[WhiteHat]

Hi,

You use a router to connect to the internet?

Please reopen on your desktop.

• Under the box at the bottom, paste in the following
  
  

  :Files
  ipconfig /flushdns /c
  
  :Commands
  [CREATERESTOREPOINT]
  [EMPTYTEMP]

• Then click the button at the top
• Let the program run unhindered, reboot the PC when it is done
• Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

[Advertisements]

I do have a wireless router, but I am hardwired into it.


All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Stephanie\Desktop\virus removal\cmd.bat deleted successfully.
C:\Users\Stephanie\Desktop\virus removal\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Stephanie
->Temp folder emptied: 21328773 bytes
->Temporary Internet Files folder emptied: 92382111 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 500918353 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2957 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25202 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 6279168 bytes

Total Files Cleaned = 592.00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 08212012_091858

Files\Folders moved on Reboot...
C:\Users\Stephanie\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Stephanie\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

[The-Infected]

I do have a wireless router, but I am hardwired into it.


All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Stephanie\Desktop\virus removal\cmd.bat deleted successfully.
C:\Users\Stephanie\Desktop\virus removal\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Stephanie
->Temp folder emptied: 21328773 bytes
->Temporary Internet Files folder emptied: 92382111 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 500918353 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2957 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25202 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 6279168 bytes

Total Files Cleaned = 592.00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 08212012_091858

Files\Folders moved on Reboot...
C:\Users\Stephanie\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Stephanie\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

[WhiteHat]

Change your DNS to the Google Public DNS:
https://developers.g...eed/public-dns/

Then, see if the redirection still happens.

[The-Infected]

My frequency of getting redirected seems to have dropped, but I am still getting redirected.

[WhiteHat]

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks





When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

After the run you may have internet problems or access to somethng problems. Simply reboot the computer.

[The-Infected]

I still get the notice that malwarebites has blocked something almost every time I open the browser. I disabled the anti-virus software while I ran the program, but the computer restarted and the anti-virus program opened up automatically. I hope this did not screw things up. Here is the log file. If I get redirected again, I will post it...so far so good.

ComboFix 12-08-22.01 - Stephanie 08/22/2012 9:46.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6309 [GMT -7:00]
Running from: c:\users\Stephanie\Desktop\virus removal\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\bflixtoolbar
c:\program files (x86)\bflixtoolbar\chrome\content\lib\about.xml
c:\program files (x86)\bflixtoolbar\chrome\content\lib\dtxpanel.xul
c:\program files (x86)\bflixtoolbar\chrome\content\lib\dtxpaneltransparent.xul
c:\program files (x86)\bflixtoolbar\chrome\content\lib\dtxpanelwin.xul
c:\program files (x86)\bflixtoolbar\chrome\content\lib\dtxprefwin.xul
c:\program files (x86)\bflixtoolbar\chrome\content\lib\dtxtransparentwin.xul
c:\program files (x86)\bflixtoolbar\chrome\content\lib\dtxwin.xul
c:\program files (x86)\bflixtoolbar\chrome\content\lib\emailnotifierproviders.xml
c:\program files (x86)\bflixtoolbar\chrome\content\lib\neterror.xhtml
c:\program files (x86)\bflixtoolbar\chrome\content\lib\rsspreview.html
c:\program files (x86)\bflixtoolbar\chrome\content\lib\rsswin.xml
c:\program files (x86)\bflixtoolbar\chrome\content\lib\rsswin.xsl
c:\program files (x86)\bflixtoolbar\chrome\content\lib\wmpstreamer.html
c:\program files (x86)\bflixtoolbar\chrome\content\modules\datastore.jsm
c:\program files (x86)\bflixtoolbar\chrome\content\neterror.xhtml
c:\program files (x86)\bflixtoolbar\chrome\content\newtab\images\btn_search.gif
c:\program files (x86)\bflixtoolbar\chrome\content\newtab\images\bullet.gif
c:\program files (x86)\bflixtoolbar\chrome\content\newtab\images\field_bg.gif
c:\program files (x86)\bflixtoolbar\chrome\content\newtab\images\powered_by_yahoo.gif
c:\program files (x86)\bflixtoolbar\chrome\content\newtab\newtab.html
c:\program files (x86)\bflixtoolbar\chrome\content\newtab\newtab_mystart.html
c:\program files (x86)\bflixtoolbar\chrome\content\newtab\newtab_yahoo.html
c:\program files (x86)\bflixtoolbar\chrome\content\preferences.xml
c:\program files (x86)\bflixtoolbar\chrome\content\template.xml
c:\program files (x86)\bflixtoolbar\chrome\content\toolbar.htm
c:\program files (x86)\bflixtoolbar\chrome\content\toolbar.xul
c:\program files (x86)\bflixtoolbar\chrome\content\vmnrsswin.xml
c:\program files (x86)\bflixtoolbar\chrome\data\dynamicElements\vmntoolbar.xsl
c:\program files (x86)\bflixtoolbar\chrome\data\product.xml
c:\program files (x86)\bflixtoolbar\chrome\data\rss\rss.xml
c:\program files (x86)\bflixtoolbar\chrome\data\search\engines.xml
c:\program files (x86)\bflixtoolbar\chrome\data\search\search.xsl
c:\program files (x86)\bflixtoolbar\chrome\data\weather\icons.xml
c:\program files (x86)\bflixtoolbar\chrome\skin\1x1_png
c:\program files (x86)\bflixtoolbar\chrome\skin\1x1_white_png
c:\program files (x86)\bflixtoolbar\chrome\skin\about.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\about_logo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\arcade_png
c:\program files (x86)\bflixtoolbar\chrome\skin\babylon_logo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\bflix_logo_png
c:\program files (x86)\bflixtoolbar\chrome\skin\blank_png
c:\program files (x86)\bflixtoolbar\chrome\skin\bluelite.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\bluesky.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\btn-search-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\btn-search.png
c:\program files (x86)\bflixtoolbar\chrome\skin\btn-settings-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\btn-settings.png
c:\program files (x86)\bflixtoolbar\chrome\skin\btn-widgets-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\btn-widgets.png
c:\program files (x86)\bflixtoolbar\chrome\skin\btn_settings.png
c:\program files (x86)\bflixtoolbar\chrome\skin\ca.png
c:\program files (x86)\bflixtoolbar\chrome\skin\dictionary.png
c:\program files (x86)\bflixtoolbar\chrome\skin\divider.png
c:\program files (x86)\bflixtoolbar\chrome\skin\downloadcom.png
c:\program files (x86)\bflixtoolbar\chrome\skin\dtxlogo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\email.png
c:\program files (x86)\bflixtoolbar\chrome\skin\email_on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\facebook.png
c:\program files (x86)\bflixtoolbar\chrome\skin\facebook_png
c:\program files (x86)\bflixtoolbar\chrome\skin\games.png
c:\program files (x86)\bflixtoolbar\chrome\skin\Games_png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphna.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred0.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred0_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred1.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred1_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred2.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred2_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred3.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred3_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred4.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred4_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphredna.png
c:\program files (x86)\bflixtoolbar\chrome\skin\grey.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\ico-shield.png
c:\program files (x86)\bflixtoolbar\chrome\skin\images.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lfg_smll_png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\add.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\alexabutton.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\aol.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\arrow-dn.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\arrow-right.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\arrow-up.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btn-divider.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btn-end.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btn-mdl.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btn-start.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btnover-divider.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btnover-end.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btnover-start.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\blank.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btn-widgets-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btn-widgets.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btn_slider.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btnback-down-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btnback-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btnleft-down-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btnleft-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btnright-down-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btnright-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\button-splitter-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\button-splitter.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\checkmark.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\chevron.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\collapse.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\comcast.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\debugbar\debug.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\dtx-test.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\dtx.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\edit-back-hot.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\edit-back.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\embarq.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\expand.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\fast.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\found.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\gmail.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\gripper.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\highlight.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\highlight_blue.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\highlight_cyan.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\highlight_lime.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\highlight_magenta.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\highlight_yellow.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\hotmail.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\ico-check.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\imap.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\launchers.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\loadingMid.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\lock.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\logo-separator.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\mailcom.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menu_bg-basic.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menu_separator_bar.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menu_separator_white.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitem-splitter.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitemback-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitemleft-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitemleft.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitemright-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\minus.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\modify.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\move.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\movetarget.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\newsitem.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\css\panels.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\css\popupGames.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\default.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\main.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\footer.htm
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\gameList.xsl
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\games.xsl
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\gametype.xsl
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-back.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-next.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\ico-download.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\ico-play.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\icon-download.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\icon-play.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollb.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollt.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\widgets.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\initHTML.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\popupGames.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\popupHTML.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\popupRSS.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\popupWidgets.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\scroll.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\plus.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\pop.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\css\manager.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\css\slider.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\music-note.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-options.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\slider.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\slideron.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\track.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\managerpanel.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\volumeslider.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank0.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank0_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank1.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank1_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank2.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank2_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank3.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank3_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank4.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank4_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rankna.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\reload.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\remove.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rename.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\resize-box.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rss.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rsschannelback.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\RSSLogo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rsstabdivider.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\scroll-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\scroll-right.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\search-go.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\search.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\separator.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\text-ellipsis.xml
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\throbber.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\toolbarsplitter.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\transparent_1px.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_02.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_03.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_04.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_06.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_07.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_08.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_09.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_10.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_11.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_12.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_13.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_14.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_15.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_16.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_18.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_19.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_20.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_21.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\close-hot.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\close-normal.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\proxy.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\template.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\template.xml
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\templateFF.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\throbber.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\websiteinspector-highrisk-user.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\websiteinspector-highrisk.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\websiteinspector-lowrisk.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\websiteinspector-norating.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\websiteinspector-verified-user.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\websiteinspector-verified.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\websiteinspector-verifying.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\yahoo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lichen.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\Linked_in_png
c:\program files (x86)\bflixtoolbar\chrome\skin\logo-about.png
c:\program files (x86)\bflixtoolbar\chrome\skin\logo-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\logo-separator.png
c:\program files (x86)\bflixtoolbar\chrome\skin\logo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\mail.png
c:\program files (x86)\bflixtoolbar\chrome\skin\menuseparatorback.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\modify-save.png
c:\program files (x86)\bflixtoolbar\chrome\skin\modify.png
c:\program files (x86)\bflixtoolbar\chrome\skin\modifyhot.png
c:\program files (x86)\bflixtoolbar\chrome\skin\music.png
c:\program files (x86)\bflixtoolbar\chrome\skin\music_png
c:\program files (x86)\bflixtoolbar\chrome\skin\Myspace_png
c:\program files (x86)\bflixtoolbar\chrome\skin\namespacetoolbar.css
c:\program files (x86)\bflixtoolbar\chrome\skin\news.png
c:\program files (x86)\bflixtoolbar\chrome\skin\options-main.png
c:\program files (x86)\bflixtoolbar\chrome\skin\options-search.png
c:\program files (x86)\bflixtoolbar\chrome\skin\options\options-main.png
c:\program files (x86)\bflixtoolbar\chrome\skin\options\options-search.png
c:\program files (x86)\bflixtoolbar\chrome\skin\options\options-weather.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\options\options-weather.png
c:\program files (x86)\bflixtoolbar\chrome\skin\options\options-widgets.png
c:\program files (x86)\bflixtoolbar\chrome\skin\orange.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\p_yahoo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\pixsy.png
c:\program files (x86)\bflixtoolbar\chrome\skin\ppcbully.png
c:\program files (x86)\bflixtoolbar\chrome\skin\protect-id.png
c:\program files (x86)\bflixtoolbar\chrome\skin\relatedlinks.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-collapse.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-delete.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-expand.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-feed.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-folder-remove.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-folder-rename.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-folder.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-found.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-reload.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-subscribe.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rssback.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\rsstopback.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\search-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\search.png
c:\program files (x86)\bflixtoolbar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files (x86)\bflixtoolbar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files (x86)\bflixtoolbar\chrome\skin\settings.png
c:\program files (x86)\bflixtoolbar\chrome\skin\shopping.png
c:\program files (x86)\bflixtoolbar\chrome\skin\siteinfo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\skin-bluelite.png
c:\program files (x86)\bflixtoolbar\chrome\skin\skin-bluesky.png
c:\program files (x86)\bflixtoolbar\chrome\skin\skin-grey.png
c:\program files (x86)\bflixtoolbar\chrome\skin\skin-lichen.png
c:\program files (x86)\bflixtoolbar\chrome\skin\skin-orange.png
c:\program files (x86)\bflixtoolbar\chrome\skin\skin-yellow.png
c:\program files (x86)\bflixtoolbar\chrome\skin\skin.xml
c:\program files (x86)\bflixtoolbar\chrome\skin\technorati.png
c:\program files (x86)\bflixtoolbar\chrome\skin\throbber.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\toolbarsplitter.png
c:\program files (x86)\bflixtoolbar\chrome\skin\translate.png
c:\program files (x86)\bflixtoolbar\chrome\skin\TRUSTe_about.png
c:\program files (x86)\bflixtoolbar\chrome\skin\tv_png
c:\program files (x86)\bflixtoolbar\chrome\skin\twitter_png
c:\program files (x86)\bflixtoolbar\chrome\skin\vmn.css
c:\program files (x86)\bflixtoolbar\chrome\skin\vmn.png
c:\program files (x86)\bflixtoolbar\chrome\skin\Weather_png
c:\program files (x86)\bflixtoolbar\chrome\skin\web.png
c:\program files (x86)\bflixtoolbar\chrome\skin\websearch.png
c:\program files (x86)\bflixtoolbar\chrome\skin\wikipedia.png
c:\program files (x86)\bflixtoolbar\chrome\skin\yahoosearch.png
c:\program files (x86)\bflixtoolbar\chrome\skin\yellow.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\youtube.png
c:\program files (x86)\bflixtoolbar\chrome\skin\zoom.png
c:\program files (x86)\bflixtoolbar\manifest.xml
c:\program files (x86)\bflixtoolbar\partner.xml
c:\users\Stephanie\AppData\Roaming\Microsoft\Windows\Recent\ocean-water(by shkumbin ferizi).mat
c:\users\Stephanie\AppData\Roaming\Microsoft\Windows\Recent\plastik.mat
c:\users\Stephanie\AppData\Roaming\Microsoft\Windows\Recent\Pool Water.mat
c:\users\Stephanie\AppData\Roaming\Microsoft\Windows\Recent\red_metal jevi_infinity.mat
c:\users\Stephanie\AppData\Roaming\Microsoft\Windows\Recent\RUBBER GRIP.mat
c:\users\Stephanie\AppData\Roaming\Microsoft\Windows\Recent\rusted metal (2).mat
c:\users\Stephanie\AppData\Roaming\Microsoft\Windows\Recent\rusted metal.mat
c:\users\Stephanie\AppData\Roaming\Microsoft\Windows\Recent\SpringWater.mat
c:\users\Stephanie\AppData\Roaming\Microsoft\Windows\Recent\Stainless StYLe.mat
c:\users\Stephanie\AppData\Roaming\Microsoft\Windows\Recent\Steel Blue.mat
c:\users\Stephanie\AppData\Roaming\Microsoft\Windows\Recent\terriccio.mat
.
.
((((((((((((((((((((((((( Files Created from 2012-07-22 to 2012-08-22 )))))))))))))))))))))))))))))))
.
.
2012-08-21 08:52 . 2012-08-01 22:58 9309624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{78A23909-820D-4548-A31C-DCE5F3C0C6B0}\mpengine.dll
2012-08-16 17:15 . 2012-08-16 17:16 -------- d-----w- c:\users\Stephanie\AppData\Roaming\Luxology
2012-08-15 23:33 . 2012-08-15 23:33 -------- d-----w- c:\users\Stephanie\AppData\Local\Macromedia
2012-08-15 23:32 . 2012-08-15 23:32 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 23:32 . 2012-08-15 23:32 -------- d-----w- c:\windows\system32\Macromed
2012-08-15 01:21 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 01:21 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 01:21 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 01:21 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 01:21 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 01:21 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 01:20 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 01:20 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 01:20 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 01:20 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 01:20 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 01:20 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-13 21:24 . 2012-08-13 21:24 -------- d-----w- c:\programdata\ALM
2012-08-13 21:23 . 2008-02-06 10:00 54480 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2012-08-13 21:23 . 2012-08-13 21:23 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2012-08-13 21:23 . 2012-08-13 21:23 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-08-13 21:20 . 2008-04-07 12:38 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-08-13 21:16 . 2012-08-13 21:16 -------- d-----w- c:\windows\SysWow64\spool
2012-08-13 21:16 . 2012-08-13 21:16 -------- d-----w- c:\program files (x86)\Adobe Media Player
2012-08-13 18:35 . 2012-08-13 18:35 -------- d-----w- c:\users\Stephanie\AppData\Roaming\Malwarebytes
2012-08-13 18:35 . 2012-08-13 18:35 -------- d-----w- c:\programdata\Malwarebytes
2012-08-13 18:35 . 2012-08-13 18:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-13 18:35 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-10 18:02 . 2012-08-10 18:02 -------- d-----w- C:\_OTL
2012-08-10 17:46 . 2012-08-10 17:46 -------- d-----w- c:\users\Stephanie\AppData\Local\HuluDesktop
2012-08-10 17:32 . 2012-07-14 00:17 136672 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-08-10 16:53 . 2012-08-10 16:53 -------- d-----w- C:\_OTM
2012-08-06 17:54 . 2012-08-10 17:45 -------- d-----w- c:\program files (x86)\Google
2012-08-06 17:14 . 2012-08-06 18:05 -------- d-----w- c:\program files (x86)\PC Tools
2012-08-06 17:12 . 2012-08-06 18:05 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-08-06 17:12 . 2012-06-22 22:35 251560 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-08-06 17:11 . 2012-08-06 18:04 -------- d-----w- c:\programdata\PC Tools
2012-08-06 17:11 . 2012-08-06 17:11 -------- d-----w- c:\users\Stephanie\AppData\Roaming\TestApp
2012-07-31 16:43 . 2012-07-31 16:43 -------- d-----w- c:\program files (x86)\3Dconnexion
2012-07-30 22:43 . 2012-07-30 22:43 -------- d-----w- c:\users\Stephanie\AppData\Local\{FC5A9E52-DA97-11E1-8270-B8AC6F996F26}
2012-07-30 22:42 . 2012-07-30 22:42 -------- d-----w- c:\windows\Sun
2012-07-30 19:13 . 2012-07-30 19:13 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2012-07-30 19:10 . 2012-07-31 20:10 -------- d-----w- c:\windows\AutoKMS
2012-07-30 19:06 . 2012-07-30 19:06 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-07-30 19:05 . 2012-07-30 19:05 -------- d-----w- c:\windows\PCHEALTH
2012-07-30 19:05 . 2012-07-30 19:05 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2012-07-30 19:01 . 2012-07-30 19:01 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-07-30 16:20 . 2012-07-30 16:28 -------- d-----w- c:\users\Stephanie\AppData\Local\NPE
2012-07-26 18:06 . 2012-08-21 00:17 -------- d-----w- c:\users\Stephanie\AppData\Roaming\VASSAL
2012-07-26 18:05 . 2012-07-26 18:05 -------- d-----w- c:\program files (x86)\VASSAL
2012-07-26 18:05 . 2012-07-26 18:05 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-26 18:05 . 2012-07-26 18:05 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-26 18:05 . 2012-07-26 18:05 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-26 18:05 . 2012-07-26 18:05 -------- d-----w- c:\program files (x86)\Java
2012-07-24 22:14 . 2012-08-10 18:03 -------- d-----w- c:\programdata\AVG2012
2012-07-24 22:14 . 2012-08-10 17:42 -------- d-----w- C:\$AVG
2012-07-24 22:14 . 2012-07-24 22:14 -------- d-----w- c:\program files (x86)\AVG
2012-07-24 22:11 . 2012-08-10 17:43 -------- d-----w- c:\programdata\MFAData
2012-07-24 22:11 . 2012-07-24 22:11 -------- d--h--w- c:\programdata\Common Files
2012-07-24 15:52 . 2012-07-24 15:52 -------- d-----w- c:\program files (x86)\SolidWorks Corp
2012-07-24 15:51 . 2012-07-24 15:51 -------- d-----w- c:\users\Stephanie\AppData\Roaming\help_images_otherUI
2012-07-24 15:42 . 2012-07-24 15:52 -------- d-----w- c:\program files\Common Files\SolidWorks Shared
2012-07-24 15:42 . 2012-07-24 15:52 -------- d-----w- c:\program files\SolidWorks Corp
2012-07-24 15:42 . 2012-07-24 15:42 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-07-24 15:42 . 2012-07-24 15:42 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-07-24 15:40 . 2012-07-24 15:40 -------- d-----w- c:\program files (x86)\MSECache
2012-07-24 15:39 . 2012-07-24 15:40 -------- d-----w- c:\program files (x86)\Common Files\SolidWorks Installation Manager
2012-07-24 15:38 . 2012-07-24 15:40 -------- d-----w- c:\windows\SolidWorks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 23:32 . 2011-08-30 23:02 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 10:00 . 2012-02-27 18:04 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-12 01:02 . 2012-07-12 01:02 45056 ----a-w- c:\windows\system32\Launch3DxGUI.cpl
2012-07-12 01:00 . 2012-07-12 01:00 109056 ----a-w- c:\windows\system32\siappdll.dll
2012-07-12 00:59 . 2012-07-12 00:59 56832 ----a-w- c:\windows\system32\spwini.dll
2012-07-12 00:54 . 2012-07-12 00:54 85504 ----a-w- c:\windows\SysWow64\siappdll.dll
2012-07-12 00:53 . 2012-07-12 00:53 45568 ----a-w- c:\windows\SysWow64\spwini.dll
2012-06-09 05:43 . 2012-07-11 04:27 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 15:49 . 2012-06-06 15:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 04:27 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 04:27 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 04:26 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 04:27 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 04:27 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 04:26 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-24 05:43 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-24 05:43 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-24 05:43 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-24 05:43 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-24 05:43 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-24 05:43 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-24 05:43 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-24 05:43 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-24 05:43 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:50 . 2012-07-11 04:26 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 04:26 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 04:26 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 04:26 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 04:26 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 04:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 04:26 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 04:26 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 04:26 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 19:25 . 2011-08-26 00:38 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoToMeeting"="c:\program files (x86)\Citrix\GoToMeeting\723\g2mstart.exe" [2011-10-21 39816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 98304]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Network Server.lnk - c:\program files (x86)\WIBUKEY\Server\WkSvMgr.exe [2011-8-30 5724472]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
SolidWorks Background Downloader.lnk - c:\program files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe [2012-7-24 1855560]
Start 3DxWare.lnk - c:\program files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3dxsrv.exe [2012-7-11 134656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2011-09-27 89160]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2009-06-12 287960]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-04-12 1431888]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-30 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-27 1255736]
R3 Wibukey2_64;Wibukey2_64;c:\windows\system32\drivers\wibukey2_64.sys [2009-08-07 16896]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-02-06 54480]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/03/19 09:29];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-09-18 00:41 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-11 202752]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-03-13 86016]
S2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-13 86016]
S2 WkSvw32.exe;WibuKey Server;c:\program files (x86)\WIBUKEY\Server\WkSvw32.exe [2009-12-03 587264]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-02-11 6368256]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-02-11 188416]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 23:32]
.
2012-08-06 c:\windows\Tasks\HPCeeScheduleForStephanie.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-14 610360]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 68.87.69.146 68.87.85.98
TCP: Interfaces\{E6886B1E-9A15-4B1A-AECF-8AC98AE49601}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\u87xppst.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7Bfc608fca-98a3-4ea4-a509-011872d21881%7D&mid=d0107a36cbe747d0aa00a138fae7a6ff-b2b78168b11e3152c4b88a808fa9c460efaf0700&ds=AVG&v=12.2.0.5&lang=en&pr=fr&d=2012-08-10%2010%3A36%3A25&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-HPADVISOR - c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Citrix\GoToMeeting\723\g2mcomm.exe
c:\program files (x86)\Citrix\GoToMeeting\723\g2mlauncher.exe
.
**************************************************************************
.
Completion time: 2012-08-22 09:56:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-22 16:56
.
Pre-Run: 818,822,266,880 bytes free
Post-Run: 818,430,840,832 bytes free
.
- - End Of File - - AC8E5081F60E588BE6338E0A3EC96926

[WhiteHat]

Hi,

Your logs are clean.

I still get the notice that malwarebites has blocked something almost every time I open the browser.

Check the MBAM reports and see if he reports the name of the detection or other detail.

[The-Infected]

I am still being redirected. It seems to happen on the first sight I click on after the computer has sat idle for a long time.

[WhiteHat]

Hi,

Please, can you check if the redirection happens in other browser, such as Internet Explorer or Google Chrome?

[The-Infected]

I have been playing around with it for a couple of days, and it appears to only be happening with Firefox.

[WhiteHat]

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List IP configuration
• List Winsock Entries
• List last 10 Event Viewer log
• List Installed Programs
• List Devices
• List Users, Partitions and Memory size.
• List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.