Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

laptop infected- can't get rid of pop ups [Closed]


  • This topic is locked This topic is locked

#1
treynolds

treynolds

    New Member

  • Member
  • Pip
  • 6 posts
I let a friend use my laptop and since i got it back everytime i go online i have a ton of pop ups and windows that open. I've tried doing spyware scan and deleting some stuff but it hasn't helped. Can you please look at my log? Thanks.

OTL logfile created on: 12/19/2010 3:26:50 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\tracey and jim\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.99 Gb Total Space | 241.19 Gb Free Space | 84.34% Space Free | Partition Type: NTFS

Computer Name: TRACEYANDJIM-PC | User Name: tracey and jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/19 15:26:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\tracey and jim\Desktop\OTL.exe
PRC - [2010/09/20 05:13:50 | 001,579,968 | ---- | M] (Discordia Limited) -- C:\Program Files (x86)\Bandoo\BndCore.exe
PRC - [2010/09/20 05:13:48 | 001,940,928 | ---- | M] (Discordia Limited) -- C:\Program Files (x86)\Bandoo\Bandoo.exe
PRC - [2010/02/25 16:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccsvchst.exe
PRC - [2010/01/26 16:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe
PRC - [2010/01/11 14:21:52 | 000,490,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/11/05 23:19:27 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/09/10 05:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/08/28 01:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009/08/18 01:42:08 | 001,157,128 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/08/03 21:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/03 18:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/06/17 17:31:58 | 000,144,640 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2009/04/15 23:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/02/23 05:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Modules (SafeList) ==========

MOD - [2010/12/19 15:26:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\tracey and jim\Desktop\OTL.exe
MOD - [2010/08/20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/30 14:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/29 04:03:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 18:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/09/20 05:13:48 | 001,940,928 | ---- | M] (Discordia Limited) [Auto | Running] -- C:\Program Files (x86)\Bandoo\Bandoo.exe -- (Bandoo Coordinator)
SRV - [2010/02/25 16:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2009/10/09 16:59:22 | 000,121,416 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
SRV - [2009/10/09 16:58:46 | 000,125,512 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe -- (CAATT)
SRV - [2009/09/10 05:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 01:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/17 17:31:58 | 000,144,640 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2009/06/17 17:31:46 | 000,050,432 | ---- | M] (NewTech InfoSystems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 10:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/05/24 14:48:16 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/05/05 20:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2010/04/28 21:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/21 19:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010/04/21 18:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/21 18:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/02/25 16:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\cchpx64.sys -- (ccHP)
DRV:64bit: - [2009/10/14 19:50:05 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symds64.sys -- (SymDS)
DRV:64bit: - [2009/10/09 16:44:10 | 000,043,032 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\PCTINDIS5X64.sys -- (PCTINDIS5X64)
DRV:64bit: - [2009/10/01 21:33:48 | 000,946,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/09/08 07:49:30 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2009/08/21 01:18:16 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/08/09 19:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/29 14:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/26 23:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/18 04:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 12:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 03:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 03:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 03:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 00:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 00:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/05/04 15:02:20 | 000,198,528 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swumxa3.sys -- (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3)
DRV:64bit: - [2009/05/04 05:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/03 06:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/03/31 13:50:38 | 000,227,840 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swnc8ua3.sys -- (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3)
DRV:64bit: - [2009/01/14 13:20:03 | 000,034,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmsflt.sys -- (swmsflt)
DRV:64bit: - [2007/08/23 06:29:48 | 000,142,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2007/08/23 06:29:48 | 000,114,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV:64bit: - [2007/08/23 06:29:48 | 000,105,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2007/08/23 06:29:48 | 000,016,040 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010/12/16 16:45:05 | 001,791,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101219.003\EX64.SYS -- (NAVEX15)
DRV - [2010/12/16 16:45:04 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101219.003\ENG64.SYS -- (NAVENG)
DRV - [2010/12/01 01:03:34 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101215.001\IDSviA64.sys -- (IDSVia64)
DRV - [2010/11/03 16:07:05 | 000,953,904 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101104.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/08/11 01:42:27 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/05/26 20:13:56 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/03/25 19:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\Drivers\DKbFltr.sys -- (DKbFltr) Dritek Keyboard Filter Driver (64-bit)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...14z1j5t4912y321
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...14z1j5t4912y321
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...14z1j5t4912y321
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...14z1j5t4912y321

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...14z1j5t4912y321
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\..\URLSearchHook: {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - C:\Program Files (x86)\MTWBSA\mtwb3sh.dll (MTWB)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/05/26 17:55:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/05/24 14:48:41 | 000,000,000 | ---D | M]

[2010/08/26 16:24:10 | 000,000,000 | ---D | M] -- C:\Users\tracey and jim\AppData\Roaming\Mozilla\Extensions
[2010/08/26 16:24:10 | 000,000,000 | ---D | M] -- C:\Users\tracey and jim\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/05/09 03:10:22 | 000,000,000 | ---D | M] -- C:\Users\tracey and jim\AppData\Roaming\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll (Discordia Limited)
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files (x86)\MTWBSA\BHO.dll (MTWB)
O2 - BHO: (Fast Browser Search Toolbar Helper) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Fast Browser Search\IE\FBStoolbar.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Fast Browser Search) - {D7293762-9884-48E2-B836-E0195B9D91D0} - C:\Program Files (x86)\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Fast Browser Search) - {D7293762-9884-48E2-B836-E0195B9D91D0} - C:\Program Files (x86)\Fast Browser Search\IE\FBStoolbar.dll ()
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [AT&T Communication Manager] C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe (ATT)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [FBSSA] C:\Program Files\MTWBSA\ie3sh.exe File not found
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh...aploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 204.14.141.218 204.14.138.10
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\bandoo\bndhook.dll) - c:\Program Files (x86)\Bandoo\BndHook.dll (Discordia Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d8b837ed-39a9-11df-84be-002622e3964a}\Shell - "" = AutoRun
O33 - MountPoints2\{d8b837ed-39a9-11df-84be-002622e3964a}\Shell\AutoRun\command - "" = E:\WIN\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/19 15:25:58 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\tracey and jim\Desktop\OTL.exe
[2010/12/15 14:04:19 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2010/12/15 14:04:11 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/12/15 14:04:10 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/12/15 14:04:10 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/12/15 14:04:10 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/12/15 14:04:10 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/12/15 14:04:10 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/12/15 14:04:10 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/12/15 14:04:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/12/15 14:04:10 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/12/15 14:04:10 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/12/15 14:04:10 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/12/15 14:04:10 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/12/15 14:04:10 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/12/15 14:04:10 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/12/14 22:47:39 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2010/12/14 22:47:39 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2010/12/14 22:47:39 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2010/12/14 22:47:39 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2010/12/14 22:47:39 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2010/12/14 22:47:39 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2010/12/14 22:47:39 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2010/12/14 22:47:39 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2010/12/14 22:47:16 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/12/14 22:47:15 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/12/14 22:47:15 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/12/14 22:47:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/12/14 22:47:12 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2010/12/14 22:47:12 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2010/12/14 13:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\oNdEl06309
[2010/12/10 23:03:41 | 000,000,000 | ---D | C] -- C:\Users\tracey and jim\AppData\Roaming\Digsby
[2010/12/10 23:03:41 | 000,000,000 | ---D | C] -- C:\Users\tracey and jim\AppData\Local\Digsby
[2010/12/10 23:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Digsby
[2010/12/10 22:59:33 | 000,000,000 | ---D | C] -- C:\Users\tracey and jim\AppData\Local\WeatherBug
[2010/12/10 22:59:23 | 000,000,000 | ---D | C] -- C:\Users\tracey and jim\AppData\Roaming\WeatherBug
[2010/12/10 22:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Free Ride Games
[2010/12/10 22:54:04 | 000,000,000 | ---D | C] -- C:\ProgramData\EmailNotifier
[2010/12/04 07:47:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Club Player Casino
[2010/11/27 16:00:19 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/11/27 16:00:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/11/27 15:56:53 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/11/22 22:37:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wild Vegas
[2010/11/22 22:29:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Highnoon Casino
[2010/11/22 19:12:33 | 000,000,000 | ---D | C] -- C:\ProgramData\QueryExplorer
[2010/11/22 19:12:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QueryExplorer
[1 C:\Users\tracey and jim\AppData\Local\*.tmp files -> C:\Users\tracey and jim\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/19 15:26:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\tracey and jim\Desktop\OTL.exe
[2010/12/19 14:40:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/19 14:40:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/19 14:35:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/19 14:33:18 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/19 14:32:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/19 14:32:24 | 2211,483,648 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/16 16:34:17 | 000,431,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/12/14 01:20:58 | 000,205,364 | ---- | M] () -- C:\Users\tracey and jim\Desktop\IMG_5249.jpg
[2010/12/14 01:20:40 | 000,237,795 | ---- | M] () -- C:\Users\tracey and jim\Desktop\IMG_6807.jpg
[2010/12/04 14:16:02 | 000,004,096 | -H-- | M] () -- C:\Users\tracey and jim\AppData\Local\keyfile3.drm
[2010/11/28 16:11:11 | 000,027,648 | ---- | M] () -- C:\Users\tracey and jim\Desktop\My Fair Lady.doc
[2010/11/28 15:53:10 | 000,025,600 | ---- | M] () -- C:\Users\tracey and jim\Desktop\Essay.doc
[2010/11/28 15:33:10 | 000,027,648 | ---- | M] () -- C:\Users\tracey and jim\Desktop\Section 3.doc
[1 C:\Users\tracey and jim\AppData\Local\*.tmp files -> C:\Users\tracey and jim\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/14 01:20:57 | 000,205,364 | ---- | C] () -- C:\Users\tracey and jim\Desktop\IMG_5249.jpg
[2010/12/14 01:20:38 | 000,237,795 | ---- | C] () -- C:\Users\tracey and jim\Desktop\IMG_6807.jpg
[2010/12/04 14:16:02 | 000,004,096 | -H-- | C] () -- C:\Users\tracey and jim\AppData\Local\keyfile3.drm
[2010/11/28 15:53:10 | 000,025,600 | ---- | C] () -- C:\Users\tracey and jim\Desktop\Essay.doc
[2010/11/28 15:33:09 | 000,027,648 | ---- | C] () -- C:\Users\tracey and jim\Desktop\Section 3.doc
[2010/11/27 16:17:56 | 000,027,648 | ---- | C] () -- C:\Users\tracey and jim\Desktop\My Fair Lady.doc
[2010/11/14 01:44:42 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/11/14 01:44:42 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/10/04 19:18:51 | 000,338,944 | ---- | C] () -- C:\Windows\SysWow64\lffpx7.dll
[2010/10/04 19:18:51 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\lfkodak.dll
[2010/09/25 23:53:39 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2010/09/25 23:53:39 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2010/08/21 17:31:58 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/08/21 02:03:56 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2010/08/21 01:52:54 | 000,000,029 | ---- | C] () -- C:\Windows\CDMKR32.INI
[2010/08/08 21:57:40 | 000,000,126 | ---- | C] () -- C:\Users\tracey and jim\AppData\Roaming\wklnhst.dat
[2010/07/13 01:57:28 | 000,000,017 | ---- | C] () -- C:\Users\tracey and jim\AppData\Local\resmon.resmoncfg
[2010/06/03 23:50:34 | 000,000,128 | ---- | C] () -- C:\Windows\JCMKR32.INI
[2010/03/28 08:41:48 | 000,000,065 | ---- | C] () -- C:\Windows\wininit.ini
[2009/12/12 09:54:34 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009/12/12 09:54:33 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:4BB26BE9
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:DE73B0FE
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:703CE963

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Once these two programmes have run could you let me know if the problem persists

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    IE - HKCU\..\URLSearchHook: {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - C:\Program Files (x86)\MTWBSA\mtwb3sh.dll (MTWB)
    O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files (x86)\MTWBSA\BHO.dll (MTWB)
    O2 - BHO: (Fast Browser Search Toolbar Helper) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Fast Browser Search\IE\FBStoolbar.dll ()
    O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (Fast Browser Search) - {D7293762-9884-48E2-B836-E0195B9D91D0} - C:\Program Files (x86)\Fast Browser Search\IE\FBStoolbar.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (Fast Browser Search) - {D7293762-9884-48E2-B836-E0195B9D91D0} - C:\Program Files (x86)\Fast Browser Search\IE\FBStoolbar.dll ()
    O4 - HKLM..\Run: [FBSSA] C:\Program Files\MTWBSA\ie3sh.exe File not found
    O20 - AppInit_DLLs: (c:\progra~2\bandoo\bndhook.dll) - c:\Program Files (x86)\Bandoo\BndHook.dll (Discordia Limited)
    [2010/12/14 13:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\oNdEl06309


    :Files
    ipconfig /flushdns /c
    C:\Program Files (x86)\MTWBSA
    C:\Program Files (x86)\Fast Browser Search

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#3
treynolds

treynolds

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ok I did what you told me to. I just completed it so i haven't been on it too much since then- so far i haven't gotten as many pop ups as i was - there's been two that have come up though- one that comes up alot- when the window pops up it says something like ililti or something in the address bar. Everytime i see it and go to write it down though it changes to an ad and doesn't say it anymore. Here are my new logs. Thank you for your help.



All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91C18ED5-5E1C-4AE5-A148-A861DE8C8E16}\ deleted successfully.
C:\Program Files (x86)\MTWBSA\mtwb3sh.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0626A63-410B-45E2-99A1-3F2475B2D695}\ deleted successfully.
C:\Program Files (x86)\MTWBSA\BHO.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ not found.
File C:\Program Files (x86)\Fast Browser Search\IE\FBStoolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D7293762-9884-48E2-B836-E0195B9D91D0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7293762-9884-48E2-B836-E0195B9D91D0}\ not found.
File C:\Program Files (x86)\Fast Browser Search\IE\FBStoolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7293762-9884-48E2-B836-E0195B9D91D0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7293762-9884-48E2-B836-E0195B9D91D0}\ not found.
File C:\Program Files (x86)\Fast Browser Search\IE\FBStoolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FBSSA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\bandoo\bndhook.dll deleted successfully.
c:\Program Files (x86)\Bandoo\BndHook.dll moved successfully.
Folder C:\ProgramData\oNdEl06309\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\tracey and jim\Desktop\cmd.bat deleted successfully.
C:\Users\tracey and jim\Desktop\cmd.txt deleted successfully.
C:\Program Files (x86)\MTWBSA folder moved successfully.
C:\Program Files (x86)\Fast Browser Search folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: tracey and jim
->Temp folder emptied: 945881 bytes
->Temporary Internet Files folder emptied: 246825217 bytes
->Java cache emptied: 329488557 bytes
->Google Chrome cache emptied: 10023740 bytes
->Flash cache emptied: 2899630 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 83391 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 563.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.17.3 log created on 06262012_173317

Files\Folders moved on Reboot...
C:\Users\tracey and jim\AppData\Local\Temp\Low\~DF15BD71E633F9593D.TMP moved successfully.
C:\Users\tracey and jim\AppData\Local\Temp\Low\~DF6349A684DCB46BBF.TMP moved successfully.
C:\Users\tracey and jim\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X3OI2Z8N\fastbutton[1].htm moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X3OI2Z8N\index[1].htm moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X3OI2Z8N\like[1].htm moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X3OI2Z8N\proxy[1].htm moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RK48KUA5\iframe[1].htm moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RK48KUA5\like[1].htm moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RK48KUA5\st[1] moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O35POQDY\26069_18[1].gif moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O35POQDY\aiCAD4PZND.htm moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O35POQDY\aiCARGUIJ8.htm moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O35POQDY\google_analytics[1].htm moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O35POQDY\iframe_proxy[1].htm moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O35POQDY\link[1].htm moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O35POQDY\link[2].htm moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O35POQDY\set[1].htm moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O35POQDY\sound_iframe[1].htm moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O35POQDY\worldkeepershop_com[1].htm moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O35POQDY\xhr[1].htm moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O35POQDY\xpromo[1].htm moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LGYOKQBF\pop[1].js moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LGYOKQBF\zas[1].htm moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L35S6EWO\569[1].gif moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L35S6EWO\9bbfc121895d9ac2440a176f4a3cd693eff2e92c[1] moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L35S6EWO\ai[11].htm moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L35S6EWO\index[1].htm moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L35S6EWO\like[1].htm moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L35S6EWO\link[1].htm moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L35S6EWO\link[2].htm moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L35S6EWO\link[3].htm moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EZ0H4V3Y\12[1].htm moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EZ0H4V3Y\aiCA08SV7Z.htm moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EZ0H4V3Y\aiCARBUWU4.htm moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EZ0H4V3Y\iframe[1].htm moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EZ0H4V3Y\iframe_proxy[1].htm moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AF066P2P\zas[1].htm moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8DIKN5JH\pop[1].js moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8DIKN5JH\xd_arbiter[2].htm moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7ORO0BJH\iframe[2].htm moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7ORO0BJH\st[2] moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1L109FBX\12[1].htm moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1L109FBX\security-essentials[1].htm moved successfully.
C:\Users\tracey and jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...





Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.27.03

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
tracey and jim :: TRACEYANDJIM-PC [administrator]

6/26/2012 10:09:49 PM
mbam-log-2012-06-26 (22-09-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220947
Time elapsed: 7 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\ProgramData\QueryExplorer (Adware.QueryExplorer) -> Quarantined and deleted successfully.
C:\Program Files (x86)\QueryExplorer (Adware.QueryExplorer) -> Quarantined and deleted successfully.

Files Detected: 6
C:\Users\tracey and jim\AppData\Roaming\Adobe\plugs\mmc160353084.txt (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\tracey and jim\Desktop\BflixInstaller.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\tracey and jim\Desktop\setup.exe (PUP.Casino) -> Quarantined and deleted successfully.
C:\Windows\Installer\{10143937-3810-bd58-52b8-bebc96de7bf9}\U\[email protected] (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Users\tracey and jim\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\tracey and jim\AppData\Roaming\Adobe\plugs\mmc160378855.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

(end)
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Malwarebytes revealed something that was not showing in the original OTL, I will need to use a stronger tool to clear that

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
treynolds

treynolds

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
After doing what you told me its running alot better- i haven't had any pop ups so far. Here is my log... and thank you for all your help.




ComboFix 12-06-27.01 - tracey and jim 06/27/2012 14:02:17.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1728 [GMT -7:00]
Running from: c:\users\tracey and jim\Documents\LimeWire\Saved\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Bandoo\Plugins\IE\iePLugin.dll
c:\program files (x86)\bflixtoolbar
c:\program files (x86)\bflixtoolbar\chrome\content\lib\about.xml
c:\program files (x86)\bflixtoolbar\chrome\content\lib\dtxpanel.xul
c:\program files (x86)\bflixtoolbar\chrome\content\lib\dtxpanelwin.xul
c:\program files (x86)\bflixtoolbar\chrome\content\lib\dtxprefwin.xul
c:\program files (x86)\bflixtoolbar\chrome\content\lib\dtxtransparentwin.xul
c:\program files (x86)\bflixtoolbar\chrome\content\lib\dtxwin.xul
c:\program files (x86)\bflixtoolbar\chrome\content\lib\emailnotifierproviders.xml
c:\program files (x86)\bflixtoolbar\chrome\content\lib\external.js
c:\program files (x86)\bflixtoolbar\chrome\content\lib\neterror.xhtml
c:\program files (x86)\bflixtoolbar\chrome\content\lib\nsDragAndDrop.js
c:\program files (x86)\bflixtoolbar\chrome\content\lib\rsspreview.html
c:\program files (x86)\bflixtoolbar\chrome\content\lib\rsswin.xml
c:\program files (x86)\bflixtoolbar\chrome\content\lib\rsswin.xsl
c:\program files (x86)\bflixtoolbar\chrome\content\lib\vmncode.js
c:\program files (x86)\bflixtoolbar\chrome\content\lib\wmpstreamer.html
c:\program files (x86)\bflixtoolbar\chrome\content\modules\datastore.jsm
c:\program files (x86)\bflixtoolbar\chrome\content\neterror.xhtml
c:\program files (x86)\bflixtoolbar\chrome\content\newtab\images\btn_search.gif
c:\program files (x86)\bflixtoolbar\chrome\content\newtab\images\bullet.gif
c:\program files (x86)\bflixtoolbar\chrome\content\newtab\images\field_bg.gif
c:\program files (x86)\bflixtoolbar\chrome\content\newtab\images\powered_by_yahoo.gif
c:\program files (x86)\bflixtoolbar\chrome\content\newtab\newtab.html
c:\program files (x86)\bflixtoolbar\chrome\content\newtab\newtab_mystart.html
c:\program files (x86)\bflixtoolbar\chrome\content\newtab\newtab_yahoo.html
c:\program files (x86)\bflixtoolbar\chrome\content\preferences.xml
c:\program files (x86)\bflixtoolbar\chrome\content\toolbar.htm
c:\program files (x86)\bflixtoolbar\chrome\content\toolbar.xul
c:\program files (x86)\bflixtoolbar\chrome\content\vmncode.js
c:\program files (x86)\bflixtoolbar\chrome\content\vmnrsswin.xml
c:\program files (x86)\bflixtoolbar\chrome\data\dynamicElements\vmntoolbar.xsl
c:\program files (x86)\bflixtoolbar\chrome\data\product.xml
c:\program files (x86)\bflixtoolbar\chrome\data\rss\rss.xml
c:\program files (x86)\bflixtoolbar\chrome\data\search\engines.xml
c:\program files (x86)\bflixtoolbar\chrome\data\search\search.xsl
c:\program files (x86)\bflixtoolbar\chrome\data\weather\icons.xml
c:\program files (x86)\bflixtoolbar\chrome\skin\1x1_png
c:\program files (x86)\bflixtoolbar\chrome\skin\1x1_white_png
c:\program files (x86)\bflixtoolbar\chrome\skin\about.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\about_logo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\arcade_png
c:\program files (x86)\bflixtoolbar\chrome\skin\babylon_logo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\bflix_logo_png
c:\program files (x86)\bflixtoolbar\chrome\skin\blank_png
c:\program files (x86)\bflixtoolbar\chrome\skin\bluelite.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\bluesky.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\btn-search-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\btn-search.png
c:\program files (x86)\bflixtoolbar\chrome\skin\btn-settings-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\btn-settings.png
c:\program files (x86)\bflixtoolbar\chrome\skin\btn-widgets-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\btn-widgets.png
c:\program files (x86)\bflixtoolbar\chrome\skin\btn_settings.png
c:\program files (x86)\bflixtoolbar\chrome\skin\ca.png
c:\program files (x86)\bflixtoolbar\chrome\skin\dictionary.png
c:\program files (x86)\bflixtoolbar\chrome\skin\divider.png
c:\program files (x86)\bflixtoolbar\chrome\skin\downloadcom.png
c:\program files (x86)\bflixtoolbar\chrome\skin\dtxlogo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\email.png
c:\program files (x86)\bflixtoolbar\chrome\skin\email_on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\facebook.png
c:\program files (x86)\bflixtoolbar\chrome\skin\facebook_png
c:\program files (x86)\bflixtoolbar\chrome\skin\games.png
c:\program files (x86)\bflixtoolbar\chrome\skin\Games_png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphna.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred0.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred0_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred1.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred1_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred2.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred2_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred3.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred3_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred4.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred4_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphredna.png
c:\program files (x86)\bflixtoolbar\chrome\skin\grey.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\ico-shield.png
c:\program files (x86)\bflixtoolbar\chrome\skin\images.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lfg_smll_png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\add.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\alexabutton.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\aol.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\arrow-dn.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\arrow-right.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\arrow-up.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btn-divider.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btn-end.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btn-mdl.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btn-start.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btnover-divider.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btnover-end.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btnover-start.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\blank.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btn-widgets-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btn-widgets.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btn_slider.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btnback-down-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btnback-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btnleft-down-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btnleft-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btnright-down-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btnright-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\button-splitter-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\button-splitter.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\checkmark.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\chevron.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\collapse.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\comcast.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\debugbar\debug.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\dtx-test.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\dtx.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\edit-back-hot.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\edit-back.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\embarq.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\expand.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\fast.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\found.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\gmail.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\gripper.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\highlight.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\highlight_blue.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\highlight_cyan.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\highlight_lime.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\highlight_magenta.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\highlight_yellow.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\hotmail.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\ico-check.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\imap.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\launchers.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\loadingMid.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\lock.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\logo-separator.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\mailcom.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menu_bg-basic.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menu_separator_bar.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menu_separator_white.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitem-splitter.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitemback-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitemleft-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitemleft.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitemright-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\minus.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\modify.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\move.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\movetarget.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\newsitem.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\css\panels.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\css\popupGames.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\default.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\main.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\footer.htm
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\gameData.js
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\gameList.xsl
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\games.xsl
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\gametype.xsl
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-back.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-next.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\ico-download.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\ico-play.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\icon-download.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\icon-play.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollb.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollt.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\widgets.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\initHTML.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\popupGames.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\popupHTML.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\popupRSS.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\popupWidgets.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\scroll.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\plus.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\pop.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\css\manager.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\css\slider.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\music-note.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-options.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\slider.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\slideron.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\track.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\managerpanel.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\volumeslider.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank0.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank0_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank1.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank1_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank2.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank2_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank3.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank3_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank4.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank4_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rankna.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\reload.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\remove.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rename.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\resize-box.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rss.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rsschannelback.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\RSSLogo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rsstabdivider.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\scroll-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\scroll-right.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\search-go.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\search.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\separator.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\text-ellipsis.xml
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\throbber.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\toolbarsplitter.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\transparent_1px.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_02.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_03.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_04.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_06.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_07.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_08.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_09.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_10.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_11.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_12.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_13.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_14.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_15.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_16.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_18.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_19.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_20.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_21.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\close-hot.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\close-normal.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\proxy.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\template.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\template.xml
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\templateFF.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\throbber.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\websiteinspector-highrisk-user.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\websiteinspector-highrisk.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\websiteinspector-lowrisk.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\websiteinspector-norating.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\websiteinspector-verified-user.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\websiteinspector-verified.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\websiteinspector-verifying.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\yahoo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lichen.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\Linked_in_png
c:\program files (x86)\bflixtoolbar\chrome\skin\logo-about.png
c:\program files (x86)\bflixtoolbar\chrome\skin\logo-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\logo-separator.png
c:\program files (x86)\bflixtoolbar\chrome\skin\logo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\mail.png
c:\program files (x86)\bflixtoolbar\chrome\skin\menuseparatorback.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\modify-save.png
c:\program files (x86)\bflixtoolbar\chrome\skin\modify.png
c:\program files (x86)\bflixtoolbar\chrome\skin\modifyhot.png
c:\program files (x86)\bflixtoolbar\chrome\skin\music.png
c:\program files (x86)\bflixtoolbar\chrome\skin\music_png
c:\program files (x86)\bflixtoolbar\chrome\skin\Myspace_png
c:\program files (x86)\bflixtoolbar\chrome\skin\namespacetoolbar.css
c:\program files (x86)\bflixtoolbar\chrome\skin\news.png
c:\program files (x86)\bflixtoolbar\chrome\skin\options-main.png
c:\program files (x86)\bflixtoolbar\chrome\skin\options-search.png
c:\program files (x86)\bflixtoolbar\chrome\skin\options\options-main.png
c:\program files (x86)\bflixtoolbar\chrome\skin\options\options-search.png
c:\program files (x86)\bflixtoolbar\chrome\skin\options\options-weather.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\options\options-weather.png
c:\program files (x86)\bflixtoolbar\chrome\skin\options\options-widgets.png
c:\program files (x86)\bflixtoolbar\chrome\skin\orange.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\p_yahoo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\pixsy.png
c:\program files (x86)\bflixtoolbar\chrome\skin\ppcbully.png
c:\program files (x86)\bflixtoolbar\chrome\skin\protect-id.png
c:\program files (x86)\bflixtoolbar\chrome\skin\relatedlinks.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-collapse.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-delete.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-expand.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-feed.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-folder-remove.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-folder-rename.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-folder.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-found.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-reload.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-subscribe.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rssback.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\rsstopback.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\search-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\search.png
c:\program files (x86)\bflixtoolbar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files (x86)\bflixtoolbar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files (x86)\bflixtoolbar\chrome\skin\settings.png
c:\program files (x86)\bflixtoolbar\chrome\skin\shopping.png
c:\program files (x86)\bflixtoolbar\chrome\skin\siteinfo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\skin-bluelite.png
c:\program files (x86)\bflixtoolbar\chrome\skin\skin-bluesky.png
c:\program files (x86)\bflixtoolbar\chrome\skin\skin-grey.png
c:\program files (x86)\bflixtoolbar\chrome\skin\skin-lichen.png
c:\program files (x86)\bflixtoolbar\chrome\skin\skin-orange.png
c:\program files (x86)\bflixtoolbar\chrome\skin\skin-yellow.png
c:\program files (x86)\bflixtoolbar\chrome\skin\skin.xml
c:\program files (x86)\bflixtoolbar\chrome\skin\technorati.png
c:\program files (x86)\bflixtoolbar\chrome\skin\throbber.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\toolbarsplitter.png
c:\program files (x86)\bflixtoolbar\chrome\skin\translate.png
c:\program files (x86)\bflixtoolbar\chrome\skin\TRUSTe_about.png
c:\program files (x86)\bflixtoolbar\chrome\skin\tv_png
c:\program files (x86)\bflixtoolbar\chrome\skin\twitter_png
c:\program files (x86)\bflixtoolbar\chrome\skin\vmn.css
c:\program files (x86)\bflixtoolbar\chrome\skin\vmn.png
c:\program files (x86)\bflixtoolbar\chrome\skin\Weather_png
c:\program files (x86)\bflixtoolbar\chrome\skin\web.png
c:\program files (x86)\bflixtoolbar\chrome\skin\websearch.png
c:\program files (x86)\bflixtoolbar\chrome\skin\wikipedia.png
c:\program files (x86)\bflixtoolbar\chrome\skin\yahoosearch.png
c:\program files (x86)\bflixtoolbar\chrome\skin\yellow.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\youtube.png
c:\program files (x86)\bflixtoolbar\chrome\skin\zoom.png
c:\program files (x86)\bflixtoolbar\components\windowmediator.js
c:\program files (x86)\bflixtoolbar\install.ico
c:\program files (x86)\bflixtoolbar\manifest.xml
c:\program files (x86)\bflixtoolbar\partner.xml
c:\program files (x86)\bflixtoolbar\uninstall.exe
c:\program files (x86)\bflixtoolbar\vmntemplate.dll
c:\program files (x86)\bflixtoolbar\vmNTemplatex.dll
c:\program files (x86)\EpicPlay\epICplaygames.dll
c:\users\tracey and jim\AppData\Local\{10143937-3810-bd58-52b8-bebc96de7bf9}
c:\users\tracey and jim\AppData\Local\{10143937-3810-bd58-52b8-bebc96de7bf9}\@
c:\users\tracey and jim\AppData\Local\{10143937-3810-bd58-52b8-bebc96de7bf9}\n
c:\users\tracey and jim\AppData\Local\e88967e3
c:\users\tracey and jim\AppData\Local\e88967e3\@
c:\users\tracey and jim\AppData\Local\e88967e3\U\[email protected]
c:\users\tracey and jim\AppData\Local\e88967e3\X
c:\users\tracey and jim\AppData\Roaming\Adobe\plugs
c:\users\tracey and jim\AppData\Roaming\Adobe\shed
c:\windows\Installer\{10143937-3810-bd58-52b8-bebc96de7bf9}
c:\windows\Installer\{10143937-3810-bd58-52b8-bebc96de7bf9}\@
c:\windows\Installer\{10143937-3810-bd58-52b8-bebc96de7bf9}\n
c:\windows\Installer\{10143937-3810-bd58-52b8-bebc96de7bf9}\U\[email protected]
c:\windows\Installer\{10143937-3810-bd58-52b8-bebc96de7bf9}\U\[email protected]
c:\windows\Installer\{10143937-3810-bd58-52b8-bebc96de7bf9}\U\[email protected]
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy7_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
.
.
2012-06-27 21:12 . 2012-06-27 21:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-27 05:06 . 2012-06-27 05:06 -------- d-----w- c:\users\tracey and jim\AppData\Roaming\Malwarebytes
2012-06-27 05:06 . 2012-06-27 05:06 -------- d-----w- c:\programdata\Malwarebytes
2012-06-27 05:06 . 2012-06-27 05:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-27 05:06 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-27 00:33 . 2012-06-27 00:33 -------- d-----w- C:\_OTL
2012-06-08 07:27 . 2012-06-08 07:27 766976 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2012-06-08 07:26 . 2012-06-08 07:26 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{035FDC10-9F1D-430E-87DA-573FFBF5608D}]
2012-05-23 14:27 510296 ----a-w- c:\program files (x86)\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{553318DA-D010-469E-84B1-496563CAE1BF}]
2011-11-23 10:24 116224 ----a-w- c:\program files (x86)\DelorTech, Ltd\dfp 1.0\FBDownloader.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2011-02-08 17:22 721840 ----a-w- c:\progra~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
2011-01-18 13:05 87480 ----a-w- c:\progra~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}"= "c:\progra~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll" [2011-01-18 87480]
"{035FDC10-9F1D-430E-87DA-573FFBF5608D}"= "c:\program files (x86)\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll" [2012-05-23 510296]
.
[HKEY_CLASSES_ROOT\clsid\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
.
[HKEY_CLASSES_ROOT\clsid\{035fdc10-9f1d-430e-87da-573ffbf5608d}]
[HKEY_CLASSES_ROOT\YNanoClient.IE.1]
[HKEY_CLASSES_ROOT\TypeLib\{B5590E3C-C53C-4464-99BA-8AEF95C750ED}]
[HKEY_CLASSES_ROOT\YNanoClient.IE]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files (x86)\Free Ride Games\GPlayer.exe" [2010-07-18 1774080]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-06 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-10 2988928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"AT&T Communication Manager"="c:\program files (x86)\AT&T\Communication Manager\ATTCM.exe" [2009-10-10 883272]
"YSearchProtection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files (x86)\Free Ride Games\GPlayer.exe" [2010-07-18 1774080]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-11-30 1120032]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll c:\progra~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-13 135664]
R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files (x86)\AT&T\Communication Manager\RcAppSvc.exe [2009-10-10 121416]
R3 BthMtpEnum;Bluetooth MTP Device Enumerator;c:\windows\system32\DRIVERS\BthMtpEnum.sys [2009-07-14 64512]
R3 CAATT;AT&T Con App Svc;c:\program files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [2009-10-10 125512]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-13 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [2009-10-10 43032]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 222208]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-10-02 946688]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [2009-03-31 227840]
R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys [2009-05-04 198528]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-28 1255736]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-29 203264]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S2 X5XSEx;X5XSEx;c:\program files (x86)\Free Ride Games\X5XSEx.Sys [2010-03-11 55328]
S2 YNanoService;Yahoo! NanoClient Service;c:\program files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe [2012-05-23 157016]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2009-11-30 319016]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 39464]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-07-27 58880]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-13 22:08]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-13 22:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2011-02-08 17:22 1057712 ----a-w- c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-30 200704]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 2114376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5517&r=273603107045l0314z1j5t4912y321
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-BetPhoenix - c:\program files (x86)\BetPhoenix\Install.exe
AddRemove-bflixtoolbar - c:\program files (x86)\bflixtoolbar\uninstall.exe
AddRemove-YInstHelper - c:\windows\system32\regsvr32
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\progra~2\Bandoo\Bandoo.exe
c:\program files (x86)\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
.
**************************************************************************
.
Completion time: 2012-06-27 14:22:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-27 21:22
.
Pre-Run: 238,872,174,592 bytes free
Post-Run: 238,482,784,256 bytes free
.
- - End Of File - - C5C29E788B5AE853F332997D7D260A50
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I have just noticed the reason why it did not show in OTL .. You are using a very old version. Could you delete the current copy that you have and download a fresh one for a final scan for orphans

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#7
treynolds

treynolds

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ok I did everything you told me to but when it finished scanning only one log came up. Should i do it again? here it is....

OTL logfile created on: 6/27/2012 8:00:54 PM - Run 4
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\tracey and jim\Documents\LimeWire\Saved\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 53.78% Memory free
5.49 Gb Paging File | 4.08 Gb Available in Paging File | 74.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.99 Gb Total Space | 221.75 Gb Free Space | 77.54% Space Free | Partition Type: NTFS

Computer Name: TRACEYANDJIM-PC | User Name: tracey and jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/27 19:51:09 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\tracey and jim\My Documents\LimeWire\Saved\Downloads\OTL (1).exe
PRC - [2012/05/23 07:27:08 | 000,157,016 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe
PRC - [2011/02/08 10:21:52 | 001,114,040 | ---- | M] (MusicLab, LLC) -- C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
PRC - [2010/09/20 06:13:48 | 001,940,928 | ---- | M] (Discordia Limited) -- C:\Program Files (x86)\Bandoo\Bandoo.exe
PRC - [2010/07/18 12:54:40 | 001,774,080 | ---- | M] (Exent Technologies Ltd.) -- C:\Program Files (x86)\Free Ride Games\GPlayer.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/11/30 16:55:48 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/09/10 06:42:46 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009/09/10 06:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/08/28 02:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009/08/18 02:42:08 | 001,157,128 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/08/03 22:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/03 19:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/04/16 00:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/02/23 06:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/11/19 15:37:54 | 001,454,080 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer Assist\AcerAssist.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/04 10:55:09 | 000,128,384 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009/11/30 16:55:46 | 000,919,328 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/09/30 15:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/29 05:03:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 19:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2012/05/23 07:27:08 | 000,157,016 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe -- (YNanoService)
SRV - [2010/09/30 14:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/09/20 06:13:48 | 001,940,928 | ---- | M] (Discordia Limited) [Auto | Running] -- C:\Program Files (x86)\Bandoo\Bandoo.exe -- (Bandoo Coordinator)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/09 17:59:22 | 000,121,416 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
SRV - [2009/10/09 17:58:46 | 000,125,512 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe -- (CAATT)
SRV - [2009/09/10 06:42:46 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 02:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/02/17 11:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 11:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/11/30 14:37:30 | 000,319,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2009/11/24 20:06:40 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/11/24 20:06:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/11/24 20:06:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/11/17 19:45:00 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/10/09 17:44:10 | 000,043,032 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\PCTINDIS5X64.sys -- (PCTINDIS5X64)
DRV:64bit: - [2009/10/01 22:33:48 | 000,946,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/09/08 08:49:30 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2009/09/08 08:49:30 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2009/08/21 02:18:16 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/08/09 20:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/29 15:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/27 00:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:21:35 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthMtpEnum.sys -- (BthMtpEnum)
DRV:64bit: - [2009/07/13 17:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 17:09:15 | 000,145,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2009/06/18 05:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/05 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/05/04 16:02:20 | 000,198,528 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swumxa3.sys -- (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3)
DRV:64bit: - [2009/05/04 06:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/03 07:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/03/31 14:50:38 | 000,227,840 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swnc8ua3.sys -- (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3)
DRV:64bit: - [2009/01/14 14:20:03 | 000,034,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmsflt.sys -- (swmsflt)
DRV:64bit: - [2007/08/23 07:29:48 | 000,142,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2007/08/23 07:29:48 | 000,114,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV:64bit: - [2007/08/23 07:29:48 | 000,105,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2007/08/23 07:29:48 | 000,016,040 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010/03/10 22:02:46 | 000,055,328 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Free Ride Games\X5XSEx.sys -- (X5XSEx)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/03/25 20:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\DKbFltr.sys -- (DKbFltr) Dritek Keyboard Filter Driver (64-bit)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...14z1j5t4912y321
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...14z1j5t4912y321
IE - HKLM\..\URLSearchHook: {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll (Yahoo! Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{5d7e2ae3-de3b-4de0-8f15-014e8ecaf4ee}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3150609


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3086282751-2188819392-745194412-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3086282751-2188819392-745194412-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-3086282751-2188819392-745194412-1000\..\SearchScopes,DefaultScope = {56B61AE7-2967-40E5-8439-6DA7C30CE250}
IE - HKU\S-1-5-21-3086282751-2188819392-745194412-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3086282751-2188819392-745194412-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...s}&locale=en_US
IE - HKU\S-1-5-21-3086282751-2188819392-745194412-1000\..\SearchScopes\{1754A37E-9E06-4757-A7A5-ABCB3B161EA1}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKU\S-1-5-21-3086282751-2188819392-745194412-1000\..\SearchScopes\{56B61AE7-2967-40E5-8439-6DA7C30CE250}: "URL" = http://search.yahoo....f-8&fr=chr-yie9
IE - HKU\S-1-5-21-3086282751-2188819392-745194412-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...AW_enUS370US370
IE - HKU\S-1-5-21-3086282751-2188819392-745194412-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-3086282751-2188819392-745194412-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
IE - HKU\S-1-5-21-3086282751-2188819392-745194412-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3150609
IE - HKU\S-1-5-21-3086282751-2188819392-745194412-1000\..\SearchScopes\{C2FCC1C2-AB2D-22B1-04E5-91AD1ADD53D1}: "URL" = http://www.bing.com/...UGO&form=ZGAIDF
IE - HKU\S-1-5-21-3086282751-2188819392-745194412-1000\..\SearchScopes\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}: "URL" = http://search.yahoo....0110103,0,0,0,0
IE - HKU\S-1-5-21-3086282751-2188819392-745194412-1000\..\SearchScopes\{EB3D408E-2C67-49F2-8724-DE7A767B9684}: "URL" = http://delicious.com...p={searchTerms}
IE - HKU\S-1-5-21-3086282751-2188819392-745194412-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\SDIV 2.0\Lib\xpi [2012/01/26 02:13:38 | 000,000,000 | ---D | M]

[2011/12/04 11:09:29 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\tracey and jim\AppData\Roaming\Mozilla\Extensions
[2010/08/26 17:24:10 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\tracey and jim\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/05/09 04:10:22 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\tracey and jim\AppData\Roaming\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U18 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\gears.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Exent\u00AE AOD Gecko Plugin (Enabled) = C:\Program Files (x86)\Free Ride Games\npExentCtl.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\tracey and jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: Poppit = C:\Users\tracey and jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: EpicPlay = C:\Users\tracey and jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\plccnhhjonaiagjelpfkclblmlppjcik\
CHR - Extension: FBDownloader = C:\Users\tracey and jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pollkeobaahnbmpcgombjfibedabcddd\1.0.3_0\

O1 HOSTS File: ([2012/06/27 14:14:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\x64\IEBHO.dll (MusicLab, LLC)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! Axis for IE) - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll (Yahoo! Inc.)
O2 - BHO: (FBDownloader BHO) - {553318DA-D010-469E-84B1-496563CAE1BF} - C:\Program Files (x86)\DelorTech, Ltd\dfp 1.0\FBDownloader.dll (DelorTech, Ltd)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files (x86)\BearShare Applications\MediaBar\ToolBar\bsdtxmltbpi.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Axis for IE) - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoClient_IE.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files (x86)\BearShare Applications\MediaBar\ToolBar\bsdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3086282751-2188819392-745194412-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AT&T Communication Manager] C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe (ATT)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-21-3086282751-2188819392-745194412-1000..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-21-3086282751-2188819392-745194412-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3086282751-2188819392-745194412-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3086282751-2188819392-745194412-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh...aploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CD15835-3E16-4CC7-A2FA-A7F779D2715A}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9D144B7-8436-4BEE-9240-91D1AAB1ED65}: NameServer = 172.18.7.170
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD0A86E8-0D54-45A6-B208-5C69BB0864A4}: DhcpNameServer = 209.183.54.151 209.183.54.151
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B913B1FA-EC18-4F74-847D-380576156694}: DhcpNameServer = 206.13.28.12 206.13.31.12
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\x64\datamngr.dll (MusicLab, LLC)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\x64\IEBHO.dll (MusicLab, LLC)
O20 - AppInit_DLLs: (c:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll) - c:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngr.dll (MusicLab, LLC)
O20 - AppInit_DLLs: (c:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll) - c:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/27 19:50:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/27 14:22:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/27 14:15:22 | 000,000,000 | R--D | C] -- C:\Users\tracey and jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2012/06/27 13:59:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/27 13:59:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/27 13:59:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/27 13:42:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/27 13:42:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/27 02:47:38 | 000,000,000 | ---D | C] -- C:\Users\tracey and jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2012/06/26 22:06:09 | 000,000,000 | ---D | C] -- C:\Users\tracey and jim\AppData\Roaming\Malwarebytes
[2012/06/26 22:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/26 22:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/26 22:06:02 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/26 22:06:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/26 17:33:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/08 00:28:56 | 000,000,000 | ---D | C] -- C:\Users\tracey and jim\AppData\Local\NanoService
[2012/06/08 00:28:55 | 000,000,000 | ---D | C] -- C:\Users\tracey and jim\AppData\Local\Yahoo!
[1 C:\Users\tracey and jim\AppData\Local\*.tmp files -> C:\Users\tracey and jim\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/27 19:22:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/27 14:22:51 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/27 14:22:51 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/27 14:14:41 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/27 14:14:39 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/27 14:14:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/27 14:14:04 | 2211,483,648 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/26 22:06:04 | 000,001,137 | ---- | M] () -- C:\Users\tracey and jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/26 22:06:04 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/24 13:57:01 | 000,011,317 | ---- | M] () -- C:\Users\tracey and jim\Desktop\401883_10151051125228278_931206625_n.jpg
[2012/06/11 21:42:58 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/06/09 14:23:16 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/09 14:23:16 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/09 14:23:16 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/08 16:22:50 | 436,687,423 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/08 00:37:26 | 000,001,441 | ---- | M] () -- C:\Users\tracey and jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/08 00:28:00 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/06/08 00:27:55 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[1 C:\Users\tracey and jim\AppData\Local\*.tmp files -> C:\Users\tracey and jim\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/27 13:59:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/27 13:59:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/27 13:59:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/27 13:59:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/27 13:59:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/26 22:06:04 | 000,001,137 | ---- | C] () -- C:\Users\tracey and jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/26 22:06:04 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/24 13:57:14 | 000,011,317 | ---- | C] () -- C:\Users\tracey and jim\Desktop\401883_10151051125228278_931206625_n.jpg
[2012/06/08 00:28:00 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/06/08 00:27:55 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/14 04:47:18 | 000,001,105 | ---- | C] () -- C:\Users\tracey and jim\Music - Shortcut.lnk
[2011/11/19 00:14:04 | 000,000,044 | ---- | C] () -- C:\Windows\EPM2005.ini
[2011/10/19 11:59:46 | 000,000,440 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/06/04 16:33:25 | 000,010,752 | ---- | C] () -- C:\Users\tracey and jim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/27 02:22:56 | 000,000,218 | -H-- | C] () -- C:\Users\tracey and jim\.recently-used.xbel
[2011/05/14 04:05:24 | 000,000,000 | -H-- | C] () -- C:\Users\tracey and jim\AppData\Local\{43162497-1C64-4194-89C3-B0BEF0729D76}
[2011/05/12 12:19:04 | 000,001,940 | ---- | C] () -- C:\Users\tracey and jim\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/09 10:49:36 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2010/12/04 15:16:02 | 000,004,096 | -H-- | C] () -- C:\Users\tracey and jim\AppData\Local\keyfile3.drm
[2010/11/14 02:44:42 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/11/14 02:44:42 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/10/04 20:18:51 | 000,338,944 | ---- | C] () -- C:\Windows\SysWow64\lffpx7.dll
[2010/10/04 20:18:51 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\lfkodak.dll
[2010/09/26 00:53:39 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2010/09/26 00:53:39 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2010/08/21 18:31:58 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/08/21 03:03:56 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2010/08/21 02:52:54 | 000,000,029 | ---- | C] () -- C:\Windows\CDMKR32.INI
[2010/08/08 22:57:40 | 000,000,230 | -H-- | C] () -- C:\Users\tracey and jim\AppData\Roaming\wklnhst.dat
[2010/07/13 02:57:28 | 000,000,017 | -H-- | C] () -- C:\Users\tracey and jim\AppData\Local\resmon.resmoncfg

========== LOP Check ==========

[2010/03/13 13:50:58 | 000,000,000 | -H-D | M] -- C:\Users\tracey and jim\AppData\Roaming\Acer
[2011/10/25 00:35:02 | 000,000,000 | ---D | M] -- C:\Users\tracey and jim\AppData\Roaming\Bandoo
[2010/06/04 19:21:15 | 000,000,000 | -H-D | M] -- C:\Users\tracey and jim\AppData\Roaming\Canon
[2011/01/09 13:22:37 | 000,000,000 | -H-D | M] -- C:\Users\tracey and jim\AppData\Roaming\Exent Technologies
[2011/03/16 02:42:22 | 000,000,000 | -H-D | M] -- C:\Users\tracey and jim\AppData\Roaming\FinalTorrent
[2011/10/25 00:32:39 | 000,000,000 | ---D | M] -- C:\Users\tracey and jim\AppData\Roaming\funkitron
[2011/02/03 01:28:36 | 000,000,000 | -H-D | M] -- C:\Users\tracey and jim\AppData\Roaming\Gold Casual Games
[2011/10/25 00:32:39 | 000,000,000 | ---D | M] -- C:\Users\tracey and jim\AppData\Roaming\gtk-2.0
[2010/12/11 00:25:00 | 000,000,000 | -H-D | M] -- C:\Users\tracey and jim\AppData\Roaming\IMVU
[2011/10/25 00:32:40 | 000,000,000 | ---D | M] -- C:\Users\tracey and jim\AppData\Roaming\IMVUClient
[2012/03/08 20:17:58 | 000,000,000 | ---D | M] -- C:\Users\tracey and jim\AppData\Roaming\Innova
[2010/03/13 13:50:57 | 000,000,000 | -H-D | M] -- C:\Users\tracey and jim\AppData\Roaming\Leadertech
[2011/06/04 16:32:00 | 000,000,000 | -H-D | M] -- C:\Users\tracey and jim\AppData\Roaming\MusicNet
[2011/01/12 02:34:45 | 000,000,000 | -H-D | M] -- C:\Users\tracey and jim\AppData\Roaming\MysteryStudio
[2011/10/25 00:27:53 | 000,000,000 | ---D | M] -- C:\Users\tracey and jim\AppData\Roaming\Participatory Culture Foundation
[2011/10/25 00:32:42 | 000,000,000 | ---D | M] -- C:\Users\tracey and jim\AppData\Roaming\PCF-VLC
[2010/03/19 14:26:21 | 000,000,000 | -H-D | M] -- C:\Users\tracey and jim\AppData\Roaming\PlayFirst
[2010/03/27 07:09:09 | 000,000,000 | -H-D | M] -- C:\Users\tracey and jim\AppData\Roaming\Sierra Wireless
[2010/08/18 17:03:46 | 000,000,000 | -H-D | M] -- C:\Users\tracey and jim\AppData\Roaming\Template
[2010/08/10 17:35:44 | 000,000,000 | -H-D | M] -- C:\Users\tracey and jim\AppData\Roaming\Tific
[2011/10/25 00:32:42 | 000,000,000 | ---D | M] -- C:\Users\tracey and jim\AppData\Roaming\Vivox
[2010/12/10 23:59:23 | 000,000,000 | -H-D | M] -- C:\Users\tracey and jim\AppData\Roaming\WeatherBug
[2010/03/13 13:52:47 | 000,000,000 | -H-D | M] -- C:\Users\tracey and jim\AppData\Roaming\WildTangent
[2012/02/11 02:15:00 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:4BB26BE9
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:DE73B0FE
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:703CE963

< End of report >
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No there will only be one log after the first run

How is the computer behaving now ?
  • 0

#9
treynolds

treynolds

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Its running better. All the pop ups i was getting have stopped except there's one that keeps coming up everytime i want to go to a different page on the internet or click on a link. In the address bar it always says srv-ad before it changes to a different ad. Thank you again for helping me.
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you check Google after this and let me know if it now behaves

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    IE - HKLM\..\SearchScopes\{5d7e2ae3-de3b-4de0-8f15-014e8ecaf4ee}: "URL" = http://search.mywebs...r={searchTerms}
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3150609
    IE - HKU\S-1-5-21-3086282751-2188819392-745194412-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
    IE - HKU\S-1-5-21-3086282751-2188819392-745194412-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3150609
    O2:64bit: - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\x64\IEBHO.dll (MusicLab, LLC)
    O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
    O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files (x86)\BearShare Applications\MediaBar\ToolBar\bsdtxmltbpi.dll ()
    O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files (x86)\BearShare Applications\MediaBar\ToolBar\bsdtxmltbpi.dll ()
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\x64\datamngr.dll (MusicLab, LLC)
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\x64\IEBHO.dll (MusicLab, LLC)
    O20 - AppInit_DLLs: (c:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll) - c:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngr.dll (MusicLab, LLC)
    O20 - AppInit_DLLs: (c:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll) - c:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
    [2011/10/19 11:59:46 | 000,000,440 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP