21 PM 385376]

S3 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [10/22/2011 10:33 PM 20328]

S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [10/22/2011 10:27 PM 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [10/22/2011 10:27 PM 8456]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/22/2011 10:21 PM 30192]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-08 c:\windows\Tasks\AdobeAAMUpdater-1.0-DOUG-7C388E4B75-Doug.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-12-30 01:42]

.

2012-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]

.

2012-04-10 c:\windows\Tasks\At1.job

- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 04:12]

.

2012-04-11 c:\windows\Tasks\At2.job

- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 04:12]

.

2012-04-11 c:\windows\Tasks\At3.job

- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 04:12]

.

2012-04-10 c:\windows\Tasks\At4.job

- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 04:12]

.

2012-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-343818398-1801674531-1003Core.job

- c:\documents and settings\Doug\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-23 04:49]

.

2012-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-343818398-1801674531-1003UA.job

- c:\documents and settings\Doug\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-23 04:49]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://blekko.com?source=c3348dd4&tbp=homepage&toolbarid=blekkotb&u=2012033132B64C498B125D11813D8C71

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204

IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: Open with PDF Viewer 7 - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

FF - ProfilePath - c:\documents and settings\Doug\Application Data\Mozilla\Firefox\Profiles\m6wpu69h.default\

FF - prefs.js: browser.search.selectedEngine - Blekko

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=3&src=sp&cf=d155aae0-432c-11e1-87cf-00219b1372e1&q=

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-DriverMax - (no file)

HKCU-Run-DriverMax_RESTART - (no file)

HKCU-Run-BTLive - c:\documents and settings\Doug\Application Data\BTLive\BTLive.exe

AddRemove-{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{52357~1\Setup.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-11 08:11

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(768)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(1976)

c:\windows\system32\WININET.dll

c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.dll

c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

c:\program files\DisplayFusion\Hooks\AppHookx86_E9464B29-24CC-4807-9B39-7F16C319BC61.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\program files\Stardock\CursorFX\CurXP0.dll

c:\windows\system32\webcheck.dll

c:\program files\Stardock\Fences\FencesMenu.dll

c:\program files\stardock\fences\DesktopDock.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\FolderSize\FolderSizeSvc.exe

c:\progra~1\WinTV\TVServer\CAPTUR~4.EXE

c:\program files\Canon\CAL\CALMAIN.exe

c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe

c:\windows\system32\wscntfy.exe

c:\program files\ATI Technologies\ATI.ACE\CLI.EXE

c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\isuspm.exe

c:\windows\RTHDCPL.EXE

c:\program files\ATI Technologies\ATI.ACE\cli.exe

.

**************************************************************************

.

Completion time: 2012-04-11 08:19:21 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-11 15:19

.

Pre-Run: 105,221,828,608 bytes free

Post-Run: 117,649,440,768 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 84142643B8FB21786CD22C4E6D3E2698

Share this post


Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\documents and settings\Doug\Local Settings\Application Data\blekkotb
c:\documents and settings\Doug\Application Data\blekkotb
c:\program files\blekkotb

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]
[-HKEY_CLASSES_ROOT\clsid\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{26c9e18c-3717-4be1-a225-04e4471f5b6e}"=-

FireFox::
FF - ProfilePath - c:\documents and settings\Doug\Application Data\Mozilla\Firefox\Profiles\m6wpu69h.default\
FF - prefs.js: browser.search.selectedEngine - Blekko
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=3&src=sp&cf=d155aae0-432c-11e1-87cf-00219b1372e1&q=

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Share this post


Link to post
Share on other sites

Ok, here's the next Log - in two pieces...it was too long: Thanks

ComboFix 12-04-11.03 - Doug 04/12/2012 14:05:55.1.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2369 [GMT -7:00]

Running from: c:\documents and settings\Doug\My Documents\Downloads\ComboFix.exe

Command switches used :: c:\documents and settings\Doug\Desktop\CFScript.txt

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\Tarma Installer

c:\documents and settings\All Users\Application Data\Tarma Installer\{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}\_Setup.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}\Setup.exe

c:\documents and settings\All Users\Application Data\Tarma Installer\{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}\Setup.ico

c:\documents and settings\All Users\Application Data\Tarma Installer\{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}\TsuDll.dll

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Doug\Application Data\blekkotb

c:\documents and settings\Doug\Application Data\blekkotb\coupons\blekkotb.json

c:\documents and settings\Doug\Application Data\blekkotb\coupons\merchants.json

c:\documents and settings\Doug\Application Data\blekkotb\dtx.ini

c:\documents and settings\Doug\Application Data\blekkotb\geodata.xml

c:\documents and settings\Doug\Application Data\blekkotb\guid.dat

c:\documents and settings\Doug\Application Data\blekkotb\log.txt

c:\documents and settings\Doug\Application Data\blekkotb\messages\64475d64e98bc63d6f54679ea109f6a0

c:\documents and settings\Doug\Application Data\blekkotb\messages\messageTypes.xml

c:\documents and settings\Doug\Application Data\blekkotb\messages\state.xml

c:\documents and settings\Doug\Application Data\blekkotb\preferences.dat

c:\documents and settings\Doug\Application Data\blekkotb\stats.dat

c:\documents and settings\Doug\Application Data\blekkotb\uninstallIE.dat

c:\documents and settings\Doug\Application Data\blekkotb\version.xml

c:\documents and settings\Doug\Application Data\blekkotb\weather\45b17b5330bdad94b56b6eb39a076fd6

c:\documents and settings\Doug\Application Data\blekkotb\weather\50e1282863ff8eb0f0860eb8a2da0692

c:\documents and settings\Doug\Application Data\blekkotb\weather\forecasts_cache.xml

c:\documents and settings\Doug\Application Data\blekkotb\weather\observations_cache.xml

c:\documents and settings\Doug\Application Data\blekkotb\weatherbutton_prefs.xml

c:\documents and settings\Doug\Application Data\blekkotb\widgets_cache\050b22171ac09ad2f000d8688d701103

c:\documents and settings\Doug\Application Data\blekkotb\widgets_cache\category_cache.xml

c:\documents and settings\Doug\Application Data\blekkotb\widgets_cache\cea2db778b5e373ffb40fcdd5e8909c4

c:\documents and settings\Doug\Application Data\blekkotb\widgets_cache\widget_cache.xml

c:\documents and settings\Doug\g2mdlhlpx.exe

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\catalog.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408122029-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408122029-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408124030-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408124030-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408124445-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408124445-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408131524-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408131524-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408132043-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408132043-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408141637-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408141637-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408144054-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408144054-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408151752-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408151752-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408152106-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408152106-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408154115-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408154115-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408161844-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408161844-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408164939-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408164939-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408172017-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408172017-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408174029-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408174029-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408182107-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408182107-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408182212-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408182212-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408184113-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408184113-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408192225-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408192225-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408192333-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408192333-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408202459-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408202459-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408212614-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408212614-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408214102-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408214102-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408215651-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408215651-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408222109-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408222109-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408224115-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408224115-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408225807-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408225807-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408234023-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408234023-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408235924-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120408235924-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409003004-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409003004-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409004041-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409004041-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409010046-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409010046-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409020210-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409020210-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409023257-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409023257-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409030337-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409030337-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409033418-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409033418-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409040503-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409040503-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409042056-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409042056-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409044102-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409044102-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409050104-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409050104-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409050622-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409050622-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409052113-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409052113-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409054117-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409054117-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409060740-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409060740-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409063056-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409063056-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409064028-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409064028-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409070855-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409070855-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409073934-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409073934-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409080120-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409080120-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409080948-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409080948-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409082024-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409082024-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409084028-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409084028-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409091103-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409091103-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409092036-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409092036-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409100046-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409100046-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409101118-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409101118-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409101227-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409101227-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409102056-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409102056-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409104201-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409104201-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409104309-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409104309-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409110107-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409110107-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409111349-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409111349-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409114323-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409114323-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409114430-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409114430-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409121402-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409121402-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409121509-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409121509-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409122029-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409122029-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409124030-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409124030-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409124445-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409124445-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409131630-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409131630-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409141747-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409141747-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409142103-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409142103-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409144103-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409144103-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409144828-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409144828-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409151909-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409151909-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409162032-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409162032-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409164039-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409164039-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409172048-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409172048-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409172153-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409172153-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409174012-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409174012-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409182019-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409182019-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409182333-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409182333-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409184032-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409184032-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409185313-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409185313-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409185420-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409185420-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409192508-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409192508-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409194104-f.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409195552-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409195552-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409202012-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409202012-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409202530-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409202530-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409202637-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409202637-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409205614-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409205614-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409205722-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409205722-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409212803-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409212803-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409214046-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409214046-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409215740-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409215740-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409215847-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409215847-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409222103-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409222103-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409224007-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409224007-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409230011-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409230011-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409233056-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409233056-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409234029-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120409234029-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410000138-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410000138-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410003219-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410003219-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410004050-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410004050-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410010259-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410010259-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410013344-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410013344-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410020426-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410020426-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410030549-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410030549-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410031007-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410031007-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410040707-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410040707-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410043025-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410043025-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410050829-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410050829-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410055051-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410055051-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410060953-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410060953-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410062031-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410062031-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410064038-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410064038-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410071124-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410071124-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410074208-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410074208-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410080041-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410080041-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410081115-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410081115-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410081222-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410081222-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410084154-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410084154-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410084302-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410084302-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410091342-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410091342-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410094423-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410094423-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410101500-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410101500-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410104434-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410104434-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410104541-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410104541-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410111621-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410111621-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410114701-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410114701-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410121742-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410121742-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410124823-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410124823-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410131903-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410131903-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410142022-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410142022-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410152139-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410152139-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410155223-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410155223-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410162304-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410162304-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410165346-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410165346-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410172428-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410172428-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410182445-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410182445-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410182552-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410182552-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410185635-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410185635-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410192645-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410192645-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410202806-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410202806-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410205849-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410205849-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410212933-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410212933-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410215947-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410215947-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410223016-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410223016-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410233157-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120410233157-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411003321-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411003321-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411010402-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411010402-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411013443-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411013443-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411020527-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411020527-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411023610-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411023610-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411030652-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411030652-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411033735-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411033735-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411040818-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411040818-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411042102-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411042102-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411050938-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411050938-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411054020-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411054020-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411061101-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411061101-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411064146-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411064146-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411071229-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411071229-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411182234-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411182234-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411205320-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120411205320-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120412114803-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120412114803-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120412163247-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120412163247-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120412164636-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120412164636-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120412171713-l.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\120412171713-m.list

c:\documents and settings\Doug\Local Settings\Application Data\blekkotb\data\temp.zip

c:\program files\blekkotb

c:\program files\blekkotb\auxi\blekkoAu.dll

c:\program files\blekkotb\auxi\config.xml

c:\program files\blekkotb\blekkoDx.dll

c:\program files\blekkotb\blekkotb.dll

c:\program files\blekkotb\chrome\content\custom.js

c:\program files\blekkotb\chrome\content\lib\about.xml

c:\program files\blekkotb\chrome\content\lib\dtxpanel.xul

c:\program files\blekkotb\chrome\content\lib\dtxpaneltransparent.xul

c:\program files\blekkotb\chrome\content\lib\dtxpanelwin.xul

c:\program files\blekkotb\chrome\content\lib\dtxprefwin.xul

c:\program files\blekkotb\chrome\content\lib\dtxtransparentwin.xul

c:\program files\blekkotb\chrome\content\lib\dtxwin.xul

c:\program files\blekkotb\chrome\content\lib\emailnotifierproviders.xml

c:\program files\blekkotb\chrome\content\lib\external.js

c:\program files\blekkotb\chrome\content\lib\neterror.xhtml

c:\program files\blekkotb\chrome\content\lib\rsspreview.html

c:\program files\blekkotb\chrome\content\lib\rsswin.xml

c:\program files\blekkotb\chrome\content\lib\rsswin.xsl

c:\program files\blekkotb\chrome\content\modules\datastore.jsm

c:\program files\blekkotb\chrome\content\modules\nsDragAndDrop.js

c:\program files\blekkotb\chrome\content\newtab\images\btn_search.gif

c:\program files\blekkotb\chrome\content\newtab\images\bullet.gif

c:\program files\blekkotb\chrome\content\newtab\images\field_bg.gif

c:\program files\blekkotb\chrome\content\newtab\images\powered_by_yahoo.gif

c:\program files\blekkotb\chrome\content\newtab\newtab.html

c:\program files\blekkotb\chrome\content\preferences.xml

c:\program files\blekkotb\chrome\content\toolbar.htm

c:\program files\blekkotb\chrome\content\toolbar.xul

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\css\dialog.css

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrow-grey.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrows_grey-left.gif

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrows_grey-right.gif

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\bg.gif

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\btn-search-over.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\btn-search.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\images\throbber.gif

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\index.html

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\css\dialog.css

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\1x1_transparent.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\bg.gif

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-search.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-wide-close-over.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-wide-close.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn_close_x.gif

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\default.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\transparent.gif

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-left.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-mdl.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-right-resize.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-right.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\main.html

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\scripts\defscript.js

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\tb_icon.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\widget.js

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\widget.xml

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.BlekkoMap\widget_version.txt

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\.project

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\alert_coupon.css

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-next-off.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-next.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-previous-off.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-previous.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\bg-coupon-blue.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\bg-save.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\blank_image.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\border-radius.htc

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-getcoupon.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-next-blue.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-previous-blue.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-wide-close-over.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-wide-close.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\checked.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\coupon-activated.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\couponTooltip.js

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\css\appversion.css

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\css\dialog.css

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\css\IE7Styles.css

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-coupon-hover.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-coupon.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-dollar.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrow-grey.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-left.gif

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-right.gif

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\bg_top.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-back.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-getcoupon.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-search.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\coupon-activated.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\delete.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\loader.gif

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\save.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb-disable.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb-down.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt-disable.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt-down.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\sprite.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-arrow-hover.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-arrow.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-l.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-l_BAK.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-r.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-r_BAK.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-on-l.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-on-r.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-over-l.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-over-r.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-left.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-mdl.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-right.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\images\vid-bg.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\index.html

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\jquery.contextMenu.css

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\jquery.contextMenu.js

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\appversion.js

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery-1.4.2.min.js

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.event.wheel.js

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.pagination.js

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.scrollTo-min.js

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\JSON.js

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\listnav.js

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\main.js

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\js\main.js.bak

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\page_white_copy.gif

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\panel.html

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\partner.xml

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\placeholder-logo.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css\dialog.css

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\bg.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-disablealert-over.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-disablealert.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-enablealert-over.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-enablealert.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-help-over.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-help.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-managealerts-over.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-managealerts.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-showalert-over.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-showalert.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-wide-close-over.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-wide-close.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\default.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\power-couponcamp.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\poweredby-couponwinner.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\transparent.gif

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-left.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-left_old.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-mdl.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-mdl_old.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right-resize.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right_old.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\main.html

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts\defscript.js

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\tb_icon.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\unchecked.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\widget.js

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\widget.xml

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Coupons_v2\widget_version.txt

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Grooveshark\tb_icon.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Grooveshark\widget.js

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Grooveshark\widget.xml

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Grooveshark\widget_version.txt

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\css\messageContent.css

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\css\messageList.css

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\images\bg_header.jpg

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\images\btn-close-grey.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\images\mail.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\images\msg-btn.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\messageContent.html

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\messageList.html

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\skin\scripts\messageList.js

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\tb_icon.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\widget.js

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Messaging\widget.xml

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\.cvsignore

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\css\dialog.css

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrow-grey.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-left.gif

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-right.gif

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\back.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search-over.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\delete.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-disable.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-down.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-disable.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-down.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow-hover.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-l.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-r.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-l.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-r.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-l.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-r.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-left.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-mdl.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-right.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-left.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-mdl.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-right.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\throbber.gif

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\vid-bg.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\youtube.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\index.html

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\function.js

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\jquery-1.4.2.min.js

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\JSON.js

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css\dialog.css

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\bg-facebook.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\blank.gif

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close-over.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\default.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\transparent.gif

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-left.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-mdl.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right-resize.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\main.html

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\defscript.js

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\jquery-1.4.2.min.js

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\tb_icon.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.js

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.xml

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget_version.txt

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-buffering.gif

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-connecting.gif

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-playing.gif

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta-stopped.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\radiobeta.ico

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\tb_icon.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\widget.js

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.RadioBeta\widget.xml

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\css\twitter.css

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login-over.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\btn-login.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\btn-submit.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\loginbg.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\refresh-over.gif

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\refresh.gif

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-disable.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-down.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom-over.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrollbottom.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-disable.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-down.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop-over.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\scrolltop.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-l.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\tab-off-r.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-l.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\tab-on-r.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\throbber.gif

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\twitter-logo48.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\images\twitter_top.png

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\index.html

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\js\defscript.js

c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\js\jquery.js

Share this post


Link to post
Share on other sites

<p>...and Part 2</p>

<p> </p>

<p> </p>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\js\scripts.js</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\login.html</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\css\dialog.css</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\bg.gif</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close-over.png</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\btn-wide-close.png</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\default.png</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\transparent.gif</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-left.png</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-mdl.png</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right-resize.png</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\images\win-btm-right.png</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\main.html</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts\defscript.js</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\tb_icon.png</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\widget.js</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\widget.xml</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.Twitter\widget_version.txt</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\css\autocomplete.css</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\css\dialog.css</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrow-grey.png</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrows_grey-left.gif</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\arrows_grey-right.gif</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\bg.gif</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\btn-search-over.png</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\btn-search.png</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\powered-by-youtube.gif</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-off-l.png</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-off-r.png</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-on-l.png</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-on-r.png</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-red-left.png</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-red-mdl.png</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-red-right.png</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-white-left.png</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-white-mdl.png</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\tab-white-right.png</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\throbber.gif</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\vid-bg.png</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\images\youtube.png</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\index.html</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\js\autocomplete.js</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\js\jquery-1.4.3.min.js</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\js\paginator.js</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\js\youtube.js</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\css\dialog.css</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\bg.gif</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\btn-search.png</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\btn-wide-close-over.png</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\btn-wide-close.png</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\default.png</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-off-l.png</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-off-r.png</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-on-l.png</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\tab-on-r.png</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\transparent.gif</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-left.png</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-mdl.png</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-right-resize.png</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images\win-btm-right.png</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\main.html</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\scripts\defscript.js</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\tb_icon.png</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\widget.js</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\widget.xml</div>

<div>c:\program files\blekkotb\chrome\content\widgets\net.vmn.www.YouTube_v2\widget_version.txt</div>

<div>c:\program files\blekkotb\chrome\data\search\engines.xml</div>

<div>c:\program files\blekkotb\chrome\data\search\search.xsl</div>

<div>c:\program files\blekkotb\chrome\skin\bg-btnover-mdl_ff_bluelite.png</div>

<div>c:\program files\blekkotb\chrome\skin\bg-btnover-mdl_ff_bluesky.png</div>

<div>c:\program files\blekkotb\chrome\skin\blekko16.png</div>

<div>c:\program files\blekkotb\chrome\skin\blogger.png</div>

<div>c:\program files\blekkotb\chrome\skin\bluelite.gif</div>

<div>c:\program files\blekkotb\chrome\skin\bluesky.gif</div>

<div>c:\program files\blekkotb\chrome\skin\btn-search-over.png</div>

<div>c:\program files\blekkotb\chrome\skin\btn-search.png</div>

<div>c:\program files\blekkotb\chrome\skin\btn-settings-over.png</div>

<div>c:\program files\blekkotb\chrome\skin\btn-settings.png</div>

<div>c:\program files\blekkotb\chrome\skin\btn-widgets-over.png</div>

<div>c:\program files\blekkotb\chrome\skin\btn-widgets.png</div>

<div>c:\program files\blekkotb\chrome\skin\coupons-hover.png</div>

<div>c:\program files\blekkotb\chrome\skin\coupons.png</div>

<div>c:\program files\blekkotb\chrome\skin\custom.css</div>

<div>c:\program files\blekkotb\chrome\skin\dictionary.png</div>

<div>c:\program files\blekkotb\chrome\skin\downloadcom.png</div>

<div>c:\program files\blekkotb\chrome\skin\dtxlogo.png</div>

<div>c:\program files\blekkotb\chrome\skin\facebook-blekko-hover.png</div>

<div>c:\program files\blekkotb\chrome\skin\facebook-blekko.png</div>

<div>c:\program files\blekkotb\chrome\skin\facebook-hover.png</div>

<div>c:\program files\blekkotb\chrome\skin\facebook.png</div>

<div>c:\program files\blekkotb\chrome\skin\fb.png</div>

<div>c:\program files\blekkotb\chrome\skin\games.png</div>

<div>c:\program files\blekkotb\chrome\skin\google.png</div>

<div>c:\program files\blekkotb\chrome\skin\graphna.png</div>

<div>c:\program files\blekkotb\chrome\skin\graphred0.png</div>

<div>c:\program files\blekkotb\chrome\skin\graphred0_5.png</div>

<div>c:\program files\blekkotb\chrome\skin\graphred1.png</div>

<div>c:\program files\blekkotb\chrome\skin\graphred1_5.png</div>

<div>c:\program files\blekkotb\chrome\skin\graphred2.png</div>

<div>c:\program files\blekkotb\chrome\skin\graphred2_5.png</div>

<div>c:\program files\blekkotb\chrome\skin\graphred3.png</div>

<div>c:\program files\blekkotb\chrome\skin\graphred3_5.png</div>

<div>c:\program files\blekkotb\chrome\skin\graphred4.png</div>

<div>c:\program files\blekkotb\chrome\skin\graphred4_5.png</div>

<div>c:\program files\blekkotb\chrome\skin\graphred5.png</div>

<div>c:\program files\blekkotb\chrome\skin\graphredna.png</div>

<div>c:\program files\blekkotb\chrome\skin\grey.gif</div>

<div>c:\program files\blekkotb\chrome\skin\hulu.png</div>

<div>c:\program files\blekkotb\chrome\skin\ico-digg.png</div>

<div>c:\program files\blekkotb\chrome\skin\ico-shield.png</div>

<div>c:\program files\blekkotb\chrome\skin\icon_blekko.png</div>

<div>c:\program files\blekkotb\chrome\skin\images.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\add.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\aol.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\arrow-dn.gif</div>

<div>c:\program files\blekkotb\chrome\skin\lib\arrow-right-disabled.gif</div>

<div>c:\program files\blekkotb\chrome\skin\lib\arrow-right.gif</div>

<div>c:\program files\blekkotb\chrome\skin\lib\arrow-up.gif</div>

<div>c:\program files\blekkotb\chrome\skin\lib\bg-btn-end.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\bg-btn-mdl.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\bg-btn-mdl_ff.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\bg-btn-start.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\bg-btnover-end.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\bg-btnover-mdl.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\bg-btnover-mdl_ff.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\bg-btnover-start.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\blank.gif</div>

<div>c:\program files\blekkotb\chrome\skin\lib\btnback-down-vista.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\btnback-vista.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\btnleft-down-vista.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\btnleft-vista.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\btnright-down-vista.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\btnright-vista.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\button-splitter-down-vista.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\button-splitter-vista.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\checkmark.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\chevron.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\collapse.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\dtx.css</div>

<div>c:\program files\blekkotb\chrome\skin\lib\edit-back-hot.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\edit-back.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\expand.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\found.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\gmail.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\highlight.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\highlight_blue.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\highlight_cyan.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\highlight_lime.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\highlight_magenta.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\highlight_yellow.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\hotmail.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\imap.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\lastsearch-thumb-back.gif</div>

<div>c:\program files\blekkotb\chrome\skin\lib\loadingMid.gif</div>

<div>c:\program files\blekkotb\chrome\skin\lib\lock.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\mailcom.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\menu_bg-basic.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\menu_separator_bar.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\menuitem-splitter.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\menuitemback-down-vista.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\menuitemback-vista.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\menuitemleft-down-vista.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\menuitemleft-vista.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\menuitemright-down-vista.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\menuitemright-vista.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\modify.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\move.gif</div>

<div>c:\program files\blekkotb\chrome\skin\lib\movetarget.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\css\popupAbout.css</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\css\popupWidgets.css</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\default\css\dialog.css</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\default\images\bg.gif</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\default\images\btn-wide-close-over.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\default\images\btn-wide-close.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\default\images\default.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\default\images\transparent.gif</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\default\images\win-btm-left.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\default\images\win-btm-mdl.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\default\images\win-btm-right-resize.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\default\images\win-btm-right.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\default\main.html</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\default\scripts\defscript.js</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\arrow-sml-drop.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\arrow-sml.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\arrowr-bluew5.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\bg-aboutbox.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\bg-btnover.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\bg-pnl520x390.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\btn-addtoolbar-left.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\btn-addtoolbar-right.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\btn-close-grey.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\btn-close-greyover.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\btn-drag.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\btn-mdl-over.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\btn-mdl.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\btn-next-over.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\btn-next.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\btn-previous-over.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\btn-previous.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\btn-right-over.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\btn-search-pnlbtm.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\gamethumb-on.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\ico-calendar.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\ico-download.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\ico-tags.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\icon-Add.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\icon-Info.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\menul-bgon.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\menul-bgover.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\panel-botm-noscroll.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\scroll-bg-206.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\scroll-bg.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\scroll-topwin.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\scrollb-disable.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\scrollb-down.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\scrollb-over.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\scrollb.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\scrollt-disable.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\scrollt-down.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\scrollt-over.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\scrollt.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\searchbox-pnlbtm.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\star_x_grey.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\star_x_orange.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\throbber.gif</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\TRUSTe_about.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\view-detailed-on.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\view-detailed-over.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\view-thumb-on.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\view-thumb-over.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\widgets-square-16px.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\images\widgets-square-24px.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\panels\popupWidgets.html</div>

<div>c:\program files\blekkotb\chrome\skin\lib\pop.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\radio.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\reload.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\remove.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\rename.gif</div>

<div>c:\program files\blekkotb\chrome\skin\lib\resize-box.gif</div>

<div>c:\program files\blekkotb\chrome\skin\lib\rss.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\rsschannelback.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\RSSLogo.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\rsstabdivider.gif</div>

<div>c:\program files\blekkotb\chrome\skin\lib\scroll-left.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\scroll-right.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\search-go.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\search.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\text-ellipsis.xml</div>

<div>c:\program files\blekkotb\chrome\skin\lib\throbber.gif</div>

<div>c:\program files\blekkotb\chrome\skin\lib\toolbarsplitter.gif</div>

<div>c:\program files\blekkotb\chrome\skin\lib\transparent_1px.gif</div>

<div>c:\program files\blekkotb\chrome\skin\lib\uwa\border_02.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\uwa\border_03.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\uwa\border_04.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\uwa\border_06.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\uwa\border_07.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\uwa\border_08.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\uwa\border_09.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\uwa\border_10.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\uwa\border_11.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\uwa\border_12.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\uwa\border_13.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\uwa\border_14.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\uwa\border_15.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\uwa\border_16.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\uwa\border_18.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\uwa\border_19.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\uwa\border_20.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\uwa\border_21.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\uwa\btn-close-grey.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\uwa\btn-close-greyover.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\uwa\close-hot.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\uwa\close-normal.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\uwa\loadingMid.gif</div>

<div>c:\program files\blekkotb\chrome\skin\lib\uwa\paneltemplate.html</div>

<div>c:\program files\blekkotb\chrome\skin\lib\uwa\proxy.html</div>

<div>c:\program files\blekkotb\chrome\skin\lib\uwa\template.html</div>

<div>c:\program files\blekkotb\chrome\skin\lib\uwa\template.xml</div>

<div>c:\program files\blekkotb\chrome\skin\lib\uwa\templateFF.html</div>

<div>c:\program files\blekkotb\chrome\skin\lib\uwa\throbber.gif</div>

<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\icons\cond999.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\icons\icons.xml</div>

<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\icons\na-s.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\icons\na.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\icons\weather.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\add.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\box-check.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\ico-check.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\options-weather.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\over-blue.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\over-orange.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png</div>

<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\popupWeather.css</div>

<div>c:\program files\blekkotb\chrome\skin\lib\weatherbutton\panels\popupWeather.html</div>

<div>c:\program files\blekkotb\chrome\skin\lib\yahoo.png</div>

<div>c:\program files\blekkotb\chrome\skin\lichen.gif</div>

<div>c:\program files\blekkotb\chrome\skin\local-deals-hover.png</div>

<div>c:\program files\blekkotb\chrome\skin\local-deals.png</div>

<div>c:\program files\blekkotb\chrome\skin\logo-about.png</div>

<div>c:\program files\blekkotb\chrome\skin\logo-over.png</div>

<div>c:\program files\blekkotb\chrome\skin\logo.png</div>

<div>c:\program files\blekkotb\chrome\skin\mail-blekko-hover.png</div>

<div>c:\program files\blekkotb\chrome\skin\mail-blekko.png</div>

<div>c:\program files\blekkotb\chrome\skin\mail-hover.png</div>

<div>c:\program files\blekkotb\chrome\skin\mail.png</div>

<div>c:\program files\blekkotb\chrome\skin\modify-save.png</div>

<div>c:\program files\blekkotb\chrome\skin\modify.png</div>

<div>c:\program files\blekkotb\chrome\skin\music.png</div>

<div>c:\program files\blekkotb\chrome\skin\myspace.png</div>

<div>c:\program files\blekkotb\chrome\skin\news.png</div>

<div>c:\program files\blekkotb\chrome\skin\options-main.png</div>

<div>c:\program files\blekkotb\chrome\skin\options-search.png</div>

<div>c:\program files\blekkotb\chrome\skin\options\options-main.png</div>

<div>c:\program files\blekkotb\chrome\skin\options\options-search.png</div>

<div>c:\program files\blekkotb\chrome\skin\options\options-weather.png</div>

<div>c:\program files\blekkotb\chrome\skin\options\options-widgets.png</div>

<div>c:\program files\blekkotb\chrome\skin\orange.gif</div>

<div>c:\program files\blekkotb\chrome\skin\p_yahoo.png</div>

<div>c:\program files\blekkotb\chrome\skin\rss-collapse.png</div>

<div>c:\program files\blekkotb\chrome\skin\rss-delete.png</div>

<div>c:\program files\blekkotb\chrome\skin\rss-expand.png</div>

<div>c:\program files\blekkotb\chrome\skin\rss-feed.png</div>

<div>c:\program files\blekkotb\chrome\skin\rss-folder-remove.png</div>

<div>c:\program files\blekkotb\chrome\skin\rss-folder-rename.png</div>

<div>c:\program files\blekkotb\chrome\skin\rss-folder.png</div>

<div>c:\program files\blekkotb\chrome\skin\rss-found.png</div>

<div>c:\program files\blekkotb\chrome\skin\rss-reload.png</div>

<div>c:\program files\blekkotb\chrome\skin\rss-subscribe.png</div>

<div>c:\program files\blekkotb\chrome\skin\rss.png</div>

<div>c:\program files\blekkotb\chrome\skin\rssback.gif</div>

<div>c:\program files\blekkotb\chrome\skin\rsstopback.gif</div>

<div>c:\program files\blekkotb\chrome\skin\search.png</div>

<div>c:\program files\blekkotb\chrome\skin\settings.png</div>

<div>c:\program files\blekkotb\chrome\skin\shopping.png</div>

<div>c:\program files\blekkotb\chrome\skin\skin-bluelite.png</div>

<div>c:\program files\blekkotb\chrome\skin\skin-bluesky.png</div>

<div>c:\program files\blekkotb\chrome\skin\skin-grey.png</div>

<div>c:\program files\blekkotb\chrome\skin\skin-lichen.png</div>

<div>c:\program files\blekkotb\chrome\skin\skin-orange.png</div>

<div>c:\program files\blekkotb\chrome\skin\skin-yellow.png</div>

<div>c:\program files\blekkotb\chrome\skin\social_delicious.png</div>

<div>c:\program files\blekkotb\chrome\skin\social_stumbleupon.png</div>

<div>c:\program files\blekkotb\chrome\skin\technorati.png</div>

<div>c:\program files\blekkotb\chrome\skin\throbber.gif</div>

<div>c:\program files\blekkotb\chrome\skin\toolbarsplitter.png</div>

<div>c:\program files\blekkotb\chrome\skin\twitter-blekko-hover.png</div>

<div>c:\program files\blekkotb\chrome\skin\twitter-blekko.png</div>

<div>c:\program files\blekkotb\chrome\skin\twitter-hover.png</div>

<div>c:\program files\blekkotb\chrome\skin\twitter.png</div>

<div>c:\program files\blekkotb\chrome\skin\weather-blekko.png</div>

<div>c:\program files\blekkotb\chrome\skin\web.png</div>

<div>c:\program files\blekkotb\chrome\skin\websearch.png</div>

<div>c:\program files\blekkotb\chrome\skin\wikipedia.png</div>

<div>c:\program files\blekkotb\chrome\skin\yahoosearch.png</div>

<div>c:\program files\blekkotb\chrome\skin\yellow.gif</div>

<div>c:\program files\blekkotb\chrome\skin\youtube.png</div>

<div>c:\program files\blekkotb\components\windowmediator.js</div>

<div>c:\program files\blekkotb\install.ico</div>

<div>c:\program files\blekkotb\manifest.xml</div>

<div>c:\program files\blekkotb\search.ico</div>

<div>c:\program files\blekkotb\uninstall.exe</div>

<div>c:\program files\StartSearch plugin</div>

<div>c:\program files\StartSearch plugin\StartBar.dll</div>

<div>c:\program files\StartSearch plugin\uninst.exe</div>

<div>C:\RECYCLER(2)</div>

<div>c:\recycler(2)\S-1-5-21-725345543-343818398-1801674531-1003(2)\INFO2</div>

<div>c:\windows\EventSystem.log</div>

<div>c:\windows\system32\ccrpTmr6.dll</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((   Files Created from 2012-03-12 to 2012-04-12  )))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>2012-04-12 20:32 . 2012-04-12 20:32<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Ditto</div>

<div>2012-04-11 23:07 . 2012-04-11 23:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wbem\Repository</div>

<div>2012-04-11 22:38 . 2012-04-11 22:38<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\LocalService\Local Settings\Application Data\Adobe</div>

<div>2012-04-09 03:46 . 2012-04-09 03:46<span class="Apple-tab-span" style="white-space:pre"> </span>592824<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Mozilla Firefox\gkmedias.dll</div>

<div>2012-04-09 03:46 . 2012-04-09 03:46<span class="Apple-tab-span" style="white-space:pre"> </span>44472<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Mozilla Firefox\mozglue.dll</div>

<div>2012-04-04 05:53 . 2012-04-04 05:53<span class="Apple-tab-span" style="white-space:pre"> </span>182160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Mozilla Firefox\Plugins\nppdf32.dll</div>

<div>2012-04-04 05:53 . 2012-04-04 05:53<span class="Apple-tab-span" style="white-space:pre"> </span>182160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Internet Explorer\Plugins\nppdf32.dll</div>

<div>2012-04-02 04:47 . 2012-04-02 04:55<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\4-1-2012</div>

<div>2012-03-31 00:17 . 2012-03-31 00:17<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\VMS</div>

<div>2012-03-31 00:16 . 2012-03-31 00:19<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\VMS</div>

<div>2012-03-31 00:06 . 2012-04-12 21:14<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor</div>

<div>2012-03-30 02:40 . 2012-03-30 02:40<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\LogFiles</div>

<div>2012-03-30 02:35 . 2012-03-30 02:35<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\BlueStacks</div>

<div>2012-03-30 02:35 . 2012-03-30 02:35<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\All Users\Application Data\BlueStacks</div>

<div>2012-03-30 02:03 . 2012-04-01 21:32<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\Doug\Local Settings\Application Data\BlueStacks</div>

<div>2012-03-29 17:58 . 2012-03-29 17:58<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\Java</div>

<div>2012-03-29 17:58 . 2012-03-29 17:57<span class="Apple-tab-span" style="white-space:pre"> </span>476904<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Mozilla Firefox\Plugins\npdeployJava1.dll</div>

<div>2012-03-29 17:58 . 2012-03-29 17:57<span class="Apple-tab-span" style="white-space:pre"> </span>73728<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\javacpl.cpl</div>

<div>2012-03-28 18:44 . 2012-03-28 18:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\NetworkService\Local Settings\Application Data\Google</div>

<div>2012-03-26 21:11 . 2012-04-11 21:30<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d--h--w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\GroupPolicy</div>

<div>2012-03-26 21:03 . 2012-03-26 21:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\Doug\Local Settings\Application Data\APN</div>

<div>2012-03-26 21:02 . 2012-03-30 03:48<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\All Users\Application Data\Avira</div>

<div>2012-03-23 14:16 . 2012-03-20 18:52<span class="Apple-tab-span" style="white-space:pre"> </span>51144<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\Soluto.sys</div>

<div>2012-03-23 14:16 . 2012-03-23 14:17<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Soluto</div>

<div>2012-03-22 19:12 . 2012-03-22 19:12<span class="Apple-tab-span" style="white-space:pre"> </span>4435968<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\GPhotos.scr</div>

<div>2012-03-20 19:59 . 2012-03-20 19:59<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\Skype</div>

<div>.</div>

<div>.</div>

<div>.</div>

<div>((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>2012-04-04 22:56 . 2011-10-23 05:19<span class="Apple-tab-span" style="white-space:pre"> </span>22344<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div>

<div>2012-03-29 17:57 . 2011-10-23 05:26<span class="Apple-tab-span" style="white-space:pre"> </span>472808<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\deployJava1.dll</div>

<div>2012-03-01 11:01 . 2008-04-14 12:00<span class="Apple-tab-span" style="white-space:pre"> </span>916992<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wininet.dll</div>

<div>2012-03-01 11:01 . 2008-04-14 12:00<span class="Apple-tab-span" style="white-space:pre"> </span>43520<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\licmgr10.dll</div>

<div>2012-03-01 11:01 . 2008-04-14 12:00<span class="Apple-tab-span" style="white-space:pre"> </span>1469440<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\inetcpl.cpl</div>

<div>2012-02-29 14:10 . 2008-04-14 12:00<span class="Apple-tab-span" style="white-space:pre"> </span>177664<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wintrust.dll</div>

<div>2012-02-29 14:10 . 2008-04-14 12:00<span class="Apple-tab-span" style="white-space:pre"> </span>148480<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\imagehlp.dll</div>

<div>2012-02-29 12:17 . 2008-04-14 12:00<span class="Apple-tab-span" style="white-space:pre"> </span>385024<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\html.iec</div>

<div>2012-02-07 18:02 . 2012-02-07 18:02<span class="Apple-tab-span" style="white-space:pre"> </span>1070352<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\MSCOMCTL.OCX</div>

<div>2012-02-03 09:22 . 2008-04-14 12:00<span class="Apple-tab-span" style="white-space:pre"> </span>1860096<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\win32k.sys</div>

<div>2012-01-31 12:44 . 2011-10-23 04:53<span class="Apple-tab-span" style="white-space:pre"> </span>237072<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\MpSigStub.exe</div>

<div>2012-01-23 15:19 . 2011-10-23 05:19<span class="Apple-tab-span" style="white-space:pre"> </span>414368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\FlashPlayerCPLApp.cpl</div>

<div>2012-04-09 03:46 . 2011-10-23 05:19<span class="Apple-tab-span" style="white-space:pre"> </span>97208<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\mozilla firefox\components\browsercomps.dll</div>

<div>2011-10-23 05:21 . 2011-10-23 05:21<span class="Apple-tab-span" style="white-space:pre"> </span>119808<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>*Note* empty entries & legit default entries are not shown </div>

<div>REGEDIT4</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]</div>

<div>2012-02-10 18:28<span class="Apple-tab-span" style="white-space:pre"> </span>1307928<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Microsoft\BingBar\7.1.361.0\BingExt.dll</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]</div>

<div>"{eec0f710-38b5-4aba-99bf-ec87564a4e13}"= "c:\program files\Microsoft\BingBar\7.1.361.0\BingExt.dll" [2012-02-10 1307928]</div>

<div>.</div>

<div>[HKEY_CLASSES_ROOT\clsid\{eec0f710-38b5-4aba-99bf-ec87564a4e13}]</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]</div>

<div>@="{95A27763-F62A-4114-9072-E81D87DE3B68}"</div>

<div>[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]</div>

<div>2011-03-04 03:52<span class="Apple-tab-span" style="white-space:pre"> </span>762000<span class="Apple-tab-span" style="white-space:pre"> </span>----a-r-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]</div>

<div>@="{E300CD91-100F-4E67-9AF3-1384A6124015}"</div>

<div>[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]</div>

<div>2011-03-04 03:52<span class="Apple-tab-span" style="white-space:pre"> </span>762000<span class="Apple-tab-span" style="white-space:pre"> </span>----a-r-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]</div>

<div>@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"</div>

<div>[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]</div>

<div>2011-03-04 03:52<span class="Apple-tab-span" style="white-space:pre"> </span>762000<span class="Apple-tab-span" style="white-space:pre"> </span>----a-r-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll</div>

<div>.</div>

<div>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>

<div>"DisplayFusion"="c:\program files\DisplayFusion\DisplayFusion.exe" [2011-10-03 2456992]</div>

<div>"DriverMax"="" [bU]</div>

<div>"DriverMax_RESTART"="" [bU]</div>

<div>"CursorFX"="c:\program files\Stardock\CursorFX\CursorFX.exe" [2010-03-23 417280]</div>

<div>"Eye-Fi"="c:\program files\Eye-Fi\Helper\EyeFiHelper.exe" [2011-12-22 3961464]</div>

<div>"QuickLaunch"="c:\program files\Schwab\StreetSmart Edge\QuickLaunch.exe" [2012-01-19 12288]</div>

<div>"BTLive"="c:\documents and settings\Doug\Application Data\BTLive\BTLive.exe" [bU]</div>

<div>"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2011-05-03 487424]</div>

<div>"Ditto"="c:\program files\Ditto\Ditto.exe" [2012-01-04 1350144]</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>

<div>"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]</div>

<div>"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\\isuspm.exe" [2010-05-21 324976]</div>

<div>"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]</div>

<div>"RTHDCPL"="RTHDCPL.EXE" [2007-12-20 16860672]</div>

<div>"V0230Mon.exe"="c:\windows\V0230Mon.exe" [2006-09-07 32768]</div>

<div>"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]</div>

<div>"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]</div>

<div>"PPort9reminder"="c:\program files\ScanSoft\PaperPort\WebEreg\Ereg.exe" [2003-01-27 729088]</div>

<div>"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]</div>

<div>"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]</div>

<div>"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]</div>

<div>"Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-01-17 232616]</div>

<div>.</div>

<div>c:\documents and settings\Doug\Start Menu\Programs\Startup\</div>

<div>EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112]</div>

<div>Google Chrome 9-10-11.lnk - c:\documents and settings\Doug\Local Settings\Application Data\Google\Chrome\Application\chrome.exe [2011-12-18 1224176]</div>

<div>StreetSmart Edge.lnk - c:\program files\Schwab\StreetSmart Edge\SSEdge.exe [2011-10-23 75776]</div>

<div>Texter.lnk - c:\program files\Texter\texter.exe [2007-11-6 377303]</div>

<div>.</div>

<div>[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]</div>

<div>"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]</div>

<div>BootExecute<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ   <span class="Apple-tab-span" style="white-space:pre"> </span>autocheck autochk *\0SmartDefragBootTime.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]</div>

<div>@="Service"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]</div>

<div>2011-09-27 15:22<span class="Apple-tab-span" style="white-space:pre"> </span>59240<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]</div>

<div>2011-12-26 21:06<span class="Apple-tab-span" style="white-space:pre"> </span>743560<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\EASEUS\Todo Backup\bin\TrayNotify.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]</div>

<div>2011-12-23 07:09<span class="Apple-tab-span" style="white-space:pre"> </span>70792<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\EASEUS\Todo Backup\bin\EuWatch.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]</div>

<div>2011-10-23 05:21<span class="Apple-tab-span" style="white-space:pre"> </span>30192<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Google\Google Desktop Search\GoogleDesktop.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]</div>

<div>2007-01-01 21:22<span class="Apple-tab-span" style="white-space:pre"> </span>3739648<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Google\Google Talk\googletalk.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]</div>

<div>2011-05-10 09:41<span class="Apple-tab-span" style="white-space:pre"> </span>49208<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\HP\HP Software Update\hpwuschd2.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]</div>

<div>2003-02-27 10:40<span class="Apple-tab-span" style="white-space:pre"> </span>40960<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\ScanSoft\PaperPort\IndexSearch.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]</div>

<div>2011-11-13 08:24<span class="Apple-tab-span" style="white-space:pre"> </span>421736<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\iTunes\iTunesHelper.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]</div>

<div>2003-02-27 10:12<span class="Apple-tab-span" style="white-space:pre"> </span>57393<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\ScanSoft\PaperPort\pptd40nt.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFProHook]</div>

<div>2011-07-01 08:07<span class="Apple-tab-span" style="white-space:pre"> </span>607592<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Nuance\PDF Viewer Plus\PdfPro7Hook.exe</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]</div>

<div>2012-02-29 16:20<span class="Apple-tab-span" style="white-space:pre"> </span>17151624<span class="Apple-tab-span" style="white-space:pre"> </span>----a-r-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Skype\Phone\Skype.exe</div>

<div>.</div>

<div>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]</div>

<div>"%windir%\\Network Diagnostic\\xpnetdiag.exe"=</div>

<div>"%windir%\\system32\\sessmgr.exe"=</div>

<div>"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=</div>

<div>"c:\\Program Files\\WinTV\\WinTV7\\WinTV7.exe"=</div>

<div>"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=</div>

<div>"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=</div>

<div>"c:\\Program Files\\OpenPhotoBooth\\opb_gui.exe"=</div>

<div>"c:\\Program Files\\Eye-Fi\\Helper\\EyeFiHelper.exe"=</div>

<div>"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=</div>

<div>"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=</div>

<div>"c:\\Program Files\\iTunes\\iTunes.exe"=</div>

<div>"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=</div>

<div>"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=</div>

<div>"c:\\Documents and Settings\\Doug\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=</div>

<div>"c:\\Program Files\\EASEUS\\Todo Backup\\bin\\Agent.exe"=</div>

<div>"c:\\Program Files\\Skype\\Phone\\Skype.exe"=</div>

<div>"c:\\Program Files\\Soluto\\Soluto.exe"=</div>

<div>"c:\\Program Files\\Soluto\\SolutoService.exe"=</div>

<div>"c:\\Program Files\\Soluto\\SolutoConsole.exe"=</div>

<div>"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=</div>

<div>"c:\\Program Files\\Ditto\\Ditto.exe"=</div>

<div>.</div>

<div>R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2/29/2012 6:41 PM 50312]</div>

<div>R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2/29/2012 6:41 PM 43784]</div>

<div>R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [10/22/2011 10:22 PM 14776]</div>

<div>R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [3/23/2012 7:16 AM 51144]</div>

<div>R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2/29/2012 6:41 PM 16008]</div>

<div>R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2/29/2012 6:41 PM 185864]</div>

<div>R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2/10/2012 11:28 AM 193816]</div>

<div>R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [3/28/2012 9:21 PM 66912]</div>

<div>R2 EaseUS Agent;EaseUS Agent;c:\program files\EASEUS\Todo Backup\bin\Agent.exe [2/29/2012 6:39 PM 61064]</div>

<div>R2 Guard Agent;Guard Agent;c:\program files\EASEUS\Todo Backup\bin\GuardAgent.exe [2/29/2012 6:39 PM 23176]</div>

<div>R2 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\WinTV\TVServer\HAUPPA~1.EXE [10/22/2011 10:28 PM 602624]</div>

<div>R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [3/20/2012 12:08 PM 571936]</div>

<div>R3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [3/24/2006 2:00 AM 6272]</div>

<div>R3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [9/29/2006 2:01 AM 500480]</div>

<div>S0 cerc6;cerc6; [x]</div>

<div>S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/29/2012 9:16 AM 158856]</div>

<div>S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2/10/2012 11:28 AM 240408]</div>

<div>S3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe [3/28/2012 9:21 PM 401760]</div>

<div>S3 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [3/28/2012 9:21 PM 385376]</div>

<div>S3 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]</div>

<div>S3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [10/22/2011 10:33 PM 20328]</div>

<div>S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]</div>

<div>S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [10/22/2011 10:27 PM 13192]</div>

<div>S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [10/22/2011 10:27 PM 8456]</div>

<div>S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/22/2011 10:21 PM 30192]</div>

<div>S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\drivers\hcw72ADFilter.sys [10/22/2011 10:25 PM 28928]</div>

<div>S3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\drivers\hcw72ATV.sys [10/22/2011 10:24 PM 1217920]</div>

<div>S3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\drivers\hcw72DTV.sys [10/22/2011 10:24 PM 1220224]</div>

<div>S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]</div>

<div>.</div>

<div>--- Other Services/Drivers In Memory ---</div>

<div>.</div>

<div>*NewlyCreated* - BBSVC</div>

<div>.</div>

<div>Contents of the 'Scheduled Tasks' folder</div>

<div>.</div>

<div>2012-04-08 c:\windows\Tasks\AdobeAAMUpdater-1.0-DOUG-7C388E4B75-Doug.job</div>

<div>- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-12-30 01:42]</div>

<div>.</div>

<div>2012-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job</div>

<div>- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]</div>

<div>.</div>

<div>2012-04-12 c:\windows\Tasks\At1.job</div>

<div>- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 04:12]</div>

<div>.</div>

<div>2012-04-12 c:\windows\Tasks\At2.job</div>

<div>- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 04:12]</div>

<div>.</div>

<div>2012-04-12 c:\windows\Tasks\At3.job</div>

<div>- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 04:12]</div>

<div>.</div>

<div>2012-04-12 c:\windows\Tasks\At4.job</div>

<div>- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 04:12]</div>

<div>.</div>

<div>2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-343818398-1801674531-1003Core.job</div>

<div>- c:\documents and settings\Doug\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-23 04:49]</div>

<div>.</div>

<div>2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-343818398-1801674531-1003UA.job</div>

<div>- c:\documents and settings\Doug\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-23 04:49]</div>

<div>.</div>

<div>.</div>

<div>------- Supplementary Scan -------</div>

<div>.</div>

<div>uStart Page = hxxp://blekko.com?source=c3348dd4&tbp=homepage&toolbarid=blekkotb&u=2012033132B64C498B125D11813D8C71</div>

<div>uDefault_Search_URL = hxxp://www.google.com/ie</div>

<div>mStart Page = hxxp://www.google.com</div>

<div>uInternet Settings,ProxyOverride = *.local</div>

<div>uSearchAssistant = hxxp://www.google.com/ie</div>

<div>uSearchURL,(Default) = hxxp://www.google.com/search?q=%s</div>

<div>IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201</div>

<div>IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204</div>

<div>IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204</div>

<div>IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200</div>

<div>IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203</div>

<div>IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202</div>

<div>IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000</div>

<div>IE: Open with PDF Viewer 7 - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm</div>

<div>TCP: DhcpNameServer = 75.75.75.75 75.75.76.76</div>

<div>FF - ProfilePath - c:\documents and settings\Doug\Application Data\Mozilla\Firefox\Profiles\m6wpu69h.default\</div>

<div>FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/</div>

<div>.</div>

<div>- - - - ORPHANS REMOVED - - - -</div>

<div>.</div>

<div>AddRemove-blekkotb - c:\program files\blekkotb\uninstall.exe</div>

<div>AddRemove-StartSearch Toolbar - c:\program files\StartSearch plugin\uninst.exe</div>

<div>.</div>

<div>.</div>

<div>.</div>

<div>**************************************************************************</div>

<div>.</div>

<div>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net</div>

<div>Rootkit scan 2012-04-12 14:14</div>

<div>Windows 5.1.2600 Service Pack 3 NTFS</div>

<div>.</div>

<div>scanning hidden processes ...  </div>

<div>.</div>

<div>scanning hidden autostart entries ... </div>

<div>.</div>

<div>scanning hidden files ...  </div>

<div>.</div>

<div>scan completed successfully</div>

<div>hidden files: 0</div>

<div>.</div>

<div>**************************************************************************</div>

<div>.</div>

<div>--------------------- DLLs Loaded Under Running Processes ---------------------</div>

<div>.</div>

<div>- - - - - - - > 'winlogon.exe'(764)</div>

<div>c:\windows\system32\Ati2evxx.dll</div>

<div>.</div>

<div>- - - - - - - > 'explorer.exe'(5844)</div>

<div>c:\windows\system32\WININET.dll</div>

<div>c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.dll</div>

<div>c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll</div>

<div>c:\program files\DisplayFusion\Hooks\AppHookx86_E9464B29-24CC-4807-9B39-7F16C319BC61.dll</div>

<div>c:\windows\system32\ieframe.dll</div>

<div>c:\windows\system32\msi.dll</div>

<div>c:\program files\Stardock\Fences\FencesMenu.dll</div>

<div>c:\windows\system32\webcheck.dll</div>

<div>c:\program files\stardock\fences\DesktopDock.dll</div>

<div>c:\program files\Stardock\CursorFX\CurXP0.dll</div>

<div>.</div>

<div>------------------------ Other Running Processes ------------------------</div>

<div>.</div>

<div>c:\windows\system32\Ati2evxx.exe</div>

<div>c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe</div>

<div>c:\windows\system32\Ati2evxx.exe</div>

<div>c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</div>

<div>c:\program files\Bonjour\mDNSResponder.exe</div>

<div>c:\program files\FolderSize\FolderSizeSvc.exe</div>

<div>c:\program files\Canon\CAL\CALMAIN.exe</div>

<div>c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe</div>

<div>c:\windows\system32\wscntfy.exe</div>

<div>c:\program files\ATI Technologies\ATI.ACE\CLI.EXE</div>

<div>c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\isuspm.exe</div>

<div>c:\windows\RTHDCPL.EXE</div>

<div>c:\windows\system32\msiexec.exe</div>

<div>c:\program files\ATI Technologies\ATI.ACE\cli.exe</div>

<div>c:\program files\WinTV\WinTV7\WinTV7.exe</div>

<div>.</div>

<div>**************************************************************************</div>

<div>.</div>

<div>Completion time: 2012-04-12  14:23:49 - machine was rebooted</div>

<div>ComboFix-quarantined-files.txt  2012-04-12 21:23</div>

<div>ComboFix2.txt  2012-04-11 15:19</div>

<div>.</div>

<div>Pre-Run: 110,998,507,520 bytes free</div>

<div>Post-Run: 112,248,832,000 bytes free</div>

<div>.</div>

<div>WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe</div>

<div>[boot loader]</div>

<div>timeout=2</div>

<div>default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS</div>

<div>[operating systems]</div>

<div>c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons</div>

<div>UnsupportedDebug="do not select this" /debug</div>

<div>multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect</div>

<div>.</div>

<div>- - End Of File - - 80BA558109A6684FF90BA0BDF1201363</div>

<div> </div>

Share this post


Link to post
Share on other sites

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Share this post


Link to post
Share on other sites

<p>Looks like you solved the problem.  Huge Thanks!</p>

<p> </p>

<p> </p>

<div>Malwarebytes Anti-Malware 1.61.0.1400</div>

<div>www.malwarebytes.org</div>

<div> </div>

<div>Database version: v2012.04.13.04</div>

<div> </div>

<div>Windows XP Service Pack 3 x86 NTFS</div>

<div>Internet Explorer 8.0.6001.18702</div>

<div>Doug :: DOUG-7C388E4B75 [administrator]</div>

<div> </div>

<div>4/13/2012 7:33:25 AM</div>

<div>mbam-log-2012-04-13 (07-33-25).txt</div>

<div> </div>

<div>Scan type: Quick scan</div>

<div>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM</div>

<div>Scan options disabled: P2P</div>

<div>Objects scanned: 196748</div>

<div>Time elapsed: 6 minute(s), 31 second(s)</div>

<div> </div>

<div>Memory Processes Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Memory Modules Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Keys Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Values Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Data Items Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Folders Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Files Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>(end)</div>

Share this post


Link to post
Share on other sites

Glad I could help! :)

Please uninstall ComboFix:

www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstall

Next, manually delete DDS.

Some malware prevention tips:

http://forums.malwarebytes.org/index.php?showtopic=104379&pid=515983&st=0entry515983

Antivirus software is very important. Very strongly recommend you immediately install an antivirus program. This is the most important prevention.

Safe surfing! :)

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.