[MM44]

Hello I have a trojan virus . Whenever I open my web browser another one opens on its own with pop up ads . I tried cleaning it with anti spyware and marware bytes . I tried putting my otl scan but it wont allow me 2 . It says internet explorer cannot display page . I would appreciate any help thank u

Attached Files

•  OTL.Txt   159.17KB   72 downloads

[Advertisements]

Hi,

sorry for the late reply. Do you still need help?

If so please post a log from gmer:
Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
• Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  
  
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
• Now click the Scan button. If you see a rootkit warning window, click OK.
• When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
• Click the Copy button and paste the results into your next reply.
• Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

[myrti]

Hi,

sorry for the late reply. Do you still need help?

If so please post a log from gmer:
Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
• Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  
  
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
• Now click the Scan button. If you see a rootkit warning window, click OK.
• When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
• Click the Copy button and paste the results into your next reply.
• Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

[MM44]

Thank u for replying Yes I still need help . I will do what u said to do now . My computer is so slow .

[myrti]

Hi,

let me know if you run into any problems with creating the logs at hand.

regards myrti

[MM44]

IM having trouble sending you my gmer.log it says post is too long go back and shorten it a little . Also its super hard getting on geekstogo the thing keeps saying a script on this page is causing internet explorer to run slowly . I also tried sending you the file on the attachments . No luck . thank you so much 4 helping me

[myrti]

Hi,

please try to zip the file and attach it then.

regards myrti

[MM44]

I think I did it . Im not sure

Attached Files

•  gmer.zip   68.06KB   96 downloads

[myrti]

Hi,

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide to clean, please run a scan with ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
  Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link
  
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

If you need help, see this link:
http://www.bleepingc...to-use-combofix

[MM44]

Im having so much trouble downloading combofix . my mcafee keeps saying its a trojan and blocks it . I took my mcagee off the firewall . I dont know what to do

[myrti]

Hi,

can you try downloading it in Safemode with network support?

regards myrti

[MM44]

ComboFix 12-01-05.01 - mubarak 01/05/2012 9:39.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.523 [GMT -6:00]
Running from: c:\documents and settings\mubarak\My Documents\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\DragToDiscUserNameD.txt
c:\documents and settings\All Users\Application Data\qppmdm4s2ppv2enw6xwj2s200x6w
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\mubarak\Application Data\bflixtoolbar
c:\documents and settings\mubarak\Application Data\bflixtoolbar\dtx.ini
c:\documents and settings\mubarak\Application Data\bflixtoolbar\guid.dat
c:\documents and settings\mubarak\Application Data\bflixtoolbar\preferences.dat
c:\documents and settings\mubarak\Application Data\bflixtoolbar\stats.dat
c:\documents and settings\mubarak\Application Data\bflixtoolbar\uninstallIE.dat
c:\documents and settings\mubarak\Application Data\bflixtoolbar\version.xml
c:\documents and settings\mubarak\Templates\qppmdm4s2ppv2enw6xwj2s200x6w
c:\program files\bflixtoolbar
c:\program files\bflixtoolbar\chrome\content\lib\about.xml
c:\program files\bflixtoolbar\chrome\content\lib\dtxpanel.xul
c:\program files\bflixtoolbar\chrome\content\lib\dtxpaneltransparent.xul
c:\program files\bflixtoolbar\chrome\content\lib\dtxpanelwin.xul
c:\program files\bflixtoolbar\chrome\content\lib\dtxprefwin.xul
c:\program files\bflixtoolbar\chrome\content\lib\dtxtransparentwin.xul
c:\program files\bflixtoolbar\chrome\content\lib\dtxwin.xul
c:\program files\bflixtoolbar\chrome\content\lib\emailnotifierproviders.xml
c:\program files\bflixtoolbar\chrome\content\lib\external.js
c:\program files\bflixtoolbar\chrome\content\lib\neterror.xhtml
c:\program files\bflixtoolbar\chrome\content\lib\rsspreview.html
c:\program files\bflixtoolbar\chrome\content\lib\rsswin.xml
c:\program files\bflixtoolbar\chrome\content\lib\rsswin.xsl
c:\program files\bflixtoolbar\chrome\content\lib\vmncode.js
c:\program files\bflixtoolbar\chrome\content\lib\wmpstreamer.html
c:\program files\bflixtoolbar\chrome\content\modules\datastore.jsm
c:\program files\bflixtoolbar\chrome\content\modules\nsDragAndDrop.js
c:\program files\bflixtoolbar\chrome\content\neterror.xhtml
c:\program files\bflixtoolbar\chrome\content\newtab\images\btn_search.gif
c:\program files\bflixtoolbar\chrome\content\newtab\images\bullet.gif
c:\program files\bflixtoolbar\chrome\content\newtab\images\field_bg.gif
c:\program files\bflixtoolbar\chrome\content\newtab\images\powered_by_yahoo.gif
c:\program files\bflixtoolbar\chrome\content\newtab\newtab.html
c:\program files\bflixtoolbar\chrome\content\newtab\newtab_mystart.html
c:\program files\bflixtoolbar\chrome\content\newtab\newtab_yahoo.html
c:\program files\bflixtoolbar\chrome\content\preferences.xml
c:\program files\bflixtoolbar\chrome\content\template.xml
c:\program files\bflixtoolbar\chrome\content\toolbar.htm
c:\program files\bflixtoolbar\chrome\content\toolbar.xul
c:\program files\bflixtoolbar\chrome\content\vmncode.js
c:\program files\bflixtoolbar\chrome\content\vmnrsswin.xml
c:\program files\bflixtoolbar\chrome\data\dynamicElements\vmntoolbar.xsl
c:\program files\bflixtoolbar\chrome\data\product.xml
c:\program files\bflixtoolbar\chrome\data\rss\rss.xml
c:\program files\bflixtoolbar\chrome\data\search\engines.xml
c:\program files\bflixtoolbar\chrome\data\search\search.xsl
c:\program files\bflixtoolbar\chrome\data\weather\icons.xml
c:\program files\bflixtoolbar\chrome\skin\1x1_png
c:\program files\bflixtoolbar\chrome\skin\1x1_white_png
c:\program files\bflixtoolbar\chrome\skin\about.gif
c:\program files\bflixtoolbar\chrome\skin\about_logo.png
c:\program files\bflixtoolbar\chrome\skin\arcade_png
c:\program files\bflixtoolbar\chrome\skin\babylon_logo.png
c:\program files\bflixtoolbar\chrome\skin\bflix_logo_png
c:\program files\bflixtoolbar\chrome\skin\blank_png
c:\program files\bflixtoolbar\chrome\skin\bluelite.gif
c:\program files\bflixtoolbar\chrome\skin\bluesky.gif
c:\program files\bflixtoolbar\chrome\skin\btn-search-over.png
c:\program files\bflixtoolbar\chrome\skin\btn-search.png
c:\program files\bflixtoolbar\chrome\skin\btn-settings-over.png
c:\program files\bflixtoolbar\chrome\skin\btn-settings.png
c:\program files\bflixtoolbar\chrome\skin\btn-widgets-over.png
c:\program files\bflixtoolbar\chrome\skin\btn-widgets.png
c:\program files\bflixtoolbar\chrome\skin\btn_settings.png
c:\program files\bflixtoolbar\chrome\skin\ca.png
c:\program files\bflixtoolbar\chrome\skin\dictionary.png
c:\program files\bflixtoolbar\chrome\skin\divider.png
c:\program files\bflixtoolbar\chrome\skin\downloadcom.png
c:\program files\bflixtoolbar\chrome\skin\dtxlogo.png
c:\program files\bflixtoolbar\chrome\skin\email.png
c:\program files\bflixtoolbar\chrome\skin\email_on.png
c:\program files\bflixtoolbar\chrome\skin\facebook.png
c:\program files\bflixtoolbar\chrome\skin\facebook_png
c:\program files\bflixtoolbar\chrome\skin\games.png
c:\program files\bflixtoolbar\chrome\skin\Games_png
c:\program files\bflixtoolbar\chrome\skin\graphna.png
c:\program files\bflixtoolbar\chrome\skin\graphred0.png
c:\program files\bflixtoolbar\chrome\skin\graphred0_5.png
c:\program files\bflixtoolbar\chrome\skin\graphred1.png
c:\program files\bflixtoolbar\chrome\skin\graphred1_5.png
c:\program files\bflixtoolbar\chrome\skin\graphred2.png
c:\program files\bflixtoolbar\chrome\skin\graphred2_5.png
c:\program files\bflixtoolbar\chrome\skin\graphred3.png
c:\program files\bflixtoolbar\chrome\skin\graphred3_5.png
c:\program files\bflixtoolbar\chrome\skin\graphred4.png
c:\program files\bflixtoolbar\chrome\skin\graphred4_5.png
c:\program files\bflixtoolbar\chrome\skin\graphred5.png
c:\program files\bflixtoolbar\chrome\skin\graphredna.png
c:\program files\bflixtoolbar\chrome\skin\grey.gif
c:\program files\bflixtoolbar\chrome\skin\ico-shield.png
c:\program files\bflixtoolbar\chrome\skin\images.png
c:\program files\bflixtoolbar\chrome\skin\lfg_smll_png
c:\program files\bflixtoolbar\chrome\skin\lib\add.png
c:\program files\bflixtoolbar\chrome\skin\lib\alexabutton.css
c:\program files\bflixtoolbar\chrome\skin\lib\aol.png
c:\program files\bflixtoolbar\chrome\skin\lib\arrow-dn.gif
c:\program files\bflixtoolbar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files\bflixtoolbar\chrome\skin\lib\arrow-right.gif
c:\program files\bflixtoolbar\chrome\skin\lib\arrow-up.gif
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btn-divider.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btn-end.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btn-mdl.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btn-start.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btnover-divider.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btnover-end.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btnover-start.png
c:\program files\bflixtoolbar\chrome\skin\lib\blank.gif
c:\program files\bflixtoolbar\chrome\skin\lib\btn-widgets-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\btn-widgets.png
c:\program files\bflixtoolbar\chrome\skin\lib\btn_slider.png
c:\program files\bflixtoolbar\chrome\skin\lib\btnback-down-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\btnback-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\btnleft-down-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\btnleft-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\btnright-down-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\btnright-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\button-splitter-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\button-splitter.png
c:\program files\bflixtoolbar\chrome\skin\lib\checkmark.png
c:\program files\bflixtoolbar\chrome\skin\lib\chevron.png
c:\program files\bflixtoolbar\chrome\skin\lib\collapse.png
c:\program files\bflixtoolbar\chrome\skin\lib\comcast.png
c:\program files\bflixtoolbar\chrome\skin\lib\debugbar\debug.html
c:\program files\bflixtoolbar\chrome\skin\lib\dtx-test.css
c:\program files\bflixtoolbar\chrome\skin\lib\dtx.css
c:\program files\bflixtoolbar\chrome\skin\lib\edit-back-hot.png
c:\program files\bflixtoolbar\chrome\skin\lib\edit-back.png
c:\program files\bflixtoolbar\chrome\skin\lib\embarq.png
c:\program files\bflixtoolbar\chrome\skin\lib\expand.png
c:\program files\bflixtoolbar\chrome\skin\lib\fast.png
c:\program files\bflixtoolbar\chrome\skin\lib\found.png
c:\program files\bflixtoolbar\chrome\skin\lib\gmail.png
c:\program files\bflixtoolbar\chrome\skin\lib\gripper.png
c:\program files\bflixtoolbar\chrome\skin\lib\highlight.png
c:\program files\bflixtoolbar\chrome\skin\lib\highlight_blue.png
c:\program files\bflixtoolbar\chrome\skin\lib\highlight_cyan.png
c:\program files\bflixtoolbar\chrome\skin\lib\highlight_lime.png
c:\program files\bflixtoolbar\chrome\skin\lib\highlight_magenta.png
c:\program files\bflixtoolbar\chrome\skin\lib\highlight_yellow.png
c:\program files\bflixtoolbar\chrome\skin\lib\hotmail.png
c:\program files\bflixtoolbar\chrome\skin\lib\ico-check.png
c:\program files\bflixtoolbar\chrome\skin\lib\imap.png
c:\program files\bflixtoolbar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files\bflixtoolbar\chrome\skin\lib\launchers.css
c:\program files\bflixtoolbar\chrome\skin\lib\loadingMid.gif
c:\program files\bflixtoolbar\chrome\skin\lib\lock.png
c:\program files\bflixtoolbar\chrome\skin\lib\logo-separator.png
c:\program files\bflixtoolbar\chrome\skin\lib\mailcom.png
c:\program files\bflixtoolbar\chrome\skin\lib\menu_bg-basic.png
c:\program files\bflixtoolbar\chrome\skin\lib\menu_separator_bar.png
c:\program files\bflixtoolbar\chrome\skin\lib\menu_separator_white.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitem-splitter.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitemback-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitemleft-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitemleft.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitemright-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\minus.gif
c:\program files\bflixtoolbar\chrome\skin\lib\modify.png
c:\program files\bflixtoolbar\chrome\skin\lib\move.gif
c:\program files\bflixtoolbar\chrome\skin\lib\movetarget.png
c:\program files\bflixtoolbar\chrome\skin\lib\newsitem.gif
c:\program files\bflixtoolbar\chrome\skin\lib\panels\css\panels.css
c:\program files\bflixtoolbar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files\bflixtoolbar\chrome\skin\lib\panels\css\popupGames.css
c:\program files\bflixtoolbar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files\bflixtoolbar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\default.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\main.html
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files\bflixtoolbar\chrome\skin\lib\panels\footer.htm
c:\program files\bflixtoolbar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files\bflixtoolbar\chrome\skin\lib\panels\gameData.js
c:\program files\bflixtoolbar\chrome\skin\lib\panels\gameList.xsl
c:\program files\bflixtoolbar\chrome\skin\lib\panels\games.xsl
c:\program files\bflixtoolbar\chrome\skin\lib\panels\gametype.xsl
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-back.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-next.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-download.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-play.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\icon-download.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\icon-play.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollb.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollt.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\widgets.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\initHTML.html
c:\program files\bflixtoolbar\chrome\skin\lib\panels\popupGames.html
c:\program files\bflixtoolbar\chrome\skin\lib\panels\popupHTML.html
c:\program files\bflixtoolbar\chrome\skin\lib\panels\popupRSS.html
c:\program files\bflixtoolbar\chrome\skin\lib\panels\popupWidgets.html
c:\program files\bflixtoolbar\chrome\skin\lib\panels\scroll.png
c:\program files\bflixtoolbar\chrome\skin\lib\plus.gif
c:\program files\bflixtoolbar\chrome\skin\lib\pop.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\css\manager.css
c:\program files\bflixtoolbar\chrome\skin\lib\radio\css\slider.css
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\music-note.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-options.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\slider.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\slideron.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\track.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\managerpanel.html
c:\program files\bflixtoolbar\chrome\skin\lib\radio\volumeslider.html
c:\program files\bflixtoolbar\chrome\skin\lib\rank0.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank0_5.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank1.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank1_5.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank2.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank2_5.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank3.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank3_5.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank4.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank4_5.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank5.png
c:\program files\bflixtoolbar\chrome\skin\lib\rankna.png
c:\program files\bflixtoolbar\chrome\skin\lib\reload.png
c:\program files\bflixtoolbar\chrome\skin\lib\remove.png
c:\program files\bflixtoolbar\chrome\skin\lib\rename.gif
c:\program files\bflixtoolbar\chrome\skin\lib\resize-box.gif
c:\program files\bflixtoolbar\chrome\skin\lib\rss.png
c:\program files\bflixtoolbar\chrome\skin\lib\rsschannelback.png
c:\program files\bflixtoolbar\chrome\skin\lib\RSSLogo.png
c:\program files\bflixtoolbar\chrome\skin\lib\rsstabdivider.gif
c:\program files\bflixtoolbar\chrome\skin\lib\scroll-left.png
c:\program files\bflixtoolbar\chrome\skin\lib\scroll-right.png
c:\program files\bflixtoolbar\chrome\skin\lib\search-go.png
c:\program files\bflixtoolbar\chrome\skin\lib\search.png
c:\program files\bflixtoolbar\chrome\skin\lib\separator.png
c:\program files\bflixtoolbar\chrome\skin\lib\text-ellipsis.xml
c:\program files\bflixtoolbar\chrome\skin\lib\throbber.gif
c:\program files\bflixtoolbar\chrome\skin\lib\toolbarsplitter.gif
c:\program files\bflixtoolbar\chrome\skin\lib\transparent_1px.gif
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_02.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_03.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_04.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_06.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_07.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_08.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_09.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_10.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_11.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_12.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_13.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_14.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_15.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_16.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_18.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_19.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_20.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_21.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\close-hot.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\close-normal.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\proxy.html
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\template.html
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\template.xml
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\templateFF.html
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\throbber.gif
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton.css
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-highrisk-user.gif
c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-highrisk.gif
c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-lowrisk.gif
c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-norating.gif
c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-verified-user.gif
c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-verified.gif
c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-verifying.gif
c:\program files\bflixtoolbar\chrome\skin\lib\yahoo.png
c:\program files\bflixtoolbar\chrome\skin\lichen.gif
c:\program files\bflixtoolbar\chrome\skin\Linked_in_png
c:\program files\bflixtoolbar\chrome\skin\logo-about.png
c:\program files\bflixtoolbar\chrome\skin\logo-over.png
c:\program files\bflixtoolbar\chrome\skin\logo-separator.png
c:\program files\bflixtoolbar\chrome\skin\logo.png
c:\program files\bflixtoolbar\chrome\skin\mail.png
c:\program files\bflixtoolbar\chrome\skin\menuseparatorback.gif
c:\program files\bflixtoolbar\chrome\skin\modify-save.png
c:\program files\bflixtoolbar\chrome\skin\modify.png
c:\program files\bflixtoolbar\chrome\skin\modifyhot.png
c:\program files\bflixtoolbar\chrome\skin\music.png
c:\program files\bflixtoolbar\chrome\skin\music_png
c:\program files\bflixtoolbar\chrome\skin\Myspace_png
c:\program files\bflixtoolbar\chrome\skin\namespacetoolbar.css
c:\program files\bflixtoolbar\chrome\skin\news.png
c:\program files\bflixtoolbar\chrome\skin\options-main.png
c:\program files\bflixtoolbar\chrome\skin\options-search.png
c:\program files\bflixtoolbar\chrome\skin\options\options-main.png
c:\program files\bflixtoolbar\chrome\skin\options\options-search.png
c:\program files\bflixtoolbar\chrome\skin\options\options-weather.gif
c:\program files\bflixtoolbar\chrome\skin\options\options-weather.png
c:\program files\bflixtoolbar\chrome\skin\options\options-widgets.png
c:\program files\bflixtoolbar\chrome\skin\orange.gif
c:\program files\bflixtoolbar\chrome\skin\p_yahoo.png
c:\program files\bflixtoolbar\chrome\skin\pixsy.png
c:\program files\bflixtoolbar\chrome\skin\ppcbully.png
c:\program files\bflixtoolbar\chrome\skin\protect-id.png
c:\program files\bflixtoolbar\chrome\skin\relatedlinks.png
c:\program files\bflixtoolbar\chrome\skin\rss-collapse.png
c:\program files\bflixtoolbar\chrome\skin\rss-delete.png
c:\program files\bflixtoolbar\chrome\skin\rss-expand.png
c:\program files\bflixtoolbar\chrome\skin\rss-feed.png
c:\program files\bflixtoolbar\chrome\skin\rss-folder-remove.png
c:\program files\bflixtoolbar\chrome\skin\rss-folder-rename.png
c:\program files\bflixtoolbar\chrome\skin\rss-folder.png
c:\program files\bflixtoolbar\chrome\skin\rss-found.png
c:\program files\bflixtoolbar\chrome\skin\rss-reload.png
c:\program files\bflixtoolbar\chrome\skin\rss-subscribe.png
c:\program files\bflixtoolbar\chrome\skin\rss.png
c:\program files\bflixtoolbar\chrome\skin\rssback.gif
c:\program files\bflixtoolbar\chrome\skin\rsstopback.gif
c:\program files\bflixtoolbar\chrome\skin\search-over.png
c:\program files\bflixtoolbar\chrome\skin\search.png
c:\program files\bflixtoolbar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files\bflixtoolbar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files\bflixtoolbar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files\bflixtoolbar\chrome\skin\settings.png
c:\program files\bflixtoolbar\chrome\skin\shopping.png
c:\program files\bflixtoolbar\chrome\skin\siteinfo.png
c:\program files\bflixtoolbar\chrome\skin\skin-bluelite.png
c:\program files\bflixtoolbar\chrome\skin\skin-bluesky.png
c:\program files\bflixtoolbar\chrome\skin\skin-grey.png
c:\program files\bflixtoolbar\chrome\skin\skin-lichen.png
c:\program files\bflixtoolbar\chrome\skin\skin-orange.png
c:\program files\bflixtoolbar\chrome\skin\skin-yellow.png
c:\program files\bflixtoolbar\chrome\skin\skin.xml
c:\program files\bflixtoolbar\chrome\skin\technorati.png
c:\program files\bflixtoolbar\chrome\skin\throbber.gif
c:\program files\bflixtoolbar\chrome\skin\toolbarsplitter.png
c:\program files\bflixtoolbar\chrome\skin\translate.png
c:\program files\bflixtoolbar\chrome\skin\TRUSTe_about.png
c:\program files\bflixtoolbar\chrome\skin\tv_png
c:\program files\bflixtoolbar\chrome\skin\twitter_png
c:\program files\bflixtoolbar\chrome\skin\vmn.css
c:\program files\bflixtoolbar\chrome\skin\vmn.png
c:\program files\bflixtoolbar\chrome\skin\Weather_png
c:\program files\bflixtoolbar\chrome\skin\web.png
c:\program files\bflixtoolbar\chrome\skin\websearch.png
c:\program files\bflixtoolbar\chrome\skin\wikipedia.png
c:\program files\bflixtoolbar\chrome\skin\yahoosearch.png
c:\program files\bflixtoolbar\chrome\skin\yellow.gif
c:\program files\bflixtoolbar\chrome\skin\youtube.png
c:\program files\bflixtoolbar\chrome\skin\zoom.png
c:\program files\bflixtoolbar\components\windowmediator.js
c:\program files\bflixtoolbar\install.ico
c:\program files\bflixtoolbar\manifest.xml
c:\program files\bflixtoolbar\partner.xml
c:\program files\bflixtoolbar\uninstall.exe
c:\program files\bflixtoolbar\vmntemplate.dll
c:\program files\bflixtoolbar\vmNTemplatex.dll
c:\windows\$NtUninstallKB56053$
c:\windows\$NtUninstallKB56053$\1534844100
c:\windows\$NtUninstallKB56053$\4183434159\@
c:\windows\$NtUninstallKB56053$\4183434159\bckfg.tmp
c:\windows\$NtUninstallKB56053$\4183434159\cfg.ini
c:\windows\$NtUninstallKB56053$\4183434159\Desktop.ini
c:\windows\$NtUninstallKB56053$\4183434159\keywords
c:\windows\$NtUninstallKB56053$\4183434159\kwrd.dll
c:\windows\$NtUninstallKB56053$\4183434159\L\pdmzmplg
c:\windows\$NtUninstallKB56053$\4183434159\lsflt7.ver
c:\windows\$NtUninstallKB56053$\4183434159\U\00000001.@
c:\windows\$NtUninstallKB56053$\4183434159\U\00000002.@
c:\windows\$NtUninstallKB56053$\4183434159\U\00000004.@
c:\windows\$NtUninstallKB56053$\4183434159\U\80000000.@
c:\windows\$NtUninstallKB56053$\4183434159\U\80000004.@
c:\windows\$NtUninstallKB56053$\4183434159\U\80000032.@
c:\windows\kb913800.exe
c:\windows\system32\logs< BR>c:\windows\system32\logs\Settings.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-12-05 to 2012-01-05 )))))))))))))))))))))))))))))))
.
.
2012-01-05 15:12 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-05 15:12 . 2012-01-05 15:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-31 05:10 . 2011-12-31 05:10 -------- d-----w- c:\documents and settings\mubarak\Local Settings\Application Data\Premiumplay Codec-C
2011-12-31 05:10 . 2011-12-31 05:10 -------- d-----w- c:\program files\Premiumplay Codec-C
2011-12-31 05:08 . 2011-12-31 05:08 -------- d-----w- C:\codec-info
2011-12-31 05:08 . 2011-12-31 05:08 -------- d-----w- c:\documents and settings\mubarak\Application Data\vmntemplate
2011-12-31 05:07 . 2011-12-31 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Premium
2011-12-31 05:07 . 2011-12-31 05:10 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
2011-12-28 02:51 . 2011-10-15 18:16 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-12-28 02:51 . 2011-10-15 18:16 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-12-28 02:51 . 2011-10-15 18:16 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-12-28 02:51 . 2011-10-15 18:16 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-12-28 02:51 . 2011-10-15 18:16 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-12-28 02:51 . 2011-10-15 18:16 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-12-28 02:51 . 2011-10-15 18:16 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-12-28 02:51 . 2011-10-15 18:16 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-12-28 02:51 . 2011-12-28 02:52 -------- d-----w- c:\program files\Common Files\Mcafee
2011-12-28 02:41 . 2011-11-18 22:36 150856 ----a-w- c:\windows\system32\mfevtps.exe
2011-12-22 06:26 . 2011-12-22 06:26 -------- d-----w- c:\documents and settings\mubarak\Application Data\DDMSettings
2011-12-14 01:16 . 2011-10-28 05:31 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-09 04:21 . 2011-12-09 04:21 -------- d-----w- c:\program files\WinPcap
2011-12-08 03:57 . 2011-12-08 03:57 -------- d-----w- c:\documents and settings\NetworkService\Application Data\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-06 04:26 . 2011-07-03 02:09 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25 . 2005-08-16 10:18 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2005-08-16 10:18 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2005-08-16 10:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2005-08-16 10:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2005-08-16 10:18 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2005-08-16 10:18 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-25 13:37 . 2005-08-16 10:18 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-04 04:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-20 23:26 . 2011-10-20 23:26 94208 -c--a-w- c:\windows\system32\dpl100.dll
2011-10-15 18:16 . 2011-10-15 18:16 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 18:16 . 2011-10-15 18:16 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-10-14 23:38 . 2005-08-16 10:18 456192 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2005-08-16 10:40 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-08 05:21 . 2010-07-10 15:52 87608 ----a-w- c:\documents and settings\mubarak\Application Data\inst.exe
2011-10-08 05:21 . 2010-07-10 15:52 47360 ----a-w- c:\documents and settings\mubarak\Application Data\pcouffin.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11111111-1111-1111-1111-110011041135}]
2011-12-14 20:03 463872 ----a-w- c:\program files\Premiumplay Codec-C\Premiumplay Codec-C.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 21:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 21:54 175912 ----a-w- c:\program files\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"InstantBurn"="c:\progra~1\NOVADE~1\MEDIAN~1\INSTAN~1\Win2K\IBurn.exe" [2006-08-31 733184]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKAIO2StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe" [2011-09-02 2717696]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1318816]
.
c:\documents and settings\mubarak\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE [2010-10-20 3207072]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-2-16 24576]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^mubarak^Start Menu^Programs^Startup^Seagate Product Registration.lnk]
path=c:\documents and settings\mubarak\Start Menu\Programs\Startup\Seagate Product Registration.lnk
backup=c:\windows\pss\Seagate Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo AutoSync]
2010-04-16 21:43 144608 ----a-w- c:\program files\Memeo\AutoSync\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Instant Backup]
2011-01-24 18:35 136416 ----a-w- c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Send]
2009-11-05 00:29 236816 ----a-w- c:\program files\Memeo\Memeo Send\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-11-15 14:05 1121016 ----a-w- c:\program files\Roxio\Drag-to-Disc\drgtodsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
2011-06-01 16:42 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-09-24 18:19 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\VSO\\VSO Downloader\\1\\VsoDownloader.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9322:TCP"= 9322:TCP:EKDiscovery
"5353:UDP"= 5353:UDP:Bonjour Port 5353
.
R0 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [7/15/2008 9:56 PM 10368]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [12/27/2011 8:51 PM 89792]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/18/2011 6:02 PM 116608]
R2 CLBUDF;CyberLink UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [11/18/2008 8:01 AM 182272]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [10/20/2010 3:23 PM 821664]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [9/5/2011 4:00 PM 393648]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [12/27/2011 8:51 PM 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [12/27/2011 8:51 PM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [12/27/2011 8:51 PM 214904]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [1/24/2011 12:35 PM 25824]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [12/27/2011 8:52 PM 160608]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [12/27/2011 8:41 PM 150856]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [7/15/2010 6:45 PM 35088]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [6/1/2011 10:42 AM 14088]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [9/14/2010 5:46 AM 508264]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/8/2008 9:14 AM 24652]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [12/27/2011 8:51 PM 57600]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [12/27/2011 8:51 PM 338176]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [12/27/2011 8:51 PM 83856]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [12/2/2009 10:23 PM 581480]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [12/2/2009 10:23 PM 209640]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [12/2/2009 10:23 PM 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [12/2/2009 10:23 PM 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [9/14/2010 5:46 AM 219496]
S1 swenumm;swenumm;c:\windows\system32\drivers\swenumm.sys --> c:\windows\system32\drivers\swenumm.sys [?]
S2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe --> c:\program files\AskBarDis\bar\bin\AskService.exe [?]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe --> c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/28/2010 9:27 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/28/2010 9:27 PM 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 6:49 AM 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [12/27/2011 8:51 PM 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [12/27/2011 8:51 PM 87656]
S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [12/9/2009 9:08 AM 23096]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [8/22/2008 5:38 PM 47360]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [5/20/2009 3:35 AM 1128944]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 12:19 PM 268528]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 10:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 03:27]
.
2012-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 03:27]
.
2012-01-05 c:\windows\Tasks\User_Feed_Synchronization-{D9816710-AAE6-460B-AEFF-C56161944280}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=14
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-bflixtoolbar - c:\program files\bflixtoolbar\uninstall.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-05 10:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\09\06\18\04 \0e?"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(996)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2172)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\ZuneBusEnum.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Seagate\Seagate Dashboard\MemeoDashboard.exe
q:\140062.enu\Office14\ONENOTEM.EXE
c:\windows\system32\msiexec.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
c:\program files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
.
**************************************************************************
.
Completion time: 2012-01-05 10:37:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-05 16:36
.
Pre-Run: 92,365,791,232 bytes free
Post-Run: 92,719,071,232 bytes free
.
- - End Of File - - 591F75A2838BBBB4A018AD0FA585CBBA
Delete ReplyReply ForwardSpamMovePrint Actions NextPrevious
myrti replied to Trojan PoP up Ads browser
1 recipientsCC: recipientsYou MoreBCC: recipientsYou Show Details FROM:Geeks to Go Forums TO:[email protected] Message flagged Thursday, January 5, 2012 9:03 AMMessage body
MM44,

myrti has just posted a reply to a topic that you have subscribed to titled "Trojan PoP up Ads browser".

The topic can be found here:
http://www.geekstogo...view=getnewpost

If you have configured in your control panel to receive immediate topic reply notifications, you may receive an
email for each reply made to this topic. Otherwise, only 1 email is sent per board visit for each subscribed topic.
This is to limit the amount of mail that is sent to your inbox.

Unsubscribing:
--------------

You can unsubscribe at any time by logging into your control panel and clicking on the "Manage Watched Topics" link in the "Forums" tab.


Delete ReplyReply ForwardSpamMovePrint Actions NextPrevious
"); UnreadFromSubjectDateAttachmentFlagForwardFReply to SenderRReply to AllAInbox0SpamTrashNew FolderD then Ctrl+Shift+EShow preview below message listShow preview beside message listNew FolderCtrl+Shift+ERename FolderDelete FolderMark All ReadEmpty SpamEmpty TrashNew FolderCtrl+Shift+EMark All ReadEmpty SpamEmpty TrashOpenEnterPrintPReply to SenderRReply to AllAForwardFMark as ReadKMark as UnreadShift+KFlagLClear FlagShift+LThis is SpamNot SpamDelete Email...DeleteView Full HeaderSet Language Encoding...Filter Emails Like This...Add Sender to ContactsShift+ARemove ApplicationFROMTO

[MM44]

Sorry I took so long . I did what u said , I put the computer on safemode . I am having so much trouble going on geekstogo on my computer that's infected It will say script running slow . So i copied the log and sent it to my email opened it up on another computer laptop and pasted it on here . thank u for your time

[myrti]

Hi,

and after running ComboFix things haven't improved?

regards myrti

[MM44]

i dont know why this site doesnt work on my computer its beyong slow . did combofix the problem ?

[myrti]

Hi,

is it just geekstogo or all websites? Could you try a different browser and tell me if the issue remains the same?

Could you please also be a bit more detailed in your replies, I have a hard time figuring out what you mean.

regards myrti