Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Hijack


  • This topic is locked This topic is locked
4 replies to this topic

#1 alessa

alessa

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 14 July 2011 - 12:38 PM

I am being redirected on google to a number of sites like scour and yellowpages. It seems that it begins its redirect from www. find -fast -answers.com (added spaces so that it doesn't end up clickable) most of the time. I believe that this infection came from some application my sister was using on facebook because the problem seemed to happen after she added an app, but we can't figure out which one it was. At any rate, I'm extremely frustrated and any help that you could offer would be greatly appreciated. I have a 64 bit version of windows so could not use the gmer program. Here's an example of a redirected search link that was on google after I made a search. I don't know if this helps at all but I'm trying to give as many details as possible. I put spaces in the middle of this one, too.

ht tp://64.111.211.172/c.php?s=eNodkU1zokA YhH-QVeSdL2bmkIOoWGEBiUuCeNlivlBRk6yCwZofv26qD13V9fSl--CRwIx6jAn3Wblgefv87CEAjNh_I6HHg BBwRBEBRImvcXzfbrq2rhg0 S9nb10dBAzikKMLgoOEhWKEVFsApJaIJJfsDWhkWUuwa5ZwkRBlkQiMNNBo0ldxzj7zNP_LxDYp2P62nq8gtuF7Mk6Kp0gxdb2xIRolenu6zdYTar3QyOfdDaQ8Tk73S3Trt7HiG_mzkub317 2a7aOaWnTIUi25TXe2IZKLWm_kmvVfMzsRhtxtjV61-LbsvuTXlqmwxievODU97uXy7LPKwmGFdfCY8Gm9_P1LWd8VU510YiYjPPmlBbZ3Fsy767ZIhecFZvH6vE9HmEb-XF88gEBBgxgKJvceIBIjTABEeCOThkXhDDEn Px6Nafg8GJ4PCl77G8pri2-OCH3nit6fjXp_kfVvFY43bH8LLUDlhuQLhuJOqCe1jTozAMeuwkaEXVhBqrGYSCKVOh1RLaxXnTBChLPkHcPKa3Q&rf=http%3A%2F%2Ffibrosearch.com%2Fsearch%3Fq%3Dcasey%2Banthony

Here is the contents of the dds.txt log

DDS (Ver_2011-07-14.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Run by Leslie at 11:54:48 on 2011-07-14
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3003.1848 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\MPK\mpk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Olympus\ib\olycamdetect.exe
C:\Users\Leslie\AppData\Roaming\Smilebox\SmileboxTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files (x86)\ewido anti-malware\ewidoctrl.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files\Prevx\prevx.exe
C:\Windows\SysWOW64\MPK\MPK64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uURLSearchHooks: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
uWinlogon: Shell = explorer.exe,C:\Users\Leslie\AppData\Roaming\dwm.exe
uWindows: Load = C:\Users\Leslie\AppData\Local\Temp\csrss.exe
mWinlogon: Userinit = userinit.exe
BHO: <No Name>: {022E872E-6A7B-4C05-8C10-89A6B17FB8D9} -
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: ALToolbarBho Class: {7F1A79F9-78D1-4186-9F60-EE0B63DF042A} - C:\Program Files (x86)\ESTsoft\ALToolBar\ALToolBand_1520.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: AIM Toolbar: {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: ALToolBar: {38FBE93D-4CA1-4414-AF6A-94920C5BD8DA} - C:\Program Files (x86)\ESTsoft\ALToolBar\ALToolBand_1520.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
TB: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [Google Update] "C:\Users\Leslie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Olympus ib] "C:\Program Files (x86)\Olympus\ib\olycamdetect.exe" /Startup
uRun: [SmileboxTray] "C:\Users\Leslie\AppData\Roaming\Smilebox\SmileboxTray.exe"
uRun: [conhost] C:\Users\Leslie\AppData\Roaming\Microsoft\conhost.exe
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [MDS_Menu] "C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
StartupFolder: C:\Users\Leslie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LIMEWI~1.LNK - C:\Program Files (x86)\LimeWire\LimeWire.exe
StartupFolder: C:\Users\Leslie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
uPolicies-System: WallpaperStyle = 2
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: ¾ËÅø¹Ù ºü¸¥°Ë»ö(&Q) - <no file>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yuplapp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: NameServer = 97.64.183.164 97.64.209.37
TCP: Interfaces\{147CE460-9579-4D1F-98AE-6DA30C272C4E} : DHCPNameServer = 97.64.183.164 97.64.209.37
TCP: Interfaces\{147CE460-9579-4D1F-98AE-6DA30C272C4E}\549434344402055726C696360275966696 : DHCPNameServer = 192.168.255.253 4.2.2.2
TCP: Interfaces\{147CE460-9579-4D1F-98AE-6DA30C272C4E}\5696363646 : DHCPNameServer = 172.16.2.1
TCP: Interfaces\{147CE460-9579-4D1F-98AE-6DA30C272C4E}\C696E6B6379737 : DHCPNameServer = 97.64.168.12 97.64.183.165
Handler: msdaipp - <Clsid value has no data>
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
SSODL: WebCheck - <orphaned>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
SEH: CShellExecuteHookImpl Object - {54D9498B-CF93-414F-8984-8CE7FDE0D391} - C:\Program Files (x86)\ewido anti-malware\shellhook.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,C:\Windows\SysWOW64\MPK\mpk.exe
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-Handler: msdaipp - <Clsid value has no data>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\4sv0av33.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=18-05-2010&tb_mrud=18-05-2010
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://boards.4chan.org/x/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
FF - component: C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.1908.5032\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Leslie\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\4sv0av33.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: C:\Users\Leslie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Leslie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: XUL Cache: {c3fb534e-a175-4cdb-bbc9-eac8705bc01f} - %profile%\extensions\{c3fb534e-a175-4cdb-bbc9-eac8705bc01f}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 pxscan;pxscan;C:\Windows\System32\drivers\pxscan.sys [2011-7-13 36384]
R1 pxrts;pxrts;C:\Windows\System32\drivers\pxrts.sys [2011-7-13 65736]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2011-5-6 393112]
R2 CSIScanner;CSIScanner;C:\Program Files\Prevx\prevx.exe [2011-7-13 6746280]
R2 ewido security suite control;ewido security suite control;C:\Program Files (x86)\ewido anti-malware\ewidoctrl.exe [2005-11-30 13888]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-6-24 292864]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-17 228408]
R3 pxkbf;pxkbf;C:\Windows\System32\drivers\pxkbf.sys [2011-7-13 24024]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-9-1 215040]
S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys [2010-1-5 9968]
S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-1-5 74480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1ca7ad165fa20c6;Google Update Service (gupdate1ca7ad165fa20c6);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-11 133104]
S2 SSDPSRV32;SSDP Discovery ;C:\Windows\System32\efscore32.exe --> C:\Windows\System32\efscore32.exe [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-11 133104]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;C:\Windows\System32\drivers\hitmanpro35.sys [2011-7-10 23112]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-8-17 216064]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-1-5 7408]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-10 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2011-07-14 04:07:43 62976 ----a-w- C:\Windows\SysWow64\PxSecure.dll
2011-07-14 04:07:42 65736 ----a-w- C:\Windows\System32\drivers\pxrts.sys
2011-07-14 04:07:42 36384 ----a-w- C:\Windows\System32\drivers\pxscan.sys
2011-07-14 04:07:41 24024 ----a-w- C:\Windows\System32\drivers\pxkbf.sys
2011-07-14 04:07:41 -------- d-----w- C:\Program Files\Prevx
2011-07-14 04:07:11 -------- d-----w- C:\ProgramData\PrevxCSI
2011-07-14 03:54:24 -------- d-----w- C:\Users\Leslie\AppData\Local\NPE
2011-07-13 16:40:21 -------- d-sh--w- C:\Windows\SysWow64\MPK
2011-07-13 16:40:21 -------- d-sh--w- C:\ProgramData\MPK
2011-07-12 20:47:16 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6D7994D6-C266-4A57-9414-BE72569624EA}\mpengine.dll
2011-07-12 03:53:25 160256 --sha-w- C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll
2011-07-11 04:18:40 23112 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-07-11 04:14:59 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2011-07-11 04:14:28 -------- d-----w- C:\ProgramData\Hitman Pro
2011-07-10 18:57:48 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2011-07-10 18:57:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-07-10 18:57:47 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-07-10 18:57:47 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-07-10 18:57:47 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2011-07-07 16:36:50 -------- d-----w- C:\Users\Leslie\AppData\Local\Xilisoft
2011-07-07 16:36:48 -------- d-----w- C:\Users\Leslie\AppData\Roaming\Xilisoft
2011-07-07 16:35:20 -------- d-----w- C:\ProgramData\Xilisoft
2011-07-07 16:35:20 -------- d-----w- C:\Program Files (x86)\Xilisoft
2011-07-07 15:56:14 81920 ----a-w- C:\Windows\SysWow64\mbmouse.ocx
2011-07-07 15:56:14 36864 ----a-w- C:\Windows\SysWow64\trayicon.ocx
2011-07-07 15:56:13 -------- d-----w- C:\Program Files (x86)\Solid Mp4 to DVD Converter and Burner
2011-07-07 15:38:24 -------- d-----w- C:\Users\Leslie\.thumb
2011-07-07 15:38:03 -------- d-----w- C:\Program Files (x86)\DVDStyler
2011-07-07 05:13:33 -------- d-----w- C:\ZillaTube
2011-07-04 00:30:20 -------- d-----w- C:\Program Files (x86)\A-Ray Scanner
2011-06-16 16:42:39 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2011-06-16 16:42:34 499712 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-06-16 16:42:34 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-16 16:42:30 1110528 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-16 16:42:29 759296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-16 16:42:26 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-16 16:42:26 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-06-16 16:42:26 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-06-16 16:33:45 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-06-16 16:33:45 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-06-16 16:33:44 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-06-16 16:33:44 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-06-16 16:33:44 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-06-16 16:33:41 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-06-16 16:33:41 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-06-16 16:33:39 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-06-16 16:33:39 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
.
==================== Find3M ====================
.
2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys
2011-06-02 06:45:22 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-02 06:45:22 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-02 06:45:22 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-02 06:44:54 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-02 06:42:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-02 06:39:54 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-02 06:35:56 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-02 05:59:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-02 05:56:28 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-02 05:56:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-02 05:54:51 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-02 05:54:50 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-02 03:51:00 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-02 03:50:59 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-06-02 03:45:49 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-02 03:45:49 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 03:45:49 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 03:45:49 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-25 00:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-24 11:21:59 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:34:20 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:34:20 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:34:00 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32:46 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-04 05:30:38 2326016 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:28:07 779264 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:28:07 2228224 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:28:06 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:28:06 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:28:06 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:24:09 593408 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:24:09 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:24:09 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:53:10 1553920 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:52:59 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:52:59 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:52:59 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:52:59 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:52:59 1401856 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:52:12 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:52:12 428032 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:52:12 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-04-22 20:18:47 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-04-22 20:18:28 1197056 ----a-w- C:\Windows\System32\wininet.dll
2011-04-22 20:14:08 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-04-22 19:31:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-04-22 19:31:26 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-04-22 18:49:57 482816 ----a-w- C:\Windows\System32\html.iec
2011-04-22 18:23:59 386048 ----a-w- C:\Windows\SysWow64\html.iec
.
============= FINISH: 11:56:32.73 ===============


Attached please find attach.txt


Thank you so much for any and all help and for your time!

edited because link was still clickable

Attached Files


Edited by alessa, 14 July 2011 - 12:40 PM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:49 PM

Posted 15 July 2011 - 05:38 PM

Hi,

Please do the following

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 alessa

alessa
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 18 July 2011 - 10:35 PM

Thank you for your response. Here is my log.

ComboFix 11-07-18.05 - Leslie 07/18/2011 21:44:05.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3003.1056 [GMT -5:00]
Running from: c:\users\Leslie\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\programdata\api-ms-win-core-misc-l1-1-032.dll
c:\programdata\MPK
c:\programdata\MPK\1\D0000
c:\programdata\MPK\1\I40737_6120014931
c:\programdata\MPK\1\I40737_6348990972
c:\programdata\MPK\1\I40737_6383713657
c:\programdata\MPK\1\I40737_6418438194
c:\programdata\MPK\1\I40737_6453160880
c:\programdata\MPK\1\I40737_6562683565
c:\programdata\MPK\1\I40737_6623423148
c:\programdata\MPK\1\I40737_8314299421
c:\programdata\MPK\1\I40737_8349022222
c:\programdata\MPK\1\I40737_8418467130
c:\programdata\MPK\1\I40737_8453190741
c:\programdata\MPK\1\I40737_8487912616
c:\programdata\MPK\1\I40737_8522660185
c:\programdata\MPK\1\I40737_8557359375
c:\programdata\MPK\1\I40737_8592082176
c:\programdata\MPK\1\I40737_8626804861
c:\programdata\MPK\1\I40737_8661527546
c:\programdata\MPK\1\I40737_8696250232
c:\programdata\MPK\1\I40737_8730974769
c:\programdata\MPK\1\I40737_8765695602
c:\programdata\MPK\1\I40737_8800418287
c:\programdata\MPK\1\I40737_8835142824
c:\programdata\MPK\1\I40737_8869966667
c:\programdata\MPK\1\I40737_8904588194
c:\programdata\MPK\1\I40737_8939310880
c:\programdata\MPK\1\I40737_8974033681
c:\programdata\MPK\1\I40737_9008756366
c:\programdata\MPK\1\I40737_9043479051
c:\programdata\MPK\1\I40737_9078201736
c:\programdata\MPK\1\I40737_9113063542
c:\programdata\MPK\1\I40737_9147647222
c:\programdata\MPK\1\I40737_9182369907
c:\programdata\MPK\1\I40737_9217092593
c:\programdata\MPK\1\I40737_9251817130
c:\programdata\MPK\1\I40737_9286539120
c:\programdata\MPK\1\I40737_9321261921
c:\programdata\MPK\1\I40737_9355984722
c:\programdata\MPK\1\I40737_9390707407
c:\programdata\MPK\1\I40737_9425430324
c:\programdata\MPK\1\I40737_9460153241
c:\programdata\MPK\1\I40737_9494875579
c:\programdata\MPK\1\I40737_9529598843
c:\programdata\MPK\1\I40737_9564321296
c:\programdata\MPK\1\I40737_9623738194
c:\programdata\MPK\1\I40737_9658461806
c:\programdata\MPK\1\I40737_9693183912
c:\programdata\MPK\1\I40737_9727907292
c:\programdata\MPK\1\I40737_9762629745
c:\programdata\MPK\1\I40737_9797353009
c:\programdata\MPK\1\I40737_9832076273
c:\programdata\MPK\1\I40737_9866798495
c:\programdata\MPK\1\I40737_9901550000
c:\programdata\MPK\1\I40737_9936244329
c:\programdata\MPK\1\I40738_4922101042
c:\programdata\MPK\1\I40738_4978282176
c:\programdata\MPK\1\I40738_5013004861
c:\programdata\MPK\1\I40738_5047726852
c:\programdata\MPK\1\I40738_5082449537
c:\programdata\MPK\1\I40738_5117172222
c:\programdata\MPK\1\I40738_5151896759
c:\programdata\MPK\1\I40738_5186619444
c:\programdata\MPK\1\I40738_5221342130
c:\programdata\MPK\1\I40738_5256064815
c:\programdata\MPK\1\I40738_5290787500
c:\programdata\MPK\1\I40738_5325510185
c:\programdata\MPK\1\I40738_5360232986
c:\programdata\MPK\1\I40738_5394955671
c:\programdata\MPK\1\I40738_5429687384
c:\programdata\MPK\1\I40738_5464401042
c:\programdata\MPK\1\I40738_5499123727
c:\programdata\MPK\1\I40738_5533848264
c:\programdata\MPK\1\I40738_5568570949
c:\programdata\MPK\1\I40738_5603293634
c:\programdata\MPK\1\I40738_5638016319
c:\programdata\MPK\1\I40738_5672739005
c:\programdata\MPK\1\I40738_5707461690
c:\programdata\MPK\1\I40738_5742185301
c:\programdata\MPK\1\I40738_5776907986
c:\programdata\MPK\1\I40738_5811630671
c:\programdata\MPK\1\I40738_5846353356
c:\programdata\MPK\1\I40738_5881076042
c:\programdata\MPK\1\I40738_5915798727
c:\programdata\MPK\1\I40738_5950521644
c:\programdata\MPK\1\I40738_5985244213
c:\programdata\MPK\1\I40738_8727145949
c:\programdata\MPK\1\I40738_8761868634
c:\programdata\MPK\1\I40738_8796591319
c:\programdata\MPK\1\I40738_8865759838
c:\programdata\MPK\1\I40738_8900482523
c:\programdata\MPK\1\I40738_8935205208
c:\programdata\MPK\1\I40738_8969927893
c:\programdata\MPK\1\I40738_9004650579
c:\programdata\MPK\1\I40738_9039373264
c:\programdata\MPK\1\I40738_9372208218
c:\programdata\MPK\1\I40738_9406931597
c:\programdata\MPK\1\I40738_9441755208
c:\programdata\MPK\1\I40738_9504111574
c:\programdata\MPK\1\I40738_9539365625
c:\programdata\MPK\1\I40738_9574089352
c:\programdata\MPK\1\I40738_9632699653
c:\programdata\MPK\1\I40738_9669291319
c:\programdata\MPK\1\I40738_9704048843
c:\programdata\MPK\1\I40738_9738737616
c:\programdata\MPK\1\I40738_9773459722
c:\programdata\MPK\1\I40738_9808182755
c:\programdata\MPK\1\I40738_9842905671
c:\programdata\MPK\1\I40738_9877627778
c:\programdata\MPK\1\I40738_9912350926
c:\programdata\MPK\1\I40738_9947073611
c:\programdata\MPK\1\I40739_3823839699
c:\programdata\MPK\1\I40739_4128895370
c:\programdata\MPK\1\I40739_4210805903
c:\programdata\MPK\1\I40739_4246900694
c:\programdata\MPK\1\I40739_4281623380
c:\programdata\MPK\1\I40739_4316345370
c:\programdata\MPK\1\I40739_4460890394
c:\programdata\MPK\1\I40739_4970179745
c:\programdata\MPK\1\I40739_5004903125
c:\programdata\MPK\1\I40739_6399092708
c:\programdata\MPK\1\I40739_6433816088
c:\programdata\MPK\1\I40739_6945653819
c:\programdata\MPK\1\I40739_6980377662
c:\programdata\MPK\1\I40739_7015099884
c:\programdata\MPK\1\I40739_7049822569
c:\programdata\MPK\1\I40739_7084545255
c:\programdata\MPK\1\I40739_7119268981
c:\programdata\MPK\1\I40739_7153991667
c:\programdata\MPK\1\I40739_7188714352
c:\programdata\MPK\1\I40739_7223437037
c:\programdata\MPK\1\I40739_7258160880
c:\programdata\MPK\1\I40739_7292883449
c:\programdata\MPK\1\I40739_7327606134
c:\programdata\MPK\1\I40739_7698960417
c:\programdata\MPK\1\I40739_7733684028
c:\programdata\MPK\1\I40739_7768406713
c:\programdata\MPK\1\I40739_7803134722
c:\programdata\MPK\1\I40739_7837851620
c:\programdata\MPK\1\I40739_7872575116
c:\programdata\MPK\1\I40739_7907297569
c:\programdata\MPK\1\I40739_8119270023
c:\programdata\MPK\1\I40739_8826904398
c:\programdata\MPK\1\I40739_8861627083
c:\programdata\MPK\1\I40739_8896349769
c:\programdata\MPK\1\I40739_8931071644
c:\programdata\MPK\1\I40739_8965794792
c:\programdata\MPK\1\I40739_9000518403
c:\programdata\MPK\1\I40739_9035240509
c:\programdata\MPK\1\I40739_9069963194
c:\programdata\MPK\1\I40739_9104686806
c:\programdata\MPK\1\I40739_9139409491
c:\programdata\MPK\1\I40739_9174132176
c:\programdata\MPK\1\I40739_9208854398
c:\programdata\MPK\1\I40739_9243577778
c:\programdata\MPK\1\I40739_9278300463
c:\programdata\MPK\1\I40739_9313024074
c:\programdata\MPK\1\I40739_9347746875
c:\programdata\MPK\1\I40739_9382482176
c:\programdata\MPK\1\I40739_9417192245
c:\programdata\MPK\1\I40739_9451916204
c:\programdata\MPK\1\I40739_9486638889
c:\programdata\MPK\1\I40739_9521361574
c:\programdata\MPK\1\I40739_9556084375
c:\programdata\MPK\1\I40739_9590807060
c:\programdata\MPK\1\I40739_9625529745
c:\programdata\MPK\1\I40739_9660252199
c:\programdata\MPK\1\I40739_9694974884
c:\programdata\MPK\1\I40739_9729697569
c:\programdata\MPK\1\I40739_9764438310
c:\programdata\MPK\1\I40739_9799144329
c:\programdata\MPK\1\I40739_9833866782
c:\programdata\MPK\1\I40739_9868589005
c:\programdata\MPK\1\I40739_9903312269
c:\programdata\MPK\1\I40739_9938034491
c:\programdata\MPK\1\I40739_9972769444
c:\programdata\MPK\1\I40740_0007481019
c:\programdata\MPK\1\I40740_0042204282
c:\programdata\MPK\1\I40740_0076927199
c:\programdata\MPK\1\I40740_4604252894
c:\programdata\MPK\1\I40740_4638975347
c:\programdata\MPK\1\I40740_4673697685
c:\programdata\MPK\1\I40740_4708421181
c:\programdata\MPK\1\I40740_4743144213
c:\programdata\MPK\1\I40740_4777867130
c:\programdata\MPK\1\I40740_4812590162
c:\programdata\MPK\1\I40740_4847312732
c:\programdata\MPK\1\I40740_4882043750
c:\programdata\MPK\1\I40740_4916758218
c:\programdata\MPK\1\I40740_4951481366
c:\programdata\MPK\1\I40740_4986203819
c:\programdata\MPK\1\I40740_5020927083
c:\programdata\MPK\1\I40740_5055650232
c:\programdata\MPK\1\I40740_5090378588
c:\programdata\MPK\1\I40740_5125133796
c:\programdata\MPK\1\I40740_5159818750
c:\programdata\MPK\1\I40740_5194541088
c:\programdata\MPK\1\I40740_5229264236
c:\programdata\MPK\1\I40740_5263986574
c:\programdata\MPK\1\I40740_5298761458
c:\programdata\MPK\1\I40740_5333432523
c:\programdata\MPK\1\I40740_5368157755
c:\programdata\MPK\1\I40740_5402877894
c:\programdata\MPK\1\I40740_5437601620
c:\programdata\MPK\1\I40740_5472324190
c:\programdata\MPK\1\I40740_5507315394
c:\programdata\MPK\1\I40740_5541770139
c:\programdata\MPK\1\I40740_5576492824
c:\programdata\MPK\1\I40740_6063454745
c:\programdata\MPK\1\I40740_6098176736
c:\programdata\MPK\1\I40740_6133005671
c:\programdata\MPK\1\I40740_6167623032
c:\programdata\MPK\1\I40740_6202345486
c:\programdata\MPK\1\I40740_6237152546
c:\programdata\MPK\1\I40740_6271799653
c:\programdata\MPK\1\I40740_6306514005
c:\programdata\MPK\1\I40740_6341237500
c:\programdata\MPK\1\I40740_6375960069
c:\programdata\MPK\1\I40740_6410682870
c:\programdata\MPK\1\I40740_6445405787
c:\programdata\MPK\1\I40740_6480502431
c:\programdata\MPK\1\I40740_6515003704
c:\programdata\MPK\1\I40740_6549574537
c:\programdata\MPK\1\I40740_6584297106
c:\programdata\MPK\1\I40740_6619019329
c:\programdata\MPK\1\I40740_6653746643
c:\programdata\MPK\1\I40740_6688465278
c:\programdata\MPK\1\I40740_6723187963
c:\programdata\MPK\1\I40740_6757912037
c:\programdata\MPK\1\I40740_6792634838
c:\programdata\MPK\1\I40740_6827356482
c:\programdata\MPK\1\I40740_6862116204
c:\programdata\MPK\1\I40740_6896802431
c:\programdata\MPK\1\I40740_6931684606
c:\programdata\MPK\1\I40740_6966249306
c:\programdata\MPK\1\I40740_7001329398
c:\programdata\MPK\1\I40740_7035693981
c:\programdata\MPK\1\I40740_7070417477
c:\programdata\MPK\1\I40740_7105175231
c:\programdata\MPK\1\I40740_7139862384
c:\programdata\MPK\1\I40740_7626641088
c:\programdata\MPK\1\I40740_7661387384
c:\programdata\MPK\1\I40740_8229007292
c:\programdata\MPK\1\I40740_8263684028
c:\programdata\MPK\1\I40740_8298406481
c:\programdata\MPK\1\I40740_8333129745
c:\programdata\MPK\1\I40740_8367852546
c:\programdata\MPK\1\I40740_8402574884
c:\programdata\MPK\1\I40740_8535577431
c:\programdata\MPK\1\I40740_8570300116
c:\programdata\MPK\1\I40740_8605023148
c:\programdata\MPK\1\I40740_8639745602
c:\programdata\MPK\1\I40740_8674467940
c:\programdata\MPK\1\I40740_8715817361
c:\programdata\MPK\1\I40740_8752096412
c:\programdata\MPK\1\I40740_8786820486
c:\programdata\MPK\1\I40740_8822690509
c:\programdata\MPK\1\I40740_8890912037
c:\programdata\MPK\1\I40740_8927201736
c:\programdata\MPK\1\I40740_8961922569
c:\programdata\MPK\1\I40740_8997055208
c:\programdata\MPK\1\I40740_9031368056
c:\programdata\MPK\1\I40740_9066090046
c:\programdata\MPK\1\I40740_9100813426
c:\programdata\MPK\1\I40740_9136012269
c:\programdata\MPK\1\I40740_9170264352
c:\programdata\MPK\1\I40740_9204982523
c:\programdata\MPK\1\I40740_9239704861
c:\programdata\MPK\1\I40740_9274428357
c:\programdata\MPK\1\I40740_9309151042
c:\programdata\MPK\1\I40740_9343873727
c:\programdata\MPK\1\I40740_9378612384
c:\programdata\MPK\1\I40740_9413319444
c:\programdata\MPK\1\I40740_9448042708
c:\programdata\MPK\1\I40740_9482764468
c:\programdata\MPK\1\I40740_9517488079
c:\programdata\MPK\1\I40740_9552210995
c:\programdata\MPK\1\I40740_9586933102
c:\programdata\MPK\1\I40740_9621656597
c:\programdata\MPK\1\I40740_9656379514
c:\programdata\MPK\1\I40740_9691110648
c:\programdata\MPK\1\I40740_9725824884
c:\programdata\MPK\1\I40740_9760547222
c:\programdata\MPK\1\I40740_9795270833
c:\programdata\MPK\1\I40740_9829993519
c:\programdata\MPK\1\I40740_9864716782
c:\programdata\MPK\1\I40740_9899439815
c:\programdata\MPK\1\I40740_9934162384
c:\programdata\MPK\1\I40740_9968884491
c:\programdata\MPK\1\I40741_0003619444
c:\programdata\MPK\1\I40741_0038330671
c:\programdata\MPK\1\I40741_0073054630
c:\programdata\MPK\1\I40741_0177222685
c:\programdata\MPK\1\I40741_0211945255
c:\programdata\MPK\1\I40741_0316115394
c:\programdata\MPK\1\I40741_0350836806
c:\programdata\MPK\1\I40741_0385559838
c:\programdata\MPK\1\I40741_0455005556
c:\programdata\MPK\1\I40741_0502114815
c:\programdata\MPK\1\I40741_0538295833
c:\programdata\MPK\1\I40741_0572956944
c:\programdata\MPK\1\I40741_0607680440
c:\programdata\MPK\1\I40741_0642403241
c:\programdata\MPK\1\I40741_0677128241
c:\programdata\MPK\1\I40741_0711848495
c:\programdata\MPK\1\I40741_0746571991
c:\programdata\MPK\1\I40741_4684134607
c:\programdata\MPK\1\I40741_4718857060
c:\programdata\MPK\1\I40741_4753579514
c:\programdata\MPK\1\I40741_4788304167
c:\programdata\MPK\1\I40741_4823025231
c:\programdata\MPK\1\I40741_4959240509
c:\programdata\MPK\1\I40741_5107797685
c:\programdata\MPK\1\I40741_5142521065
c:\programdata\MPK\1\I40741_5177243750
c:\programdata\MPK\1\I40741_6193301157
c:\programdata\MPK\1\I40741_6228023843
c:\programdata\MPK\1\I40741_6263008333
c:\programdata\MPK\1\I40741_6297601042
c:\programdata\MPK\1\I40741_6332211690
c:\programdata\MPK\1\I40741_6366915972
c:\programdata\MPK\1\I40741_6401638194
c:\programdata\MPK\1\I40741_6436360880
c:\programdata\MPK\1\I40741_6471084028
c:\programdata\MPK\1\I40741_6505807523
c:\programdata\MPK\1\I40741_6540529977
c:\programdata\MPK\1\I40741_6575252315
c:\programdata\MPK\1\I40741_6609976273
c:\programdata\MPK\1\I40741_6644699769
c:\programdata\MPK\1\I40741_6679420833
c:\programdata\MPK\1\I40741_6714144329
c:\programdata\MPK\1\I40741_6748866667
c:\programdata\MPK\1\I40741_6783589468
c:\programdata\MPK\1\I40741_6818312616
c:\programdata\MPK\1\I40741_6853035648
c:\programdata\MPK\1\I40741_6887758912
c:\programdata\MPK\1\I40741_6922481134
c:\programdata\MPK\1\I40741_6957204167
c:\programdata\MPK\1\I40741_6991927315
c:\programdata\MPK\1\I40741_7026649884
c:\programdata\MPK\1\I40741_7061373264
c:\programdata\MPK\1\I40741_7096096296
c:\programdata\MPK\1\I40741_7130818287
c:\programdata\MPK\1\I40741_7165541898
c:\programdata\MPK\1\I40741_7200264005
c:\programdata\MPK\1\I40741_7234986690
c:\programdata\MPK\1\I40741_7269709491
c:\programdata\MPK\1\I40741_7304432407
c:\programdata\MPK\1\I40741_7339155324
c:\programdata\MPK\1\I40741_7373878704
c:\programdata\MPK\1\I40741_7408601042
c:\programdata\MPK\1\I40741_7443323843
c:\programdata\MPK\1\I40741_7478047222
c:\programdata\MPK\1\I40741_7512770023
c:\programdata\MPK\1\I40741_7547493056
c:\programdata\MPK\1\I40741_7582215393
c:\programdata\MPK\1\I40741_7616938657
c:\programdata\MPK\1\I40741_7651660995
c:\programdata\MPK\1\I40741_7686384028
c:\programdata\MPK\1\I40741_7721107407
c:\programdata\MPK\1\I40741_7755829630
c:\programdata\MPK\1\I40741_7790553125
c:\programdata\MPK\1\I40741_7825275463
c:\programdata\MPK\1\I40741_7859998958
c:\programdata\MPK\1\I40741_7894721528
c:\programdata\MPK\1\I40741_7929444560
c:\programdata\MPK\1\I40741_7964167245
c:\programdata\MPK\1\I40741_7998890625
c:\programdata\MPK\1\I40741_8033612500
c:\programdata\MPK\1\I40741_8068335995
c:\programdata\MPK\1\I40741_8103058681
c:\programdata\MPK\1\I40741_8137781134
c:\programdata\MPK\1\I40741_8172504977
c:\programdata\MPK\1\I40741_8207226852
c:\programdata\MPK\1\I40741_8241950000
c:\programdata\MPK\1\I40741_8493454398
c:\programdata\MPK\1\I40741_8528177662
c:\programdata\MPK\1\I40741_8562900116
c:\programdata\MPK\1\I40741_8597623843
c:\programdata\MPK\1\I40741_8632346296
c:\programdata\MPK\1\I40741_8667069329
c:\programdata\MPK\1\I40741_8740108218
c:\programdata\MPK\1\I40741_8776204282
c:\programdata\MPK\1\I40741_8810927315
c:\programdata\MPK\1\I40741_8845650463
c:\programdata\MPK\1\I40741_8880373958
c:\programdata\MPK\1\I40741_8915096759
c:\programdata\MPK\1\I40741_8949818634
c:\programdata\MPK\1\I40741_8984541435
c:\programdata\MPK\1\I40741_9019265509
c:\programdata\MPK\1\I40741_9054019444
c:\programdata\MPK\1\I40741_9088710069
c:\programdata\MPK\1\I40741_9123433102
c:\programdata\MPK\1\I40741_9158156481
c:\programdata\MPK\1\I40741_9192879167
c:\programdata\MPK\1\I40741_9227739352
c:\programdata\MPK\1\I40741_9262325000
c:\programdata\MPK\1\I40741_9297105093
c:\programdata\MPK\1\I40741_9331770255
c:\programdata\MPK\1\I40741_9366493634
c:\programdata\MPK\1\I40741_9401215856
c:\programdata\MPK\1\I40741_9435938657
c:\programdata\MPK\1\I40741_9470661921
c:\programdata\MPK\1\I40741_9505384606
c:\programdata\MPK\1\I40741_9540107292
c:\programdata\MPK\1\I40741_9574830208
c:\programdata\MPK\1\I40741_9609553009
c:\programdata\MPK\1\I40741_9644276389
c:\programdata\MPK\1\I40741_9678999884
c:\programdata\MPK\1\I40741_9713721643
c:\programdata\MPK\1\I40742_0473416435
c:\programdata\MPK\1\I40742_0508139120
c:\programdata\MPK\1\I40742_4896490278
c:\programdata\MPK\1\I40742_4931213542
c:\programdata\MPK\1\I40742_4965936921
c:\programdata\MPK\1\I40742_5033112269
c:\programdata\MPK\1\I40742_5067834722
c:\programdata\MPK\1\I40742_5102558796
c:\programdata\MPK\1\I40742_5137281597
c:\programdata\MPK\1\I40742_5172003472
c:\programdata\MPK\1\I40742_5206726273
c:\programdata\MPK\1\I40742_8721825000
c:\programdata\MPK\1\I40742_8756547454
c:\programdata\MPK\1\I40742_8791270139
c:\programdata\MPK\1\I40742_8825992824
c:\programdata\MPK\1\I40742_8860715741
c:\programdata\MPK\1\I40742_8895439120
c:\programdata\MPK\1\I40742_8930162500
c:\programdata\MPK\1\I40742_8964884954
c:\programdata\MPK\1\I40742_8999607060
c:\programdata\MPK\1\I40742_9034341204
c:\programdata\MPK\1\S0000
c:\programdata\MPK\CPDM\cpfm.bin
c:\programdata\MPK\M0000
c:\programdata\MPK\S0000
c:\users\Leslie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\REFOG Personal Monitor
c:\users\Leslie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\REFOG Personal Monitor\Order now!.lnk
c:\users\Leslie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\REFOG Personal Monitor\REFOG Personal Monitor on the Web.lnk
c:\users\Leslie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\REFOG Personal Monitor\REFOG Personal Monitor.lnk
c:\users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\4sv0av33.default\extensions\{c3fb534e-a175-4cdb-bbc9-eac8705bc01f}
c:\users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\4sv0av33.default\extensions\{c3fb534e-a175-4cdb-bbc9-eac8705bc01f}\chrome.manifest
c:\users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\4sv0av33.default\extensions\{c3fb534e-a175-4cdb-bbc9-eac8705bc01f}\chrome\xulcache.jar
c:\users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\4sv0av33.default\extensions\{c3fb534e-a175-4cdb-bbc9-eac8705bc01f}\defaults\preferences\xulcache.js
c:\users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\4sv0av33.default\extensions\{c3fb534e-a175-4cdb-bbc9-eac8705bc01f}\install.rdf
c:\windows\SysWow64\MPK
c:\windows\SysWow64\MPK\cinfo.bin
c:\windows\SysWow64\MPK\Help\English\alarms.htm
c:\windows\SysWow64\MPK\Help\English\clipboard.htm
c:\windows\SysWow64\MPK\Help\English\computer.htm
c:\windows\SysWow64\MPK\Help\English\delivery.htm
c:\windows\SysWow64\MPK\Help\English\file.htm
c:\windows\SysWow64\MPK\Help\English\filters.htm
c:\windows\SysWow64\MPK\Help\English\imhelp.htm
c:\windows\SysWow64\MPK\Help\English\internet.htm
c:\windows\SysWow64\MPK\Help\English\invisible.htm
c:\windows\SysWow64\MPK\Help\English\keyboard.htm
c:\windows\SysWow64\MPK\Help\English\log_size.htm
c:\windows\SysWow64\MPK\Help\English\logging.htm
c:\windows\SysWow64\MPK\Help\English\need_update_net.htm
c:\windows\SysWow64\MPK\Help\English\password.htm
c:\windows\SysWow64\MPK\Help\English\programs.htm
c:\windows\SysWow64\MPK\Help\English\screenshot.htm
c:\windows\SysWow64\MPK\Help\English\settings_node.htm
c:\windows\SysWow64\MPK\Help\English\update.htm
c:\windows\SysWow64\MPK\Help\English\users_node.htm
c:\windows\SysWow64\MPK\Help\German\alarms.htm
c:\windows\SysWow64\MPK\Help\German\clipboard.htm
c:\windows\SysWow64\MPK\Help\German\computer.htm
c:\windows\SysWow64\MPK\Help\German\delivery.htm
c:\windows\SysWow64\MPK\Help\German\file.htm
c:\windows\SysWow64\MPK\Help\German\filters.htm
c:\windows\SysWow64\MPK\Help\German\imhelp.htm
c:\windows\SysWow64\MPK\Help\German\internet.htm
c:\windows\SysWow64\MPK\Help\German\invisible.htm
c:\windows\SysWow64\MPK\Help\German\keyboard.htm
c:\windows\SysWow64\MPK\Help\German\log_size.htm
c:\windows\SysWow64\MPK\Help\German\logging.htm
c:\windows\SysWow64\MPK\Help\German\need_update_net.htm
c:\windows\SysWow64\MPK\Help\German\password.htm
c:\windows\SysWow64\MPK\Help\German\programs.htm
c:\windows\SysWow64\MPK\Help\German\screenshot.htm
c:\windows\SysWow64\MPK\Help\German\settings_node.htm
c:\windows\SysWow64\MPK\Help\German\users_node.htm
c:\windows\SysWow64\MPK\Help\Spanish\alarms.htm
c:\windows\SysWow64\MPK\Help\Spanish\clipboard.htm
c:\windows\SysWow64\MPK\Help\Spanish\computer.htm
c:\windows\SysWow64\MPK\Help\Spanish\delivery.htm
c:\windows\SysWow64\MPK\Help\Spanish\filters.htm
c:\windows\SysWow64\MPK\Help\Spanish\internet.htm
c:\windows\SysWow64\MPK\Help\Spanish\invisible.htm
c:\windows\SysWow64\MPK\Help\Spanish\keyboard.htm
c:\windows\SysWow64\MPK\Help\Spanish\log_size.htm
c:\windows\SysWow64\MPK\Help\Spanish\logging.htm
c:\windows\SysWow64\MPK\Help\Spanish\password.htm
c:\windows\SysWow64\MPK\Help\Spanish\programs.htm
c:\windows\SysWow64\MPK\Help\Spanish\screenshot.htm
c:\windows\SysWow64\MPK\Help\Spanish\settings_node.htm
c:\windows\SysWow64\MPK\Help\Spanish\users_node.htm
c:\windows\SysWow64\MPK\icon_1.ico
c:\windows\SysWow64\MPK\Images\banner_em_english.gif
c:\windows\SysWow64\MPK\Images\banner_em_english.swf
c:\windows\SysWow64\MPK\Images\banner_em_german.gif
c:\windows\SysWow64\MPK\Images\banner_em_german.swf
c:\windows\SysWow64\MPK\Images\banner_em_spanish.gif
c:\windows\SysWow64\MPK\Images\banner_em_spanish.swf
c:\windows\SysWow64\MPK\Images\banner_english.gif
c:\windows\SysWow64\MPK\Images\banner_english.swf
c:\windows\SysWow64\MPK\Images\banner_german.gif
c:\windows\SysWow64\MPK\Images\banner_german.swf
c:\windows\SysWow64\MPK\Images\banner_pm_english.gif
c:\windows\SysWow64\MPK\Images\banner_pm_english.swf
c:\windows\SysWow64\MPK\Images\banner_pm_german.gif
c:\windows\SysWow64\MPK\Images\banner_pm_german.swf
c:\windows\SysWow64\MPK\Images\banner_pm_spanish.gif
c:\windows\SysWow64\MPK\Images\banner_pm_spanish.swf
c:\windows\SysWow64\MPK\Images\banner_russian.gif
c:\windows\SysWow64\MPK\Images\banner_spanish.gif
c:\windows\SysWow64\MPK\Images\banner_spanish.swf
c:\windows\SysWow64\MPK\Images\english.gif
c:\windows\SysWow64\MPK\Images\german.gif
c:\windows\SysWow64\MPK\Images\upgrade_aeu.png
c:\windows\SysWow64\MPK\Images\upgrade_aus.png
c:\windows\SysWow64\MPK\Images\upgrade_eu.png
c:\windows\SysWow64\MPK\Images\upgrade_faeu.png
c:\windows\SysWow64\MPK\Images\upgrade_faus.png
c:\windows\SysWow64\MPK\Images\upgrade_feu.png
c:\windows\SysWow64\MPK\Images\upgrade_fus.png
c:\windows\SysWow64\MPK\Images\upgrade_us.png
c:\windows\SysWow64\MPK\Images\vista_hide.bmp
c:\windows\SysWow64\MPK\Images\xp_hide.bmp
c:\windows\SysWow64\MPK\key.bin
c:\windows\SysWow64\MPK\Lang\Brazilian.frc
c:\windows\SysWow64\MPK\Lang\Brazilian.lng
c:\windows\SysWow64\MPK\Lang\English.frc
c:\windows\SysWow64\MPK\Lang\French.frc
c:\windows\SysWow64\MPK\Lang\French.lng
c:\windows\SysWow64\MPK\Lang\German.frc
c:\windows\SysWow64\MPK\Lang\German.lng
c:\windows\SysWow64\MPK\Lang\Italian.frc
c:\windows\SysWow64\MPK\Lang\Italian.lng
c:\windows\SysWow64\MPK\Lang\Japanese.frc
c:\windows\SysWow64\MPK\Lang\Japanese.lng
c:\windows\SysWow64\MPK\Lang\Polish.frc
c:\windows\SysWow64\MPK\Lang\Polish.lng
c:\windows\SysWow64\MPK\Lang\Portuguese.frc
c:\windows\SysWow64\MPK\Lang\Portuguese.lng
c:\windows\SysWow64\MPK\Lang\Romanian.frc
c:\windows\SysWow64\MPK\Lang\Romanian.lng
c:\windows\SysWow64\MPK\Lang\Russian.frc
c:\windows\SysWow64\MPK\Lang\Spanish.frc
c:\windows\SysWow64\MPK\Lang\Spanish.lng
c:\windows\SysWow64\MPK\Lang\Turkish.frc
c:\windows\SysWow64\MPK\Lang\Turkish.lng
c:\windows\SysWow64\MPK\libeay32.dll
c:\windows\SysWow64\MPK\lnkmst.exe
c:\windows\SysWow64\MPK\logstart.vbs
c:\windows\SysWow64\MPK\loguninstall.vbs
c:\windows\SysWow64\MPK\Mpk.dll
c:\windows\SysWow64\MPK\MPK.exe
c:\windows\SysWow64\MPK\Mpk64.dll
c:\windows\SysWow64\MPK\MPK64.exe
c:\windows\SysWow64\MPK\MpkNetInstall.exe
c:\windows\SysWow64\MPK\MPKView.exe
c:\windows\SysWow64\MPK\sqlite3.dll
c:\windows\SysWow64\MPK\ssleay32.dll
c:\windows\SysWow64\MPK\trial_pro.ini
c:\windows\SysWow64\MPK\unins000.dat
c:\windows\SysWow64\MPK\unins000.exe
c:\windows\SysWow64\MPK\unins000.msg
c:\windows\SysWow64\MPK\update_info.bin
c:\windows\SysWow64\MPK\zlib1.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-06-19 to 2011-07-19 )))))))))))))))))))))))))))))))
.
.
2011-07-19 02:53 . 2011-07-19 02:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-17 20:34 . 2011-07-17 20:34 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-07-16 04:12 . 2011-07-16 04:12 -------- d-----w- c:\program files (x86)\YouTube Downloader Toolbar
2011-07-16 04:12 . 2011-07-16 04:12 -------- d-----w- c:\program files (x86)\Application Updater
2011-07-15 21:46 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCC4D975-0AFC-4768-B8E9-32477C2EAFE1}\mpengine.dll
2011-07-14 04:07 . 2011-07-14 04:07 62976 ----a-w- c:\windows\SysWow64\PxSecure.dll
2011-07-14 04:07 . 2011-07-14 04:07 65736 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-07-14 04:07 . 2011-07-14 04:07 36384 ----a-w- c:\windows\system32\drivers\pxscan.sys
2011-07-14 04:07 . 2011-07-14 04:07 24024 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2011-07-14 04:07 . 2011-07-14 04:07 -------- d-----w- c:\program files\Prevx
2011-07-14 04:07 . 2011-07-14 04:11 -------- d-----w- c:\programdata\PrevxCSI
2011-07-14 03:54 . 2011-07-14 04:05 -------- d-----w- c:\users\Leslie\AppData\Local\NPE
2011-07-11 04:18 . 2011-07-12 03:54 23112 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-07-11 04:14 . 2011-07-11 04:14 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-07-11 04:14 . 2011-07-12 03:52 -------- d-----w- c:\programdata\Hitman Pro
2011-07-10 18:57 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-07-10 18:57 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-07-10 18:57 . 2011-02-19 06:37 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-07-10 18:57 . 2011-02-19 06:36 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-07-10 18:57 . 2011-02-19 05:32 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-07-07 16:36 . 2011-07-07 16:36 -------- d-----w- c:\users\Leslie\AppData\Local\Xilisoft
2011-07-07 16:36 . 2011-07-07 16:36 -------- d-----w- c:\users\Leslie\AppData\Roaming\Xilisoft
2011-07-07 16:35 . 2011-07-07 16:35 -------- d-----w- c:\programdata\Xilisoft
2011-07-07 16:35 . 2011-07-07 16:35 -------- d-----w- c:\program files (x86)\Xilisoft
2011-07-07 15:56 . 2000-11-05 20:27 36864 ----a-w- c:\windows\SysWow64\trayicon.ocx
2011-07-07 15:56 . 2000-05-19 22:56 81920 ----a-w- c:\windows\SysWow64\mbmouse.ocx
2011-07-07 15:56 . 2011-07-07 15:56 -------- d-----w- c:\program files (x86)\Solid Mp4 to DVD Converter and Burner
2011-07-07 15:38 . 2011-07-07 15:38 -------- d-----w- c:\users\Leslie\.thumb
2011-07-07 15:38 . 2011-07-07 15:38 -------- d-----w- c:\program files (x86)\DVDStyler
2011-07-07 05:13 . 2011-07-11 23:58 -------- d-----w- C:\ZillaTube
2011-07-04 00:30 . 2011-07-04 00:30 -------- d-----w- c:\program files (x86)\A-Ray Scanner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-17 20:35 . 2009-12-14 06:42 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-07-17 20:34 . 2009-12-28 06:06 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-06-02 05:56 . 2011-07-13 02:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-28 03:25 . 2011-06-17 14:30 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-28 03:00 . 2011-06-17 14:30 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-05-25 00:14 . 2010-01-30 05:15 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 02:51 . 2011-06-16 16:42 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:51 . 2011-06-16 16:42 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-04 02:51 . 2011-06-16 16:42 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-03 05:21 . 2011-06-16 16:33 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-03 04:50 . 2011-06-16 16:33 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-04-29 03:13 . 2011-06-16 16:33 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 03:12 . 2011-06-16 16:33 399872 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 03:12 . 2011-06-16 16:33 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:57 . 2011-06-16 16:42 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-04-25 05:32 . 2011-06-16 16:42 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:44 . 2011-06-16 16:42 499712 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-22 20:18 . 2011-05-25 18:04 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-22 20:18 . 2011-06-17 14:30 1197056 ----a-w- c:\windows\system32\wininet.dll
2011-04-22 20:14 . 2011-06-17 14:30 57856 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-22 19:31 . 2011-06-17 14:30 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-04-22 19:31 . 2011-06-17 14:30 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-04-22 18:49 . 2011-06-17 14:30 482816 ----a-w- c:\windows\system32\html.iec
2011-04-22 18:23 . 2011-06-17 14:30 386048 ----a-w- c:\windows\SysWow64\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 18:29 1490312 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2009-12-14 289584]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"Olympus ib"="c:\program files (x86)\Olympus\ib\olycamdetect.exe" [2009-10-31 93376]
"SmileboxTray"="c:\users\Leslie\AppData\Roaming\Smilebox\SmileboxTray.exe" [2011-07-07 313160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"MDS_Menu"="c:\program files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-06-24 534880]
.
c:\users\Leslie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files (x86)\LimeWire\LimeWire.exe [2010-2-19 503808]
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-1-6 113664]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-5-24 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2010-01-05 9968]
R1 SASKUTIL;SASKUTIL;c:\program files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2010-01-05 74480]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1ca7ad165fa20c6;Google Update Service (gupdate1ca7ad165fa20c6);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-12 133104]
R2 SSDPSRV32;SSDP Discovery ;c:\windows\system32\efscore32.exe [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-12 133104]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-01-05 7408]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [x]
S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2011-06-24 393112]
S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2011-07-14 6746280]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-04-20 14:25]
.
2011-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-12 02:18]
.
2011-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-12 02:18]
.
2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1000453856-4093802158-1140146982-1001Core.job
- c:\users\Leslie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-01 02:30]
.
2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1000453856-4093802158-1140146982-1001UA.job
- c:\users\Leslie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-01 02:30]
.
2011-07-18 c:\windows\Tasks\Norton Security Scan for Leslie.job
- c:\progra~2\NORTON~2\Engine\301~1.8\Nss.exe [2011-01-12 16:39]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 171520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: 알툴바 빠른검색(&Q) -
TCP: DhcpNameServer = 97.64.183.164 97.64.209.37
FF - ProfilePath - c:\users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\4sv0av33.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=18-05-2010&tb_mrud=18-05-2010
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://boards.4chan.org/x/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{022E872E-6A7B-4C05-8C10-89A6B17FB8D9} - c:\windows\SysWow64\api-ms-win-core-misc-l1-1-032.dll
Wow6432Node-HKCU-Run-conhost - c:\users\Leslie\AppData\Roaming\Microsoft\conhost.exe
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\ewido anti-malware\ewidoctrl.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2011-07-18 22:08:17 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-19 03:08
.
Pre-Run: 43,944,947,712 bytes free
Post-Run: 46,351,167,488 bytes free
.
- - End Of File - - 82569607AECD32049313C0D9DCA07776

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:49 PM

Posted 19 July 2011 - 06:07 AM

Hi,

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


NEXT


Go here to run an online scanner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:49 PM

Posted 26 July 2011 - 07:32 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users