Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Problem


  • This topic is locked This topic is locked
1 reply to this topic

#1 mbr7600

mbr7600

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 23 July 2010 - 11:21 AM

After having done a google search I get the search results but when clicking on one of the found search links I am usually redirected to some bogus ad page. This doesn't happen every time or always, but usually. Sometimes you can click a link and not be redirected then click on it again and then get redirected. There doesn't appear to be any pattern to when or how or where I'm redirected to except that they are usually totally unrelated ad pages with more links to various sites supposedly relevant to whatever the bogus search page brought up.

I had a problem with GMER. I was able to download the file and run it, but not all of the options were available for checking. At least not all of those that were shown in your sample. The ones that were checked (the only ones available for checking were: Services, Registry, Files, C:\ and ADS. Also, when the GMER scan window first appeared I got an error message saying something like "path:\specified file(s) could not be found".

After clicking okay on this error message the scan did start and run however the scan result said something to the effect of: no changes were detected. As a result no log file from GMER was generated. Not sure what that means or why the other options weren't available for checking off.

This is relatively new computer running Windows 7 64 bit. Below are the results of the DDS scan and the "attach" file is attached. Anxiously awaiting your instructions/feedback/assistance. Very frustrating situation. Thank you in advance!


DDS (Ver_10-03-17.01) - NTFSX64
Run by rick at 8:45:58.06 on Fri 07/23/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2104 [GMT -7:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Bin\DPAgent.exe
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
c:\PROGRA~2\mcafee\msc\mcupdmgr.exe
c:\PROGRA~2\mcafee\msc\mcupdui.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\WUDFHost.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\rick\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\syswow64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn1\yt.dll
mWinlogon: Userinit=userinit.exe
BHO: {02069ded-6324-4081-b86b-0b4a59b17ae1} - c:\windows\syswow64\colorui32.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files (x86)\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DigitalPersona Personal Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\program files (x86)\digitalpersona\bin\DpOtsPluginIe8.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: EgisPBIE Class: {7b51ccbe-4af9-44a6-bdab-d7f7e4c4e6f9} - c:\program files (x86)\hewlett-packard\hp simplepass identity protection\EgisPBIE.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files (x86)\mcafee\virusscan\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn toolbar\platform\4.0.0369.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files (x86)\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files (x86)\msn toolbar\platform\4.0.0369.0\npwinext.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn1\yt.dll
uRun: [PowerPanel Personal Edition User Interaction] "c:\program files (x86)\cyberpower powerpanel personal edition\pppeuser.exe"
uRun: [Messenger (Yahoo!)] "c:\progra~2\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [IAStorIcon] c:\program files (x86)\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [MSN Toolbar] "c:\program files (x86)\msn toolbar\platform\4.0.0369.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files (x86)\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [EgisTecPMMUpdate] "c:\program files (x86)\egistec ips\PmmUpdate.exe"
mRun: [EgisUpdate] "c:\program files (x86)\egistec ips\EgisUpdate.exe" -d
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [DpAgent] c:\program files (x86)\digitalpersona\bin\dpagent.exe
mRun: [TkBellExe] "c:\program files (x86)\common files\real\update_ob\realsched.exe" -osboot
mRun: [mcagent_exe] "c:\program files (x86)\mcafee.com\agent\mcagent.exe" /runkey
mRun: [RTHDBPL] c:\users\rick\appdata\roaming\systemproc\lsass.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\micros~4\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
LSA: Notification Packages = EgisPwdFilter EgisDSPwdFilter DPPWDFLT
BHO-X64: DigitalPersona Personal Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\program files (x86)\bin\DpOtsPluginIe8.dll
BHO-X64: DigitalPersona Personal Extension - No File
BHO-X64: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - c:\program files (x86)\hewlett-packard\hp simplepass identity protection\x64\EgisPBIE.dll
BHO-X64: EgisPBIE - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [AmIcoSinglun64] c:\program files (x86)\amicosinglun\AmIcoSinglun64.exe
mRun-x64: [SysTrayApp] c:\program files\idt\wdm\sttray64.exe
mRun-x64: [SmartMenu] c:\program files\hewlett-packard\hp mediasmart\SmartMenu.exe /background
mRun-x64: [HP Quick Launch] c:\program files\hewlett-packard\hp quick launch\HPMSGSVC.exe
mRun-x64: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\delayedappstarter.exe 120 c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden
mRun-x64: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

================= FIREFOX ===================

FF - ProfilePath - c:\users\rick\appdata\roaming\mozilla\firefox\profiles\prnvim9k.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - component: c:\program files (x86)\digitalpersona\bin\firefoxext\components\dpffcli.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\rick\appdata\roaming\mozilla\firefox\profiles\prnvim9k.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files (x86)\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\msn toolbar\platform\4.0.0369.0\npwinext.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\rick\appdata\local\huludesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: c:\windows\syswow64\adobe\director\np32dsw.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2010-7-6 55280]
R1 DVMIO;DeviceVM IO Service;c:\windows\system32\drivers\dvmio.sys [2009-11-11 20056]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-7-15 308296]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe [2009-3-3 89600]
R2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2010-2-26 127984]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\quickweb\qw.sys\config\DVMExportService.exe [2010-3-31 338168]
R2 EgisTec Service;EgisTec Service;c:\program files (x86)\hewlett-packard\hp simplepass identity protection\EgisService.exe [2010-2-4 689008]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\hewlett-packard\hp wireless assistant\HPWA_Service.exe [2009-12-16 102968]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2009-7-8 30520]
R2 HPWMISVC;HPWMISVC;c:\program files\hewlett-packard\hp quick launch\HPWMISVC.exe [2010-1-18 20480]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-5-23 13336]
R2 McProxy;McAfee Proxy Service;c:\progra~2\common~1\mcafee\mcproxy\mcproxy.exe [2010-7-16 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-7-16 155456]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\intel\intel® management engine components\uns\UNS.exe [2010-5-23 2320920]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-2-23 2192176]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-5-23 35104]
R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-9-17 56344]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-3-26 158720]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-3-26 271872]
R3 McSysmon;McAfee SystemGuards;c:\progra~2\mcafee\viruss~1\mcsysmon.exe [2010-7-16 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-7-15 102472]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-7-15 49480]
S2 0156361279897525mcinstcleanup;McAfee Application Installer Cleanup (0156361279897525);c:\windows\temp\015636~1.exe c:\progra~2\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\015636~1.exe c:\progra~2\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-7-12 136176]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.sys [2009-8-17 40448]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-7-15 40904]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2010-5-23 346144]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-5 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2009-6-10 389120]

=============== Created Last 30 ================

2010-07-23 15:40:05 0 ----a-w- c:\users\rick\defogger_reenable
2010-07-23 00:30:32 0 d-----w- C:\kasfiles
2010-07-22 23:32:44 0 d-----w- c:\program files (x86)\Hitman Pro 3.5
2010-07-22 23:17:55 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-07-22 23:12:41 19528 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-07-22 23:12:23 0 d-----w- c:\programdata\Hitman Pro
2010-07-22 23:12:22 0 d-----w- c:\program files\Hitman Pro 3.5
2010-07-22 20:30:29 339 ----a-w- c:\windows\wininit.ini
2010-07-22 20:05:14 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-22 20:05:14 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-07-22 19:26:27 0 d-----w- c:\programdata\Lavasoft
2010-07-21 19:44:34 0 ----a-w- c:\windows\PhotoNow.INI
2010-07-21 18:20:48 0 d-----w- c:\program files (x86)\FastStone Capture
2010-07-21 17:48:13 0 d-----w- c:\users\rick\appdata\roaming\FastStone
2010-07-21 17:48:02 0 d-----w- c:\program files (x86)\FastStone Image Viewer
2010-07-21 04:03:09 0 d-----w- c:\programdata\{DA06AA03-DF24-4ECE-939E-1B0939235C66}
2010-07-21 03:44:01 65536 --sha-w- c:\users\rick\ntuser.dat{45a3f896-946d-11df-8101-002713cd87fc}.TM.blf
2010-07-21 03:44:01 524288 --sha-w- c:\users\rick\ntuser.dat{45a3f896-946d-11df-8101-002713cd87fc}.TMContainer00000000000000000002.regtrans-ms
2010-07-21 03:44:01 524288 --sha-w- c:\users\rick\ntuser.dat{45a3f896-946d-11df-8101-002713cd87fc}.TMContainer00000000000000000001.regtrans-ms
2010-07-20 16:54:26 0 d-----w- c:\users\rick\appdata\roaming\HP Support Assistant
2010-07-20 03:45:21 0 d-----w- c:\users\rick\appdata\roaming\AVS4YOU
2010-07-20 03:43:28 0 d-----w- c:\program files (x86)\common files\AVSMedia
2010-07-20 03:43:23 0 d-----w- c:\programdata\AVS4YOU
2010-07-20 03:43:23 0 d-----w- c:\program files (x86)\AVS4YOU
2010-07-18 11:33:56 65536 --sha-w- c:\users\rick\ntuser.dat{7fd60e67-925e-11df-9580-002713cd87fc}.TM.blf
2010-07-18 11:33:56 524288 --sha-w- c:\users\rick\ntuser.dat{7fd60e67-925e-11df-9580-002713cd87fc}.TMContainer00000000000000000002.regtrans-ms
2010-07-18 11:33:56 524288 --sha-w- c:\users\rick\ntuser.dat{7fd60e67-925e-11df-9580-002713cd87fc}.TMContainer00000000000000000001.regtrans-ms
2010-07-18 07:03:44 0 d-----w- c:\program files\iPod
2010-07-18 07:03:43 0 d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-07-18 07:03:43 0 d-----w- c:\program files (x86)\iTunes
2010-07-18 07:02:40 0 d-----w- c:\programdata\Apple Computer
2010-07-17 22:30:06 332800 ----a-w- c:\windows\syswow64\colorui32.dll
2010-07-17 22:29:36 207360 ----a-w- c:\windows\syswow64\dfscli32.dllcuz2wlv32.dllide9gv32.dllniv51lya32.dllzuk2igfv32.dll
2010-07-17 22:29:06 207360 ----a-w- c:\windows\syswow64\dfscli32.dllcuz2wlv32.dllide9gv32.dllniv51lya32.dll
2010-07-17 22:28:58 0 d-sh--w- c:\users\rick\appdata\roaming\SystemProc
2010-07-17 22:28:35 207360 ----a-w- c:\windows\syswow64\dfscli32.dllcuz2wlv32.dllide9gv32.dll
2010-07-17 22:28:17 207360 ----a-w- c:\windows\syswow64\dmusic32.dllt7durjmb32.dlli6deaa32.dll1gfiuiqs232.dllki52ck32.dll
2010-07-17 22:28:05 207360 ----a-w- c:\windows\syswow64\dfscli32.dllcuz2wlv32.dll
2010-07-17 22:27:47 207360 ----a-w- c:\windows\syswow64\dmusic32.dllt7durjmb32.dlli6deaa32.dll1gfiuiqs232.dll
2010-07-17 22:27:35 207360 ----a-w- c:\windows\syswow64\dfscli32.dll
2010-07-17 22:27:16 207360 ----a-w- c:\windows\syswow64\dmusic32.dllt7durjmb32.dlli6deaa32.dll
2010-07-17 22:27:05 207360 ----a-w- c:\windows\syswow64\cmicryptinstall32.dll
2010-07-17 22:26:46 207360 ----a-w- c:\windows\syswow64\dmusic32.dllt7durjmb32.dll
2010-07-17 22:26:16 207360 ----a-w- c:\windows\syswow64\cryptbase32.dll
2010-07-17 22:25:46 207360 ----a-w- c:\windows\syswow64\dmusic32.dll
2010-07-17 22:25:16 207360 ----a-w- c:\windows\syswow64\crypt3232.dll
2010-07-17 22:21:56 0 d-----w- c:\programdata\Apple
2010-07-16 04:15:23 13937 ----a-w- c:\windows\system32\Config.MPF
2010-07-16 04:13:25 49480 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-07-16 04:13:25 40904 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-07-16 04:13:25 308296 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-07-16 04:13:25 102472 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-07-16 04:13:23 176144 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-07-16 04:13:07 0 d-----w- c:\program files\McAfee
2010-07-16 04:13:07 0 d-----w- c:\program files (x86)\common files\McAfee
2010-07-16 04:13:06 0 d-----w- c:\program files\common files\McAfee
2010-07-16 04:13:05 0 d-----w- c:\program files (x86)\McAfee.com
2010-07-16 04:13:02 0 d-----w- c:\program files (x86)\McAfee
2010-07-16 04:05:22 65536 --sha-w- c:\users\rick\ntuser.dat{4ef2af7b-908d-11df-97cb-002713cd87fc}.TM.blf
2010-07-16 04:05:22 524288 --sha-w- c:\users\rick\ntuser.dat{4ef2af7b-908d-11df-97cb-002713cd87fc}.TMContainer00000000000000000002.regtrans-ms
2010-07-16 04:05:22 524288 --sha-w- c:\users\rick\ntuser.dat{4ef2af7b-908d-11df-97cb-002713cd87fc}.TMContainer00000000000000000001.regtrans-ms
2010-07-15 18:00:21 0 d-----w- c:\program files (x86)\Visual Slideshow
2010-07-14 14:33:51 144384 ----a-w- c:\windows\system32\cdd.dll
2010-07-13 21:16:03 0 d-----w- c:\program files\HP
2010-07-13 21:15:58 61952 ----a-w- c:\windows\system32\ZIMF.DLL
2010-07-13 21:15:58 567296 ----a-w- c:\windows\system32\ZSHP1020.EXE
2010-07-13 21:15:58 49664 ----a-w- c:\windows\system32\ZTAG.DLL
2010-07-13 21:15:58 127488 ----a-w- c:\windows\system32\ZSPOOL.DLL
2010-07-13 21:15:58 115200 ----a-w- c:\windows\system32\ZLhp1020.DLL
2010-07-13 21:15:57 574100 ----a-w- c:\windows\system32\hp1022n.img
2010-07-13 21:15:57 206768 ----a-w- c:\windows\system32\hp1022.img
2010-07-13 21:15:57 128380 ----a-w- c:\windows\system32\hp1020.img
2010-07-13 21:15:57 10632 ----a-w- c:\windows\system32\ZSHP1020.CHM
2010-07-13 16:00:24 16467 ----a-w- c:\windows\cdplayer.ini
2010-07-12 15:23:48 185920 ----a-w- c:\windows\syswow64\rmoc3260.dll
2010-07-12 15:23:43 6656 ----a-w- c:\windows\syswow64\pndx5016.dll
2010-07-12 15:23:43 5632 ----a-w- c:\windows\syswow64\pndx5032.dll
2010-07-12 15:23:39 0 d-----w- c:\program files (x86)\common files\xing shared
2010-07-12 15:23:15 278528 ----a-w- c:\windows\syswow64\pncrt.dll
2010-07-12 15:23:13 0 d-----w- c:\programdata\Real
2010-07-12 15:23:13 0 d-----w- c:\program files (x86)\common files\Real
2010-07-11 20:26:56 0 d-----w- c:\program files (x86)\WinPcap
2010-07-11 20:20:48 0 d-----w- C:\My Videos
2010-07-11 20:20:45 0 d-----w- c:\users\rick\appdata\roaming\aHisoft
2010-07-11 18:59:34 0 d-----w- c:\users\rick\dwhelper
2010-07-11 16:09:52 0 d-----w- c:\users\rick\appdata\roaming\BitTorrent
2010-07-11 15:17:14 0 d-----w- c:\program files\Logitech
2010-07-09 02:27:12 0 d-----w- c:\users\rick\Incomplete
2010-07-09 01:33:44 0 d-----w- c:\program files (x86)\Ask.com
2010-07-09 01:33:29 0 d-----w- c:\program files (x86)\LimeWire
2010-07-08 22:41:52 0 d-----w- c:\users\rick\appdata\roaming\DigitalPersona
2010-07-08 22:35:57 0 d-----w- c:\program files (x86)\DigitalPersona
2010-07-08 22:35:57 0 d-----w- c:\program files (x86)\Bin
2010-07-08 22:35:11 0 d-----w- c:\programdata\Downloaded Installations
2010-07-08 22:27:50 0 d-----w- c:\programdata\UAB
2010-07-08 22:27:38 0 d-----w- c:\programdata\Driver Whiz
2010-07-08 22:27:16 0 d-----w- c:\program files (x86)\Driver Whiz
2010-07-08 19:20:36 178 ----a-w- c:\users\rick\appdata\roaming\wklnhst.dat
2010-07-07 06:09:39 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-07-07 06:09:02 0 d-----w- c:\programdata\Logishrd
2010-07-07 06:06:47 0 d-----w- c:\program files\common files\LogiShrd
2010-07-07 06:06:38 0 d-----w- c:\users\rick\appdata\roaming\Logishrd
2010-07-07 02:49:18 0 d-----w- c:\programdata\Yahoo! Companion
2010-07-07 02:49:04 0 d-----w- c:\programdata\Yahoo!
2010-07-07 00:42:02 0 d-----w- c:\program files (x86)\common files\SureThing Shared
2010-07-07 00:41:24 55280 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2010-07-07 00:41:19 0 d-----w- c:\program files (x86)\common files\PX Storage Engine
2010-07-07 00:41:18 0 d-----w- c:\program files (x86)\common files\Sonic Shared
2010-07-07 00:40:41 0 d-----w- c:\programdata\InstallShield
2010-07-07 00:40:39 0 d-----w- c:\program files (x86)\Roxio
2010-07-06 21:04:41 0 d-----w- c:\programdata\Visan
2010-07-06 01:01:28 411368 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-07-06 01:01:28 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-07-06 01:01:28 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-07-06 01:01:28 145184 ----a-w- c:\windows\syswow64\java.exe
2010-07-05 23:57:56 0 d-----w- c:\program files\ScottradeELITE
2010-07-05 21:55:25 0 d-----w- c:\users\rick\Tracing
2010-07-05 21:17:29 0 d-----w- c:\program files (x86)\CyberPower PowerPanel Personal Edition
2010-07-05 21:16:21 0 d-----w- c:\program files\common files\Zero G Software
2010-07-05 21:05:32 0 d-----w- c:\programdata\LightScribe
2010-07-05 18:42:41 0 d-----w- c:\programdata\Recovery
2010-07-05 18:13:20 0 d-----w- c:\windows\syswow64\Wat
2010-07-05 18:13:20 0 d-----w- c:\windows\system32\Wat
2010-07-05 10:36:17 0 d-----w- c:\program files (x86)\MSXML 4.0
2010-07-05 10:35:09 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-07-05 10:35:09 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-07-05 10:35:09 48960 ----a-w- c:\windows\system32\netfxperf.dll
2010-07-05 10:35:09 444752 ----a-w- c:\windows\system32\mscoree.dll
2010-07-05 10:35:09 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2010-07-05 10:35:09 297808 ----a-w- c:\windows\syswow64\mscoree.dll
2010-07-05 10:35:09 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-07-05 10:35:09 1942856 ----a-w- c:\windows\system32\dfshim.dll
2010-07-05 10:35:09 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
2010-07-05 10:35:09 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-07-05 10:04:01 84992 ----a-w- c:\windows\system32\asycfilt.dll
2010-07-05 10:04:01 67584 ----a-w- c:\windows\syswow64\asycfilt.dll
2010-07-05 06:36:14 220672 ----a-w- c:\windows\system32\wintrust.dll
2010-07-05 06:36:14 172032 ----a-w- c:\windows\syswow64\wintrust.dll
2010-07-05 06:36:12 139264 ----a-w- c:\windows\system32\cabview.dll
2010-07-05 06:36:12 132608 ----a-w- c:\windows\syswow64\cabview.dll
2010-07-05 04:56:51 0 d-----w- c:\users\rick\appdata\roaming\Macrovision
2010-07-05 04:56:06 0 d-----w- c:\programdata\Roxio
2010-07-05 02:32:43 0 d-----w- c:\programdata\EgisTec
2010-07-04 23:52:15 0 d-----w- c:\program files (x86)\Yahoo!
2010-07-04 23:49:41 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-07-04 23:49:38 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-07-04 23:49:01 72192 ----a-w- c:\windows\system32\KemXML.dll
2010-07-04 23:49:01 228864 ----a-w- c:\windows\system32\kemutb.dll
2010-07-04 23:49:01 218112 ----a-w- c:\windows\system32\KemUtil.dll
2010-07-04 23:49:01 152064 ----a-w- c:\windows\system32\KemWnd.dll
2010-07-04 22:07:28 0 d-----w- c:\users\rick\appdata\roaming\WildTangent
2010-07-04 22:03:08 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-07-04 19:43:41 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-07-04 18:56:46 0 d-----w- c:\programdata\McAfee
2010-07-04 18:49:21 0 d-----w- c:\users\rick\appdata\roaming\HpUpdate
2010-07-04 18:41:13 0 d-----w- c:\users\rick\appdata\roaming\Intel Corporation
2010-07-04 18:40:33 0 d-----w- c:\users\rick\appdata\roaming\hpqlog

==================== Find3M ====================

2010-07-12 15:23:16 499712 ----a-w- c:\windows\syswow64\msvcp71.dll
2010-07-12 15:23:16 348160 ----a-w- c:\windows\syswow64\msvcr71.dll
2010-06-03 02:41:44 3600384 ----a-w- c:\windows\syswow64\GPhotos.scr
2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-23 11:38:23 95472 ----a-w- c:\windows\system32\bcmwlcoi.dll
2010-05-23 11:38:23 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2010-05-23 11:38:23 3891200 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2010-05-23 11:38:23 3555840 ----a-w- c:\windows\system32\bcmihvui64.dll
2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-05-09 09:46:00 961024 ----a-w- c:\windows\system32\CPFilters.dll
2010-05-09 09:45:57 552960 ----a-w- c:\windows\system32\msdri.dll
2010-05-09 09:14:55 641536 ----a-w- c:\windows\syswow64\CPFilters.dll
2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll
2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll
2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll
2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 22:27:32 53328 ----a-w- c:\windows\system32\LMouFiltCoInst.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-04-21 18:28:37 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 8:46:18.86 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 jmw3

jmw3

    MRU Teacher


  • Malware Response Team
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 AM

Posted 25 July 2010 - 09:49 AM

Hello mbr7600

While we appreciate that you very likely posted at multiple forums in order to ensure a response, that only serves to tie up the time of multiple helpers who could be using that time to help someone else who also has problems. Although there are many forums that handle HijackThis logs, there are not so many helpers; most of us help out at several forums. In addition, the results may not work out so well when you're following different instructions from different helpers. They may suggest different approaches for the same problem, all of which may be good; however, system conflicts may arise if different fixes for the same problem are applied simultaneously.

In the future, for your sake as well as ours, please refrain from requesting help from multiple forums. Choose one, and stick with that one until they've resolved your problem.

Please continue here:
http://spywarewarrior.com/viewtopic.php?t=32821

This topic is now closed.

Posted Image
Teacher, Malware Removal University - You too could train to help others
Member - UNITE, Alliance of Security Analysis Professionals





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users