Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help With the removal of Trojan.Agent svchost.exe


  • This topic is locked This topic is locked
16 replies to this topic

#1 Axel55

Axel55

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 14 February 2012 - 03:40 PM

Malwarebytes has detected svchost.exe as a trojan but whenever i remove it it keeps on coming back. this has caused my computer to blue screen multiple times and it only works in safe mode.i would appreciate any help. here is my dds.txt log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Blanca at 13:58:34 on 2012-02-14
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.1013.342 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
mURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Complitly: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - C:\Users\Blanca\AppData\Roaming\Complitly\Complitly.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: AOL Messaging Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: BandooIEPlugin Class: {eb5cee80-030a-4ed8-8e20-454e9c68380f} - C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
TB: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll
TB: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Spotify] "C:\Users\Blanca\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EBOOKU~1.LNK - C:\Program Files (x86)\eBook Technologies\eBook USB Driver\TrayEBU.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - C:\Users\Blanca\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{83555019-C6A1-477A-A45C-BF8487C18593} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\progra~2\bandoo\bndhook.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Blanca\AppData\Roaming\Complitly\Complitly.dll
BHO-X64: Complitly - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO-X64: Conduit Engine - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll
BHO-X64: Freecorder Toolbar - No File
BHO-X64: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
BHO-X64: DVDVideoSoftTB - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: AOL Messaging Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
BHO-X64: AOL Messaging Toolbar Loader - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: BandooIEPlugin Class: {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll
BHO-X64: Bandoo IE Plugin - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
TB-X64: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll
TB-X64: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
AppInit_DLLs-X64: c:\progra~2\bandoo\bndhook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Blanca\AppData\Roaming\Mozilla\Firefox\Profiles\u6chgggi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20120126205143896&tb_oid=26-01-2012&tb_mrud=26-01-2012
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20120126205143896&tb_oid=26-01-2012&tb_mrud=26-01-2012&query=
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\allglassv2@ambroos.neowin.net\components\dwmxpcom.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: C:\Users\Blanca\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.dll
FF - component: C:\Users\Blanca\AppData\Roaming\Mozilla\Firefox\Profiles\u6chgggi.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: C:\Users\Blanca\AppData\Roaming\Mozilla\Firefox\Profiles\u6chgggi.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
FF - plugin: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Blanca\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
FF - plugin: C:\Users\Blanca\Desktop\Picasa3\npPicasa3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys --> C:\Windows\system32\DRIVERS\epfwtdir.sys [?]
R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2010-6-11 33792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ekrn;Eset Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2008-6-10 468224]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-10 135664]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-3 652360]
S3 03391360;03391360;C:\Windows\system32\drivers\45000694.sys --> C:\Windows\system32\drivers\45000694.sys [?]
S3 07736222;07736222;C:\Windows\system32\drivers\29282726.sys --> C:\Windows\system32\drivers\29282726.sys [?]
S3 21487290;21487290;C:\Windows\system32\drivers\81878291.sys --> C:\Windows\system32\drivers\81878291.sys [?]
S3 42637477;42637477;C:\Windows\system32\drivers\45143800.sys --> C:\Windows\system32\drivers\45143800.sys [?]
S3 75751116;75751116;C:\Windows\system32\drivers\84598489.sys --> C:\Windows\system32\drivers\84598489.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-10 135664]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-02-13 02:38:41 20480 ----a-w- C:\Windows\svchost.exe
2012-02-13 00:49:03 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-13 00:41:04 -------- d-----w- C:\Program Files (x86)\61658
2012-02-13 00:40:26 -------- d-----w- C:\Program Files (x86)\LP
2012-02-08 23:51:13 -------- d-----w- C:\Users\Blanca\.gimp-2.6
2012-02-08 23:50:11 -------- d-----w- C:\Program Files (x86)\GIMP-2.0
2012-02-08 23:41:06 -------- d-----w- C:\Users\Blanca\.thumbnails
2012-02-08 23:40:05 -------- d-----w- C:\Program Files\Blender Foundation
2012-02-05 22:51:32 -------- d-----w- C:\Users\Blanca\AppData\Local\{5204EEB5-6996-4FAA-B0C6-2D04E8846C97}
2012-02-05 22:50:58 -------- d-----w- C:\Users\Blanca\AppData\Local\{C9A70094-9280-4702-AF6C-36C82B7CC2AC}
2012-01-26 20:52:33 -------- d-----w- C:\ProgramData\AIM Toolbar
2012-01-26 20:52:33 -------- d-----w- C:\Program Files (x86)\AIM Toolbar
2012-01-26 20:51:52 -------- d-----w- C:\Program Files (x86)\Common Files\Software Update Utility
2012-01-26 20:51:07 -------- d-----w- C:\Users\Blanca\AppData\Local\AOL
2012-01-26 20:51:07 -------- d-----w- C:\Users\Blanca\AppData\Local\AIM
2012-01-26 20:50:52 -------- d-----w- C:\ProgramData\AIM
2012-01-26 20:50:40 -------- d-----w- C:\Program Files (x86)\AIM
2012-01-26 20:50:28 -------- d-----w- C:\Program Files (x86)\Common Files\AOL
2012-01-26 09:23:14 -------- d-----w- C:\Users\Blanca\AppData\Local\{EAF4D5C9-71D4-45C4-9282-6CA8EF6CE179}
2012-01-26 09:22:38 -------- d-----w- C:\Users\Blanca\AppData\Local\{8FB258A8-2A5A-4FF9-803A-A136934AAB19}
2012-01-26 04:56:09 -------- d-----w- C:\Users\Blanca\AppData\Local\Spotify
.
==================== Find3M ====================
.
2012-02-10 01:57:05 1682 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys
2012-02-05 22:50:42 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 21:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-03 07:23:22 111408 ----a-w- C:\Windows\System32\drivers\45000694.sys
2011-12-03 07:13:04 111408 ----a-w- C:\Windows\System32\drivers\84598489.sys
2011-12-03 07:12:54 111408 ----a-w- C:\Windows\System32\drivers\45143800.sys
2011-12-03 07:12:38 111408 ----a-w- C:\Windows\System32\drivers\29282726.sys
2011-12-03 07:11:24 111408 ----a-w- C:\Windows\System32\drivers\81878291.sys
2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-11-19 15:07:41 77312 ----a-w- C:\Windows\System32\packager.dll
2011-11-19 14:06:13 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2011-11-17 07:17:03 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 07:17:02 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 07:15:08 460296 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 07:14:10 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-17 07:12:02 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 07:11:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 07:11:33 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 07:11:02 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 07:10:58 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 07:08:18 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 07:05:16 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:41:38 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-17 05:39:28 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:39:21 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:39:21 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:35:13 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 13:59:53.60 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:03 PM

Posted 16 February 2012 - 11:11 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Axel55

Axel55
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 16 February 2012 - 10:35 PM

Thank for the help i really appreciate it. no real changes right now but we just started.
here is the log.

ComboFix 12-02-16.02 - Blanca 16/02/2012 21:17:00.2.2 - x64 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.1013.597 [GMT -6:00]
Running from: c:\users\Blanca\Desktop\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
---- Previous Run -------
.
C:\Install.exe
c:\program files (x86)\Bandoo\Plugins\IE\iePLugin.dll
c:\program files (x86)\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
c:\users\Blanca\AppData\Roaming\4AA6.D7A
c:\users\Blanca\AppData\Roaming\Mozilla\Firefox\Profiles\u6chgggi.default\searchplugins\bing-zugo.xml
c:\users\Blanca\AppData\Roaming\Mozilla\Firefox\Profiles\u6chgggi.default\searchplugins\SearchquWebSearch.xml
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-17 to 2012-02-17 )))))))))))))))))))))))))))))))
.
.
2012-02-17 03:25 . 2012-02-17 03:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-13 00:49 . 2012-02-13 02:57 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-13 00:41 . 2012-02-13 00:41 -------- d-----w- c:\program files (x86)\61658
2012-02-09 00:01 . 2012-02-09 00:19 -------- d-----w- c:\users\Blanca\AppData\Roaming\gtk-2.0
2012-02-08 23:51 . 2012-02-09 00:22 -------- d-----w- c:\users\Blanca\.gimp-2.6
2012-02-08 23:50 . 2012-02-08 23:50 -------- d-----w- c:\program files (x86)\GIMP-2.0
2012-02-08 23:41 . 2012-02-08 23:41 -------- d-----w- c:\users\Blanca\.thumbnails
2012-02-08 23:40 . 2012-02-08 23:40 -------- d-----w- c:\program files\Blender Foundation
2012-02-05 22:50 . 2012-02-05 22:50 -------- d-----w- c:\windows\system32\Macromed
2012-01-26 20:52 . 2012-01-26 20:52 -------- d-----w- c:\program files (x86)\AIM Toolbar
2012-01-26 20:52 . 2012-01-26 20:52 -------- d-----w- c:\programdata\AIM Toolbar
2012-01-26 20:51 . 2012-01-26 20:51 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility
2012-01-26 20:51 . 2012-01-26 20:52 -------- d-----w- c:\users\Blanca\AppData\Roaming\acccore
2012-01-26 20:51 . 2012-01-26 20:51 -------- d-----w- c:\users\Blanca\AppData\Local\AIM
2012-01-26 20:51 . 2012-01-26 20:51 -------- d-----w- c:\users\Blanca\AppData\Local\AOL
2012-01-26 20:50 . 2012-01-26 20:50 -------- d-----w- c:\programdata\AIM
2012-01-26 20:50 . 2012-01-26 20:50 -------- d-----w- c:\program files (x86)\AIM
2012-01-26 20:50 . 2012-01-26 20:50 -------- d-----w- c:\program files (x86)\Common Files\AOL
2012-01-26 04:56 . 2012-02-05 22:54 -------- d-----w- c:\users\Blanca\AppData\Local\Spotify
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-05 22:50 . 2011-06-02 01:14 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 21:24 . 2011-12-12 11:52 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-03 07:23 . 2011-12-03 07:23 111408 ----a-w- c:\windows\system32\drivers\45000694.sys
2011-12-03 07:13 . 2011-12-03 07:13 111408 ----a-w- c:\windows\system32\drivers\84598489.sys
2011-12-03 07:12 . 2011-12-03 07:12 111408 ----a-w- c:\windows\system32\drivers\45143800.sys
2011-12-03 07:12 . 2011-12-03 07:12 111408 ----a-w- c:\windows\system32\drivers\29282726.sys
2011-12-03 07:11 . 2011-12-03 07:11 111408 ----a-w- c:\windows\system32\drivers\81878291.sys
2011-11-24 05:00 . 2011-12-14 00:19 3141632 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 11:40 . 2011-12-09 21:05 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5F56215D-B1DA-4DBE-A5B6-C66119C2BB51}\mpengine.dll
2011-11-19 15:07 . 2012-01-11 16:41 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:06 . 2012-01-11 16:41 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
2011-06-24 15:04 81920 ----a-w- c:\program files (x86)\freecordertoolbar\vmntemplateX.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
"{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}"= "c:\program files (x86)\freecordertoolbar\vmntemplateX.dll" [2011-06-24 81920]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-12-15 2292672]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-06 1242448]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-05-03 4321112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
eBook USB Driver.lnk - c:\program files (x86)\eBook Technologies\eBook USB Driver\TrayEBU.exe [2010-1-14 36864]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Bandoo\BndHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2008-06-11 468224]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-11 135664]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R3 03391360;03391360;c:\windows\system32\drivers\45000694.sys [x]
R3 07736222;07736222;c:\windows\system32\drivers\29282726.sys [x]
R3 21487290;21487290;c:\windows\system32\drivers\81878291.sys [x]
R3 42637477;42637477;c:\windows\system32\drivers\45143800.sys [x]
R3 75751116;75751116;c:\windows\system32\drivers\84598489.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-11 135664]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [x]
S3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2011-04-08 44480]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-11 01:42]
.
2012-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-11 01:42]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-11 8114720]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-11 1910016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 363544]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Blanca\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Blanca\AppData\Roaming\Mozilla\Firefox\Profiles\u6chgggi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20120126205143896&tb_oid=26-01-2012&tb_mrud=26-01-2012
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20120126205143896&tb_oid=26-01-2012&tb_mrud=26-01-2012&query=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Spotify - c:\users\Blanca\AppData\Roaming\Spotify\Spotify.exe
Wow6432Node-HKLM-RunOnce-Malwarebytes Anti-Malware (cleanup) - c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll
SafeBoot-21487290.sys
SafeBoot-42637477.sys
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
AddRemove-MinecraftCrack1.0 - c:\minecraftcrack\uninstall.exe
AddRemove-NSS - c:\program files (x86)\Norton Security Scan\Engine\2.7.0.52\InstWrap.exe
AddRemove-Savage2 - c:\users\Blanca\Downloads\uninstall.exe
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe
AddRemove-Spotify - c:\users\Blanca\AppData\Roaming\Spotify\Spotify.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1696579709-3731510357-1250199668-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1696579709-3731510357-1250199668-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:f5,9c,26,fc,88,d1,d1,ac,90,6c,43,42,34,41,34,db,46,01,27,8a,26,
bb,64,7e,e0,61,ec,fc,84,b1,e7,48,15,09,6a,93,3b,ad,90,bd,e2,18,f9,ac,d9,6d,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10r_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10r_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
@Denied: (3) (LocalSystem)
"AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000409
"ProductBase"=dword:00000000
"ProductCode"="{8DF6101A-F41C-44C6-BB7F-3325CF425031}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="3.0.667.0"
"UniqueId"="0002BEFA4B4E149C"
"ScannerBuild"=dword:00000bcb
"ScannerVersionId"=dword:00000c78
"ScannerVersion"=""
"ei2"=hex(B):fc,a6,57,6a,e8,01,c6,b2
"ei1"=hex(B):00,19,d1,6c,6d,65,00,00
"ei3"=hex(B):ab,30,52,4e,00,00,00,00
"ei4"=dword:00000006
"FixId"=dword:00000009
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:f5,9c,26,fc,88,d1,d1,ac,90,6c,43,42,34,41,34,db,46,01,27,8a,26,
bb,64,7e,e0,61,ec,fc,84,b1,e7,48,15,09,6a,93,3b,ad,90,bd,e2,18,f9,ac,d9,6d,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-02-16 21:31:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-17 03:31
.
Pre-Run: 196,952,199,168 bytes free
Post-Run: 201,813,991,424 bytes free
.
- - End Of File - - 9A5FA3BE31F6C2808D5AAABCE4EB3B75

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:03 PM

Posted 16 February 2012 - 11:45 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Axel55

Axel55
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 17 February 2012 - 05:27 PM

Here is the tddskiller log:16:04:33.0973 1100 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
16:04:34.0410 1100 ============================================================
16:04:34.0410 1100 Current date / time: 2012/02/17 16:04:34.0410
16:04:34.0410 1100 SystemInfo:
16:04:34.0410 1100
16:04:34.0410 1100 OS Version: 6.1.7600 ServicePack: 0.0
16:04:34.0410 1100 Product type: Workstation
16:04:34.0410 1100 ComputerName: BLANCA-PC
16:04:34.0410 1100 UserName: Blanca
16:04:34.0410 1100 Windows directory: C:\Windows
16:04:34.0410 1100 System windows directory: C:\Windows
16:04:34.0410 1100 Running under WOW64
16:04:34.0410 1100 Processor architecture: Intel x64
16:04:34.0410 1100 Number of processors: 2
16:04:34.0410 1100 Page size: 0x1000
16:04:34.0410 1100 Boot type: Safe boot with network
16:04:34.0410 1100 ============================================================
16:04:35.0393 1100 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:04:35.0409 1100 \Device\Harddisk0\DR0:
16:04:35.0409 1100 MBR used
16:04:35.0409 1100 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:04:35.0409 1100 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
16:04:35.0455 1100 Initialize success
16:04:35.0455 1100 ============================================================
16:04:38.0778 1068 ============================================================
16:04:38.0778 1068 Scan started
16:04:38.0778 1068 Mode: Manual;
16:04:38.0778 1068 ============================================================
16:04:40.0135 1068 03391360 (a76e27c387a1309564349992ea5462c0) C:\Windows\system32\drivers\45000694.sys
16:04:40.0135 1068 03391360 - ok
16:04:40.0182 1068 07736222 (a76e27c387a1309564349992ea5462c0) C:\Windows\system32\drivers\29282726.sys
16:04:40.0182 1068 07736222 - ok
16:04:40.0213 1068 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
16:04:40.0213 1068 1394ohci - ok
16:04:40.0245 1068 21487290 (a76e27c387a1309564349992ea5462c0) C:\Windows\system32\drivers\81878291.sys
16:04:40.0260 1068 21487290 - ok
16:04:40.0276 1068 42637477 (a76e27c387a1309564349992ea5462c0) C:\Windows\system32\drivers\45143800.sys
16:04:40.0276 1068 42637477 - ok
16:04:40.0307 1068 75751116 (a76e27c387a1309564349992ea5462c0) C:\Windows\system32\drivers\84598489.sys
16:04:40.0307 1068 75751116 - ok
16:04:40.0338 1068 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
16:04:40.0338 1068 ACPI - ok
16:04:40.0354 1068 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
16:04:40.0354 1068 AcpiPmi - ok
16:04:40.0385 1068 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:04:40.0401 1068 adp94xx - ok
16:04:40.0432 1068 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:04:40.0432 1068 adpahci - ok
16:04:40.0447 1068 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:04:40.0463 1068 adpu320 - ok
16:04:40.0494 1068 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
16:04:40.0510 1068 AFD - ok
16:04:40.0541 1068 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
16:04:40.0541 1068 agp440 - ok
16:04:40.0557 1068 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
16:04:40.0557 1068 aliide - ok
16:04:40.0588 1068 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
16:04:40.0588 1068 amdide - ok
16:04:40.0603 1068 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:04:40.0603 1068 AmdK8 - ok
16:04:40.0619 1068 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:04:40.0619 1068 AmdPPM - ok
16:04:40.0666 1068 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
16:04:40.0666 1068 amdsata - ok
16:04:40.0681 1068 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:04:40.0681 1068 amdsbs - ok
16:04:40.0713 1068 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
16:04:40.0713 1068 amdxata - ok
16:04:40.0759 1068 AnyDVD (9f06bb3ac3e362d6d111b49b9ae30373) C:\Windows\system32\Drivers\AnyDVD.sys
16:04:40.0759 1068 AnyDVD - ok
16:04:40.0759 1068 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
16:04:40.0759 1068 AppID - ok
16:04:40.0806 1068 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:04:40.0806 1068 arc - ok
16:04:40.0837 1068 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:04:40.0837 1068 arcsas - ok
16:04:40.0884 1068 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:04:40.0884 1068 AsyncMac - ok
16:04:40.0900 1068 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
16:04:40.0900 1068 atapi - ok
16:04:40.0947 1068 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:04:40.0947 1068 b06bdrv - ok
16:04:40.0978 1068 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:04:40.0978 1068 b57nd60a - ok
16:04:41.0009 1068 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:04:41.0009 1068 Beep - ok
16:04:41.0025 1068 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:04:41.0040 1068 blbdrive - ok
16:04:41.0087 1068 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
16:04:41.0087 1068 bowser - ok
16:04:41.0103 1068 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:04:41.0118 1068 BrFiltLo - ok
16:04:41.0134 1068 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:04:41.0134 1068 BrFiltUp - ok
16:04:41.0165 1068 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:04:41.0165 1068 BridgeMP - ok
16:04:41.0196 1068 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:04:41.0196 1068 Brserid - ok
16:04:41.0212 1068 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:04:41.0212 1068 BrSerWdm - ok
16:04:41.0243 1068 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:04:41.0243 1068 BrUsbMdm - ok
16:04:41.0259 1068 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:04:41.0259 1068 BrUsbSer - ok
16:04:41.0274 1068 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:04:41.0274 1068 BTHMODEM - ok
16:04:41.0290 1068 catchme - ok
16:04:41.0321 1068 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:04:41.0321 1068 cdfs - ok
16:04:41.0337 1068 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
16:04:41.0337 1068 cdrom - ok
16:04:41.0352 1068 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:04:41.0352 1068 circlass - ok
16:04:41.0399 1068 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:04:41.0415 1068 CLFS - ok
16:04:41.0446 1068 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:04:41.0446 1068 CmBatt - ok
16:04:41.0493 1068 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
16:04:41.0493 1068 cmdide - ok
16:04:41.0524 1068 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
16:04:41.0539 1068 CNG - ok
16:04:41.0555 1068 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:04:41.0555 1068 Compbatt - ok
16:04:41.0571 1068 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:04:41.0571 1068 CompositeBus - ok
16:04:41.0586 1068 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:04:41.0586 1068 crcdisk - ok
16:04:41.0617 1068 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
16:04:41.0633 1068 CSC - ok
16:04:41.0664 1068 dc3d (76e02db615a03801d698199a2bc4a06a) C:\Windows\system32\DRIVERS\dc3d.sys
16:04:41.0664 1068 dc3d - ok
16:04:41.0711 1068 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
16:04:41.0711 1068 DfsC - ok
16:04:41.0727 1068 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:04:41.0727 1068 discache - ok
16:04:41.0758 1068 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:04:41.0758 1068 Disk - ok
16:04:41.0805 1068 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
16:04:41.0805 1068 Dot4 - ok
16:04:41.0836 1068 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:04:41.0851 1068 Dot4Print - ok
16:04:41.0851 1068 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
16:04:41.0867 1068 dot4usb - ok
16:04:41.0898 1068 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:04:41.0898 1068 drmkaud - ok
16:04:41.0945 1068 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
16:04:41.0961 1068 DXGKrnl - ok
16:04:41.0992 1068 E100B (a6db3a7828b456a574243066e2e77d8c) C:\Windows\system32\DRIVERS\efe5b32e.sys
16:04:41.0992 1068 E100B - ok
16:04:42.0039 1068 eamon (9c7daed103d5b0c7e4a5206c8a4a8d54) C:\Windows\system32\DRIVERS\eamon.sys
16:04:42.0039 1068 eamon - ok
16:04:42.0054 1068 easdrv (cd3ac8476d16a8f00deb230b2f6f6fd8) C:\Windows\system32\DRIVERS\easdrv.sys
16:04:42.0070 1068 easdrv - ok
16:04:42.0148 1068 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:04:42.0195 1068 ebdrv - ok
16:04:42.0241 1068 ElbyCDIO (15814b675e9d08953f2c64e4e5ccb4f4) C:\Windows\system32\Drivers\ElbyCDIO.sys
16:04:42.0241 1068 ElbyCDIO - ok
16:04:42.0273 1068 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:04:42.0288 1068 elxstor - ok
16:04:42.0304 1068 epfwtdir (96215a0097016318b5c526d804eec09f) C:\Windows\system32\DRIVERS\epfwtdir.sys
16:04:42.0304 1068 epfwtdir - ok
16:04:42.0319 1068 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
16:04:42.0319 1068 ErrDev - ok
16:04:42.0351 1068 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:04:42.0366 1068 exfat - ok
16:04:42.0382 1068 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:04:42.0397 1068 fastfat - ok
16:04:42.0413 1068 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:04:42.0413 1068 fdc - ok
16:04:42.0444 1068 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:04:42.0444 1068 FileInfo - ok
16:04:42.0460 1068 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:04:42.0460 1068 Filetrace - ok
16:04:42.0475 1068 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:04:42.0475 1068 flpydisk - ok
16:04:42.0491 1068 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
16:04:42.0507 1068 FltMgr - ok
16:04:42.0522 1068 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:04:42.0522 1068 FsDepends - ok
16:04:42.0569 1068 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
16:04:42.0569 1068 fssfltr - ok
16:04:42.0585 1068 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:04:42.0585 1068 Fs_Rec - ok
16:04:42.0616 1068 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:04:42.0616 1068 fvevol - ok
16:04:42.0647 1068 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:04:42.0647 1068 gagp30kx - ok
16:04:42.0663 1068 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:04:42.0663 1068 GEARAspiWDM - ok
16:04:42.0741 1068 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:04:42.0741 1068 hcw85cir - ok
16:04:42.0772 1068 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:04:42.0772 1068 HDAudBus - ok
16:04:42.0787 1068 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:04:42.0787 1068 HidBatt - ok
16:04:42.0803 1068 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:04:42.0803 1068 HidBth - ok
16:04:42.0819 1068 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:04:42.0819 1068 HidIr - ok
16:04:42.0850 1068 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
16:04:42.0850 1068 HidUsb - ok
16:04:42.0897 1068 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
16:04:42.0897 1068 HpSAMD - ok
16:04:42.0928 1068 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
16:04:42.0928 1068 HTTP - ok
16:04:42.0943 1068 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
16:04:42.0959 1068 hwpolicy - ok
16:04:42.0959 1068 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
16:04:42.0959 1068 i8042prt - ok
16:04:43.0021 1068 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
16:04:43.0021 1068 iaStorV - ok
16:04:43.0193 1068 igfx (24cc43ecdeefd4c19fbbee4951b647f1) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:04:43.0271 1068 igfx - ok
16:04:43.0302 1068 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:04:43.0302 1068 iirsp - ok
16:04:43.0380 1068 IntcAzAudAddService (5ba1779e2c84fde2a5e201fff9c42c9c) C:\Windows\system32\drivers\RTKVHD64.sys
16:04:43.0396 1068 IntcAzAudAddService - ok
16:04:43.0411 1068 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
16:04:43.0411 1068 intelide - ok
16:04:43.0443 1068 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:04:43.0443 1068 intelppm - ok
16:04:43.0474 1068 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:04:43.0474 1068 IpFilterDriver - ok
16:04:43.0489 1068 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:04:43.0505 1068 IPMIDRV - ok
16:04:43.0521 1068 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:04:43.0521 1068 IPNAT - ok
16:04:43.0552 1068 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:04:43.0552 1068 IRENUM - ok
16:04:43.0567 1068 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
16:04:43.0583 1068 isapnp - ok
16:04:43.0599 1068 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
16:04:43.0599 1068 iScsiPrt - ok
16:04:43.0614 1068 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:04:43.0630 1068 kbdclass - ok
16:04:43.0645 1068 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
16:04:43.0645 1068 kbdhid - ok
16:04:43.0677 1068 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
16:04:43.0677 1068 KSecDD - ok
16:04:43.0708 1068 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
16:04:43.0708 1068 KSecPkg - ok
16:04:43.0723 1068 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:04:43.0723 1068 ksthunk - ok
16:04:43.0786 1068 libusb0 (02538e602280c07438c94489dcbe77d5) C:\Windows\system32\drivers\libusb0.sys
16:04:43.0786 1068 libusb0 - ok
16:04:43.0801 1068 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:04:43.0801 1068 lltdio - ok
16:04:43.0833 1068 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:04:43.0833 1068 LSI_FC - ok
16:04:43.0864 1068 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:04:43.0864 1068 LSI_SAS - ok
16:04:43.0879 1068 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:04:43.0879 1068 LSI_SAS2 - ok
16:04:43.0911 1068 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:04:43.0911 1068 LSI_SCSI - ok
16:04:43.0926 1068 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:04:43.0926 1068 luafv - ok
16:04:43.0973 1068 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
16:04:43.0973 1068 MBAMProtector - ok
16:04:44.0004 1068 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:04:44.0004 1068 megasas - ok
16:04:44.0020 1068 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:04:44.0035 1068 MegaSR - ok
16:04:44.0051 1068 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:04:44.0051 1068 Modem - ok
16:04:44.0082 1068 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:04:44.0082 1068 monitor - ok
16:04:44.0145 1068 MotioninJoyXFilter (fc44ad48746ffa5fd640ef1260ab5ec2) C:\Windows\system32\DRIVERS\MijXfilt.sys
16:04:44.0145 1068 MotioninJoyXFilter - ok
16:04:44.0145 1068 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:04:44.0160 1068 mouclass - ok
16:04:44.0176 1068 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:04:44.0176 1068 mouhid - ok
16:04:44.0191 1068 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
16:04:44.0191 1068 mountmgr - ok
16:04:44.0207 1068 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
16:04:44.0207 1068 mpio - ok
16:04:44.0223 1068 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:04:44.0238 1068 mpsdrv - ok
16:04:44.0254 1068 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
16:04:44.0254 1068 MRxDAV - ok
16:04:44.0285 1068 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:04:44.0285 1068 mrxsmb - ok
16:04:44.0316 1068 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:04:44.0316 1068 mrxsmb10 - ok
16:04:44.0347 1068 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:04:44.0347 1068 mrxsmb20 - ok
16:04:44.0347 1068 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
16:04:44.0347 1068 msahci - ok
16:04:44.0394 1068 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
16:04:44.0394 1068 msdsm - ok
16:04:44.0425 1068 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:04:44.0425 1068 Msfs - ok
16:04:44.0441 1068 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:04:44.0441 1068 mshidkmdf - ok
16:04:44.0457 1068 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
16:04:44.0457 1068 msisadrv - ok
16:04:44.0488 1068 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:04:44.0488 1068 MSKSSRV - ok
16:04:44.0519 1068 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:04:44.0519 1068 MSPCLOCK - ok
16:04:44.0535 1068 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:04:44.0535 1068 MSPQM - ok
16:04:44.0566 1068 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
16:04:44.0566 1068 MsRPC - ok
16:04:44.0581 1068 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
16:04:44.0581 1068 mssmbios - ok
16:04:44.0597 1068 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:04:44.0597 1068 MSTEE - ok
16:04:44.0613 1068 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:04:44.0628 1068 MTConfig - ok
16:04:44.0644 1068 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:04:44.0644 1068 Mup - ok
16:04:44.0675 1068 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:04:44.0675 1068 NativeWifiP - ok
16:04:44.0706 1068 NDIS (467d2c33b82990603e9e90fe96b034c3) C:\Windows\system32\drivers\ndis.sys
16:04:44.0722 1068 NDIS - ok
16:04:44.0753 1068 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:04:44.0753 1068 NdisCap - ok
16:04:44.0769 1068 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:04:44.0769 1068 NdisTapi - ok
16:04:44.0784 1068 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
16:04:44.0784 1068 Ndisuio - ok
16:04:44.0800 1068 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:04:44.0800 1068 NdisWan - ok
16:04:44.0831 1068 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
16:04:44.0831 1068 NDProxy - ok
16:04:44.0862 1068 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:04:44.0862 1068 NetBIOS - ok
16:04:44.0878 1068 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
16:04:44.0893 1068 NetBT - ok
16:04:44.0987 1068 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:04:45.0003 1068 nfrd960 - ok
16:04:45.0112 1068 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:04:45.0112 1068 Npfs - ok
16:04:45.0127 1068 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:04:45.0127 1068 nsiproxy - ok
16:04:45.0205 1068 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
16:04:45.0221 1068 Ntfs - ok
16:04:45.0252 1068 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:04:45.0252 1068 Null - ok
16:04:45.0268 1068 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
16:04:45.0283 1068 nvraid - ok
16:04:45.0315 1068 nvrd64 (5266d03c0628fae9c35f40eec078fc88) C:\Windows\system32\DRIVERS\nvrd64.sys
16:04:45.0315 1068 nvrd64 - ok
16:04:45.0330 1068 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
16:04:45.0330 1068 nvsmu - ok
16:04:45.0361 1068 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
16:04:45.0377 1068 nvstor - ok
16:04:45.0424 1068 nvstor64 (2a718473ede7032a508a8f44c633657f) C:\Windows\system32\DRIVERS\nvstor64.sys
16:04:45.0424 1068 nvstor64 - ok
16:04:45.0455 1068 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
16:04:45.0455 1068 nv_agp - ok
16:04:45.0486 1068 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
16:04:45.0486 1068 ohci1394 - ok
16:04:45.0533 1068 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:04:45.0533 1068 Parport - ok
16:04:45.0549 1068 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
16:04:45.0549 1068 partmgr - ok
16:04:45.0564 1068 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
16:04:45.0580 1068 pci - ok
16:04:45.0595 1068 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
16:04:45.0595 1068 pciide - ok
16:04:45.0611 1068 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:04:45.0611 1068 pcmcia - ok
16:04:45.0642 1068 pcouffin (899e41a057038cb5be892fe428bdc576) C:\Windows\system32\Drivers\pcouffin.sys
16:04:45.0642 1068 pcouffin - ok
16:04:45.0673 1068 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:04:45.0673 1068 pcw - ok
16:04:45.0705 1068 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:04:45.0705 1068 PEAUTH - ok
16:04:45.0798 1068 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
16:04:45.0798 1068 PptpMiniport - ok
16:04:45.0814 1068 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:04:45.0829 1068 Processor - ok
16:04:45.0845 1068 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
16:04:45.0845 1068 Psched - ok
16:04:45.0892 1068 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
16:04:45.0892 1068 PxHlpa64 - ok
16:04:45.0954 1068 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:04:45.0970 1068 ql2300 - ok
16:04:46.0001 1068 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:04:46.0001 1068 ql40xx - ok
16:04:46.0017 1068 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:04:46.0032 1068 QWAVEdrv - ok
16:04:46.0048 1068 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:04:46.0048 1068 RasAcd - ok
16:04:46.0079 1068 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:04:46.0079 1068 RasAgileVpn - ok
16:04:46.0110 1068 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:04:46.0110 1068 Rasl2tp - ok
16:04:46.0126 1068 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:04:46.0126 1068 RasPppoe - ok
16:04:46.0141 1068 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:04:46.0157 1068 RasSstp - ok
16:04:46.0188 1068 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
16:04:46.0188 1068 rdbss - ok
16:04:46.0204 1068 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:04:46.0204 1068 rdpbus - ok
16:04:46.0219 1068 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:04:46.0219 1068 RDPCDD - ok
16:04:46.0251 1068 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
16:04:46.0251 1068 RDPDR - ok
16:04:46.0266 1068 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:04:46.0282 1068 RDPENCDD - ok
16:04:46.0297 1068 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:04:46.0297 1068 RDPREFMP - ok
16:04:46.0313 1068 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
16:04:46.0313 1068 RDPWD - ok
16:04:46.0344 1068 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
16:04:46.0344 1068 rdyboost - ok
16:04:46.0375 1068 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:04:46.0375 1068 rspndr - ok
16:04:46.0407 1068 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
16:04:46.0407 1068 s3cap - ok
16:04:46.0422 1068 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
16:04:46.0422 1068 sbp2port - ok
16:04:46.0453 1068 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
16:04:46.0453 1068 scfilter - ok
16:04:46.0469 1068 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:04:46.0469 1068 secdrv - ok
16:04:46.0516 1068 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:04:46.0516 1068 Serenum - ok
16:04:46.0531 1068 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:04:46.0547 1068 Serial - ok
16:04:46.0563 1068 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:04:46.0563 1068 sermouse - ok
16:04:46.0594 1068 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
16:04:46.0594 1068 sffdisk - ok
16:04:46.0625 1068 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:04:46.0625 1068 sffp_mmc - ok
16:04:46.0641 1068 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:04:46.0656 1068 sffp_sd - ok
16:04:46.0687 1068 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:04:46.0687 1068 sfloppy - ok
16:04:46.0703 1068 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:04:46.0703 1068 SiSRaid2 - ok
16:04:46.0734 1068 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:04:46.0734 1068 SiSRaid4 - ok
16:04:46.0750 1068 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:04:46.0750 1068 Smb - ok
16:04:46.0781 1068 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:04:46.0781 1068 spldr - ok
16:04:46.0843 1068 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
16:04:46.0843 1068 srv - ok
16:04:46.0875 1068 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
16:04:46.0875 1068 srv2 - ok
16:04:46.0906 1068 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
16:04:46.0921 1068 srvnet - ok
16:04:46.0953 1068 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:04:46.0953 1068 stexstor - ok
16:04:46.0984 1068 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
16:04:46.0984 1068 storflt - ok
16:04:46.0999 1068 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
16:04:46.0999 1068 storvsc - ok
16:04:47.0031 1068 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
16:04:47.0031 1068 swenum - ok
16:04:47.0124 1068 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
16:04:47.0155 1068 Tcpip - ok
16:04:47.0202 1068 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
16:04:47.0218 1068 TCPIP6 - ok
16:04:47.0249 1068 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
16:04:47.0249 1068 tcpipreg - ok
16:04:47.0265 1068 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:04:47.0265 1068 TDPIPE - ok
16:04:47.0296 1068 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:04:47.0296 1068 TDTCP - ok
16:04:47.0311 1068 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
16:04:47.0311 1068 tdx - ok
16:04:47.0327 1068 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
16:04:47.0327 1068 TermDD - ok
16:04:47.0374 1068 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:04:47.0374 1068 tssecsrv - ok
16:04:47.0389 1068 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
16:04:47.0389 1068 tunnel - ok
16:04:47.0405 1068 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:04:47.0405 1068 uagp35 - ok
16:04:47.0452 1068 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
16:04:47.0452 1068 udfs - ok
16:04:47.0483 1068 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
16:04:47.0483 1068 uliagpkx - ok
16:04:47.0499 1068 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
16:04:47.0499 1068 umbus - ok
16:04:47.0530 1068 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:04:47.0545 1068 UmPass - ok
16:04:47.0577 1068 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
16:04:47.0577 1068 USBAAPL64 - ok
16:04:47.0623 1068 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
16:04:47.0623 1068 usbaudio - ok
16:04:47.0670 1068 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
16:04:47.0670 1068 usbccgp - ok
16:04:47.0701 1068 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
16:04:47.0701 1068 usbcir - ok
16:04:47.0733 1068 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
16:04:47.0733 1068 usbehci - ok
16:04:47.0779 1068 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
16:04:47.0795 1068 usbhub - ok
16:04:47.0826 1068 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
16:04:47.0826 1068 usbohci - ok
16:04:47.0842 1068 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:04:47.0842 1068 usbprint - ok
16:04:47.0873 1068 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:04:47.0889 1068 usbscan - ok
16:04:47.0904 1068 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:04:47.0904 1068 USBSTOR - ok
16:04:47.0951 1068 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
16:04:47.0951 1068 usbuhci - ok
16:04:47.0967 1068 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
16:04:47.0982 1068 vdrvroot - ok
16:04:47.0998 1068 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:04:47.0998 1068 vga - ok
16:04:48.0029 1068 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:04:48.0029 1068 VgaSave - ok
16:04:48.0045 1068 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
16:04:48.0060 1068 vhdmp - ok
16:04:48.0076 1068 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
16:04:48.0076 1068 viaide - ok
16:04:48.0107 1068 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
16:04:48.0107 1068 vmbus - ok
16:04:48.0123 1068 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
16:04:48.0123 1068 VMBusHID - ok
16:04:48.0154 1068 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
16:04:48.0154 1068 volmgr - ok
16:04:48.0170 1068 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
16:04:48.0185 1068 volmgrx - ok
16:04:48.0201 1068 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
16:04:48.0216 1068 volsnap - ok
16:04:48.0248 1068 vpcbus (7254b4f4a59f9d18b49caf8aa0428631) C:\Windows\system32\DRIVERS\vpchbus.sys
16:04:48.0248 1068 vpcbus - ok
16:04:48.0279 1068 vpcnfltr (ed501cebf6f571fcce55887bdf4888ea) C:\Windows\system32\DRIVERS\vpcnfltr.sys
16:04:48.0279 1068 vpcnfltr - ok
16:04:48.0310 1068 vpcusb (2ce21ffd391fe21763ddc32b1caaba7d) C:\Windows\system32\DRIVERS\vpcusb.sys
16:04:48.0310 1068 vpcusb - ok
16:04:48.0326 1068 vpcvmm (c3f658cd063ea677fccbb620167b44c8) C:\Windows\system32\drivers\vpcvmm.sys
16:04:48.0341 1068 vpcvmm - ok
16:04:48.0357 1068 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:04:48.0357 1068 vsmraid - ok
16:04:48.0388 1068 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:04:48.0388 1068 vwifibus - ok
16:04:48.0466 1068 VX3000 (c366ae91d2cc2c1c25380061d235c36b) C:\Windows\system32\DRIVERS\VX3000.sys
16:04:48.0482 1068 VX3000 - ok
16:04:48.0528 1068 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:04:48.0528 1068 WacomPen - ok
16:04:48.0544 1068 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
16:04:48.0544 1068 WANARP - ok
16:04:48.0544 1068 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
16:04:48.0544 1068 Wanarpv6 - ok
16:04:48.0591 1068 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:04:48.0591 1068 Wd - ok
16:04:48.0622 1068 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:04:48.0638 1068 Wdf01000 - ok
16:04:48.0669 1068 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:04:48.0669 1068 WfpLwf - ok
16:04:48.0684 1068 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:04:48.0684 1068 WIMMount - ok
16:04:48.0747 1068 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
16:04:48.0747 1068 WinUsb - ok
16:04:48.0794 1068 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:04:48.0794 1068 WmiAcpi - ok
16:04:48.0840 1068 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:04:48.0840 1068 ws2ifsl - ok
16:04:48.0887 1068 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
16:04:48.0887 1068 WudfPf - ok
16:04:48.0918 1068 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:04:48.0918 1068 WUDFRd - ok
16:04:48.0981 1068 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
16:04:48.0981 1068 xusb21 - ok
16:04:49.0012 1068 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
16:04:49.0028 1068 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
16:04:49.0028 1068 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
16:04:49.0059 1068 Boot (0x1200) (f9e168c7833d8f0b4d57684c9efc6b82) \Device\Harddisk0\DR0\Partition0
16:04:49.0074 1068 \Device\Harddisk0\DR0\Partition0 - ok
16:04:49.0074 1068 Boot (0x1200) (6f94d7459efefb335b0dec175f5b1365) \Device\Harddisk0\DR0\Partition1
16:04:49.0074 1068 \Device\Harddisk0\DR0\Partition1 - ok
16:04:49.0074 1068 ============================================================
16:04:49.0074 1068 Scan finished
16:04:49.0074 1068 ============================================================
16:04:49.0090 1496 Detected object count: 1
16:04:49.0090 1496 Actual detected object count: 1
16:05:03.0672 1496 \Device\Harddisk0\DR0\# - copied to quarantine
16:05:03.0672 1496 \Device\Harddisk0\DR0 - copied to quarantine
16:05:03.0700 1496 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
16:05:03.0702 1496 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
16:05:03.0705 1496 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
16:05:03.0713 1496 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
16:05:03.0719 1496 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
16:05:03.0720 1496 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
16:05:03.0721 1496 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
16:05:03.0722 1496 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
16:05:03.0724 1496 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
16:05:03.0726 1496 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
16:05:03.0727 1496 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
16:05:03.0729 1496 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
16:05:03.0730 1496 \Device\Harddisk0\DR0 - ok
16:05:03.0733 1496 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
16:05:17.0617 0108 Deinitialize success

#6 Axel55

Axel55
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 17 February 2012 - 05:52 PM

Here is the aswMBR log:

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-17 16:23:25
-----------------------------
16:23:25.641 OS Version: Windows x64 6.1.7600
16:23:25.641 Number of processors: 2 586 0xF02
16:23:25.656 ComputerName: BLANCA-PC UserName: Blanca
16:23:26.873 Initialize success
16:23:34.377 AVAST engine defs: 12021701
16:23:37.341 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
16:23:37.341 Disk 0 Vendor: SAMSUNG_HD322HJ 1AG01118 Size: 305245MB BusType: 3
16:23:37.372 Disk 0 MBR read successfully
16:23:37.372 Disk 0 MBR scan
16:23:37.372 Disk 0 Windows 7 default MBR code
16:23:37.434 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:23:37.450 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
16:23:37.465 Service scanning
16:23:38.932 Modules scanning
16:23:38.932 Disk 0 trace - called modules:
16:23:38.947 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
16:23:38.963 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8001aff220]
16:23:38.979 3 CLASSPNP.SYS[fffff880010f243f] -> nt!IofCallDriver -> [0xfffffa8000c5f670]
16:23:38.979 5 ACPI.sys[fffff88000f56781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa8000c82060]
16:23:39.618 AVAST engine scan C:\Windows
16:23:55.296 AVAST engine scan C:\Windows\system32
16:28:26.151 AVAST engine scan C:\Windows\system32\drivers
16:28:36.759 AVAST engine scan C:\Users\Blanca
16:48:40.458 AVAST engine scan C:\ProgramData
16:49:58.972 Scan finished successfully
16:50:21.951 Disk 0 MBR has been saved successfully to "C:\Users\Blanca\Desktop\MBR.dat"
16:50:21.951 The log file has been saved successfully to "C:\Users\Blanca\Desktop\aswMBR.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:03 PM

Posted 17 February 2012 - 09:13 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

KillAll::

File::
c:\windows\system32\drivers\45000694.sys
c:\windows\system32\drivers\84598489.sys
c:\windows\system32\drivers\45143800.sys
c:\windows\system32\drivers\29282726.sys
c:\windows\system32\drivers\81878291.sys

Folder::
c:\program files (x86)\ConduitEngine
c:\program files (x86)\freecordertoolbar
c:\progra~2\Bandoo

Driver::
07736222
21487290
42637477
75751116


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Axel55

Axel55
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 17 February 2012 - 10:10 PM

My computer can finally run without blue screening so it must have helped. i can see no problems now.
here is the log:


ComboFix 12-02-16.02 - Blanca 17/02/2012 20:39:52.3.2 - x64 NETWORK
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.1013.205 [GMT -6:00]
Running from: c:\users\Blanca\Desktop\Downloads\ComboFix.exe
Command switches used :: c:\users\Blanca\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\system32\drivers\29282726.sys"
"c:\windows\system32\drivers\45000694.sys"
"c:\windows\system32\drivers\45143800.sys"
"c:\windows\system32\drivers\81878291.sys"
"c:\windows\system32\drivers\84598489.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~2\Bandoo
c:\progra~2\Bandoo\BandooRes.dll
c:\progra~2\Bandoo\BndHook.dll
c:\progra~2\Bandoo\CrashRpt.dll
c:\progra~2\Bandoo\FFSettings.exe
c:\progra~2\Bandoo\FlashAnimator.dll
c:\progra~2\Bandoo\GIFAnimator.dll
c:\progra~2\Bandoo\INSTALL.LOG
c:\progra~2\Bandoo\InstallerHelper.dll
c:\progra~2\Bandoo\libungif4.dll
c:\progra~2\Bandoo\license.rtf
c:\progra~2\Bandoo\Plugins.ini
c:\progra~2\Bandoo\Plugins\AIM\Resources\HTML\blank.html
c:\progra~2\Bandoo\Plugins\AIM\Resources\HTML\error.html
c:\progra~2\Bandoo\Plugins\AIM\Resources\Toolbar\BandooToolbar.xml
c:\progra~2\Bandoo\Plugins\AIM\Resources\Toolbar\BandooToolbarV7.xml
c:\progra~2\Bandoo\Plugins\AIM\Resources\Toolbar\Images\1001.dat
c:\progra~2\Bandoo\Plugins\AIM\Resources\Toolbar\Images\1002.dat
c:\progra~2\Bandoo\Plugins\AIM\Resources\Toolbar\Images\1003.dat
c:\progra~2\Bandoo\Plugins\AIM\Resources\Toolbar\Images\1004.dat
c:\progra~2\Bandoo\Plugins\AIM\Resources\Toolbar\Images\1005.dat
c:\progra~2\Bandoo\Plugins\AIM\Resources\Toolbar\Images\1006.dat
c:\progra~2\Bandoo\Plugins\AIM\Resources\Toolbar\Images\1007.dat
c:\progra~2\Bandoo\Plugins\AIM\Resources\Toolbar\Images\1007.over.dat
c:\progra~2\Bandoo\Plugins\AIM\Resources\Toolbar\Images\1008.dat
c:\progra~2\Bandoo\Plugins\AIM\Resources\Toolbar\Images\1008.over.dat
c:\progra~2\Bandoo\Plugins\AIM\Resources\Toolbar\Images\1009.dat
c:\progra~2\Bandoo\Plugins\AIM\Resources\Toolbar\Images\1009.over.dat
c:\progra~2\Bandoo\Plugins\AIM\Resources\Toolbar\Images\1010.dat
c:\progra~2\Bandoo\Plugins\AIM\Resources\Toolbar\Images\1010.over.dat
c:\progra~2\Bandoo\Plugins\AIM\Resources\Toolbar\Images\1011.dat
c:\progra~2\Bandoo\Plugins\AIM\Resources\Toolbar\Images\1011.over.dat
c:\progra~2\Bandoo\Plugins\AIM\Resources\Toolbar\Images\1012.dat
c:\progra~2\Bandoo\Plugins\AIM\Resources\Toolbar\Images\1012.over.dat
c:\progra~2\Bandoo\Plugins\AIM\Resources\Toolbar\Images\1013.dat
c:\progra~2\Bandoo\Plugins\AIM\Resources\Toolbar\Images\1013.over.dat
c:\progra~2\Bandoo\Plugins\AIM\Resources\Toolbar\Images\1014.dat
c:\progra~2\Bandoo\Plugins\AIM\Resources\Toolbar\Images\tlb_center.gif
c:\progra~2\Bandoo\Plugins\AIM\Resources\Toolbar\Images\tlb_left.gif
c:\progra~2\Bandoo\Plugins\AIM\Resources\Toolbar\Images\tlb_right.gif
c:\progra~2\Bandoo\Plugins\IE\Resources\bandoo.js
c:\progra~2\Bandoo\Plugins\IE\Resources\HTML\blank.html
c:\progra~2\Bandoo\Plugins\IE\Resources\HTML\error.html
c:\progra~2\Bandoo\Plugins\MSN\Resources\HTML\blank.html
c:\progra~2\Bandoo\Plugins\MSN\Resources\HTML\error.html
c:\progra~2\Bandoo\Plugins\MSN\Resources\Toolbar\BandooToolbar.xml
c:\progra~2\Bandoo\Plugins\MSN\Resources\Toolbar\Images\1001.dat
c:\progra~2\Bandoo\Plugins\MSN\Resources\Toolbar\Images\1002.dat
c:\progra~2\Bandoo\Plugins\MSN\Resources\Toolbar\Images\1003.dat
c:\progra~2\Bandoo\Plugins\MSN\Resources\Toolbar\Images\1004.dat
c:\progra~2\Bandoo\Plugins\MSN\Resources\Toolbar\Images\1005.dat
c:\progra~2\Bandoo\Plugins\MSN\Resources\Toolbar\Images\1006.dat
c:\progra~2\Bandoo\Plugins\MSN\Resources\Toolbar\Images\1011.dat
c:\progra~2\Bandoo\Plugins\MSN\Resources\Toolbar\Images\1012.dat
c:\progra~2\Bandoo\Plugins\MSN\Resources\Toolbar\Images\1013.dat
c:\progra~2\Bandoo\Plugins\MSN\Resources\Toolbar\Images\1014.dat
c:\progra~2\Bandoo\Plugins\Yahoo\Resources\HTML\blank.html
c:\progra~2\Bandoo\Plugins\Yahoo\Resources\HTML\error.html
c:\progra~2\Bandoo\Plugins\Yahoo\Resources\Toolbar\BandooToolbar.xml
c:\progra~2\Bandoo\Plugins\Yahoo\Resources\Toolbar\BandooToolbarV9.xml
c:\progra~2\Bandoo\Plugins\Yahoo\Resources\Toolbar\Images\1001.dat
c:\progra~2\Bandoo\Plugins\Yahoo\Resources\Toolbar\Images\1002.dat
c:\progra~2\Bandoo\Plugins\Yahoo\Resources\Toolbar\Images\1003.dat
c:\progra~2\Bandoo\Plugins\Yahoo\Resources\Toolbar\Images\1004.dat
c:\progra~2\Bandoo\Plugins\Yahoo\Resources\Toolbar\Images\1005.dat
c:\progra~2\Bandoo\Plugins\Yahoo\Resources\Toolbar\Images\1006.dat
c:\progra~2\Bandoo\Plugins\Yahoo\Resources\Toolbar\Images\1051.dat
c:\progra~2\Bandoo\Plugins\Yahoo\Resources\Toolbar\Images\1052.dat
c:\progra~2\Bandoo\Plugins\Yahoo\Resources\Toolbar\Images\1053.dat
c:\progra~2\Bandoo\Plugins\Yahoo\Resources\Toolbar\Images\1054.dat
c:\progra~2\Bandoo\Plugins\Yahoo\Resources\Toolbar\Images\1055.dat
c:\progra~2\Bandoo\Plugins\Yahoo\Resources\Toolbar\Images\1056.dat
c:\progra~2\Bandoo\Plugins\Yahoo\Resources\Toolbar\Images\1057.dat
c:\progra~2\Bandoo\Plugins\Yahoo\YahooPlugin.dll
c:\progra~2\Bandoo\PreUninstall.exe
c:\progra~2\Bandoo\Resources\BandooMessages.xml
c:\progra~2\Bandoo\Resources\downloading.gif
c:\progra~2\Bandoo\Resources\nudge0.wav
c:\progra~2\Bandoo\Resources\nudge1.wav
c:\progra~2\Bandoo\Resources\nudge2.wav
c:\progra~2\Bandoo\Resources\nudge3.wav
c:\progra~2\Bandoo\Resources\nudge4.wav
c:\progra~2\Bandoo\Resources\nudge5.wav
c:\progra~2\Bandoo\Resources\tutorial\images\bottomBg.gif
c:\progra~2\Bandoo\Resources\tutorial\images\close.gif
c:\progra~2\Bandoo\Resources\tutorial\images\contentBg.gif
c:\progra~2\Bandoo\Resources\tutorial\images\installation_page_frame.swf
c:\progra~2\Bandoo\Resources\tutorial\images\screen.jpg
c:\progra~2\Bandoo\Resources\tutorial\images\startMenuTopText.gif
c:\progra~2\Bandoo\Resources\tutorial\images\topBg.gif
c:\progra~2\Bandoo\Resources\tutorial\images\what_next.gif
c:\progra~2\Bandoo\Resources\tutorial\tutorial.html
c:\progra~2\Bandoo\UNWISE.EXE
c:\program files (x86)\ConduitEngine
c:\program files (x86)\ConduitEngine\appContextMenu.xml
c:\program files (x86)\ConduitEngine\ConduitEngine.dll
c:\program files (x86)\ConduitEngine\ConduitEngineHelper.exe
c:\program files (x86)\ConduitEngine\engineContextMenu.xml
c:\program files (x86)\ConduitEngine\EngineSettings.json
c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
c:\program files (x86)\ConduitEngine\toolbar.cfg
c:\program files (x86)\freecordertoolbar
c:\program files (x86)\freecordertoolbar\chrome\content\lib\about.xml
c:\program files (x86)\freecordertoolbar\chrome\content\lib\dtxpanel.xul
c:\program files (x86)\freecordertoolbar\chrome\content\lib\dtxpaneltransparent.xul
c:\program files (x86)\freecordertoolbar\chrome\content\lib\dtxpanelwin.xul
c:\program files (x86)\freecordertoolbar\chrome\content\lib\dtxprefwin.xul
c:\program files (x86)\freecordertoolbar\chrome\content\lib\dtxtransparentwin.xul
c:\program files (x86)\freecordertoolbar\chrome\content\lib\dtxwin.xul
c:\program files (x86)\freecordertoolbar\chrome\content\lib\emailnotifierproviders.xml
c:\program files (x86)\freecordertoolbar\chrome\content\lib\external.js
c:\program files (x86)\freecordertoolbar\chrome\content\lib\neterror.xhtml
c:\program files (x86)\freecordertoolbar\chrome\content\lib\rsspreview.html
c:\program files (x86)\freecordertoolbar\chrome\content\lib\rsswin.xml
c:\program files (x86)\freecordertoolbar\chrome\content\lib\rsswin.xsl
c:\program files (x86)\freecordertoolbar\chrome\content\lib\vmncode.js
c:\program files (x86)\freecordertoolbar\chrome\content\lib\wmpstreamer.html
c:\program files (x86)\freecordertoolbar\chrome\content\modules\datastore.jsm
c:\program files (x86)\freecordertoolbar\chrome\content\modules\nsDragAndDrop.js
c:\program files (x86)\freecordertoolbar\chrome\content\neterror.xhtml
c:\program files (x86)\freecordertoolbar\chrome\content\newtab\images\btn_search.gif
c:\program files (x86)\freecordertoolbar\chrome\content\newtab\images\bullet.gif
c:\program files (x86)\freecordertoolbar\chrome\content\newtab\images\field_bg.gif
c:\program files (x86)\freecordertoolbar\chrome\content\newtab\images\powered_by_yahoo.gif
c:\program files (x86)\freecordertoolbar\chrome\content\newtab\newtab.html
c:\program files (x86)\freecordertoolbar\chrome\content\newtab\newtab_mystart.html
c:\program files (x86)\freecordertoolbar\chrome\content\newtab\newtab_yahoo.html
c:\program files (x86)\freecordertoolbar\chrome\content\preferences.xml
c:\program files (x86)\freecordertoolbar\chrome\content\template.xml
c:\program files (x86)\freecordertoolbar\chrome\content\toolbar.htm
c:\program files (x86)\freecordertoolbar\chrome\content\toolbar.xul
c:\program files (x86)\freecordertoolbar\chrome\content\vmncode.js
c:\program files (x86)\freecordertoolbar\chrome\content\vmnrsswin.xml
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\country.json
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\css\dialog.css
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\css\videoplayer.css
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\favorites.json
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\arrow-grey.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\arrows_grey-left.gif
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\arrows_grey-right.gif
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\back.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\btn-search-over.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\btn-search.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\delete.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\scrollb-disable.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\scrollb-down.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\scrollb.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\scrollt-disable.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\scrollt-down.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\scrollt.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\star-grey.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\star.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-arrow-hover.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-arrow.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-off-l.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-off-r.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-on-l.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-on-r.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-over-l.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-over-r.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-red-left.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-red-mdl.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-red-right.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-white-left.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-white-mdl.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-white-right.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\throbber.gif
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\vid-bg.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\index.html
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\function.js
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\jquery-1.4.2.min.js
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\jquery.autocomplete.min.js
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\jquery.event.wheel.js
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\jquery.jlembed.js
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\jquery.scrollTo-min.js
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\jquery.url.js
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\JSON.js
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\main.js
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\videoplayer.js
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\css\dialog.css
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\bg.gif
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-search.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-wide-close-over.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-wide-close.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\default.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\Thumbs.db
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\transparent.gif
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-left.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-mdl.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-right-resize.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-right.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\main.html
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\scripts\defscript.js
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\tb_icon.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\videoplayer.html
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget.js
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget.jsw
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget.xml
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget_version.txt
c:\program files (x86)\freecordertoolbar\chrome\data\dynamicElements\vmntoolbar.xsl
c:\program files (x86)\freecordertoolbar\chrome\data\product.xml
c:\program files (x86)\freecordertoolbar\chrome\data\rss\rss.xml
c:\program files (x86)\freecordertoolbar\chrome\data\search\engines.xml
c:\program files (x86)\freecordertoolbar\chrome\data\search\search.xsl
c:\program files (x86)\freecordertoolbar\chrome\data\weather\icons.xml
c:\program files (x86)\freecordertoolbar\chrome\skin\1x1_png
c:\program files (x86)\freecordertoolbar\chrome\skin\about.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\about_logo.png
c:\program files (x86)\freecordertoolbar\chrome\skin\babylon_logo.png
c:\program files (x86)\freecordertoolbar\chrome\skin\bluelite.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\bluesky.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\btn-search-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\btn-search.png
c:\program files (x86)\freecordertoolbar\chrome\skin\btn-settings-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\btn-settings.png
c:\program files (x86)\freecordertoolbar\chrome\skin\btn-widgets-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\btn-widgets.png
c:\program files (x86)\freecordertoolbar\chrome\skin\btn_settings.png
c:\program files (x86)\freecordertoolbar\chrome\skin\ca.png
c:\program files (x86)\freecordertoolbar\chrome\skin\convert_png
c:\program files (x86)\freecordertoolbar\chrome\skin\dictionary.png
c:\program files (x86)\freecordertoolbar\chrome\skin\divider.png
c:\program files (x86)\freecordertoolbar\chrome\skin\downloadcom.png
c:\program files (x86)\freecordertoolbar\chrome\skin\dtxlogo.png
c:\program files (x86)\freecordertoolbar\chrome\skin\email.png
c:\program files (x86)\freecordertoolbar\chrome\skin\email_on.png
c:\program files (x86)\freecordertoolbar\chrome\skin\facebook.png
c:\program files (x86)\freecordertoolbar\chrome\skin\freecoder_small_Logo_png
c:\program files (x86)\freecordertoolbar\chrome\skin\freecoder_small_Logo2_png
c:\program files (x86)\freecordertoolbar\chrome\skin\freecoder_small_Logo3_png
c:\program files (x86)\freecordertoolbar\chrome\skin\freecorder_logo5_small_png
c:\program files (x86)\freecordertoolbar\chrome\skin\games.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphna.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphred0.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphred0_5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphred1.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphred1_5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphred2.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphred2_5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphred3.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphred3_5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphred4.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphred4_5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphred5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphredna.png
c:\program files (x86)\freecordertoolbar\chrome\skin\grey.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\ico-shield.png
c:\program files (x86)\freecordertoolbar\chrome\skin\images.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\add.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\alexabutton.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\aol.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\arrow-dn.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\arrow-right.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\arrow-up.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btn-divider.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btn-end.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btn-mdl.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btn-start.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btnover-divider.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btnover-end.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btnover-start.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\blank.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\btn-widgets-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\btn-widgets.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\btn_slider.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\btnback-down-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\btnback-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\btnleft-down-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\btnleft-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\btnright-down-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\btnright-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\button-splitter-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\button-splitter.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\checkmark.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\chevron.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\collapse.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\comcast.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\debugbar\debug.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\dtx-test.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\dtx.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\edit-back-hot.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\edit-back.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\embarq.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\expand.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\fast.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\found.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\gmail.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\gripper.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\highlight.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\highlight_blue.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\highlight_cyan.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\highlight_lime.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\highlight_magenta.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\highlight_yellow.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\hotmail.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\ico-check.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\imap.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\launchers.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\loadingMid.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\lock.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\logo-separator.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\mailcom.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menu_bg-basic.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menu_separator_bar.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menu_separator_white.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menuitem-splitter.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menuitemback-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menuitemleft-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menuitemleft.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menuitemright-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\minus.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\modify.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\move.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\movetarget.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\newsitem.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\css\panels.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\css\popupGames.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\default.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\main.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\footer.htm
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\gameData.js
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\gameList.xsl
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\games.xsl
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\gametype.xsl
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-back.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-next.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\ico-download.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\ico-play.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\icon-download.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\icon-play.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scrollb.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scrollt.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\widgets.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\initHTML.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\popupGames.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\popupHTML.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\popupRSS.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\popupWidgets.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\scroll.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\plus.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\pop.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\css\manager.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\css\slider.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\music-note.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-options.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\slider.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\slideron.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\track.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\managerpanel.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\volumeslider.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank0.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank0_5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank1.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank1_5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank2.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank2_5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank3.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank3_5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank4.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank4_5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rankna.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\reload.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\remove.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rename.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\resize-box.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rss.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rsschannelback.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\RSSLogo.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rsstabdivider.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\scroll-left.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\scroll-right.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\search-go.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\search.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\separator.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\text-ellipsis.xml
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\throbber.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\toolbarsplitter.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\transparent_1px.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_02.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_03.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_04.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_06.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_07.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_08.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_09.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_10.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_11.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_12.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_13.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_14.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_15.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_16.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_18.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_19.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_20.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_21.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\close-hot.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\close-normal.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\proxy.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\template.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\template.xml
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\templateFF.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\throbber.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\websiteinspector-highrisk-user.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\websiteinspector-highrisk.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\websiteinspector-lowrisk.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\websiteinspector-norating.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\websiteinspector-verified-user.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\websiteinspector-verified.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\websiteinspector-verifying.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\yahoo.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lichen.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\logo-about.png
c:\program files (x86)\freecordertoolbar\chrome\skin\logo-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\logo-separator.png
c:\program files (x86)\freecordertoolbar\chrome\skin\logo.png
c:\program files (x86)\freecordertoolbar\chrome\skin\mail.png
c:\program files (x86)\freecordertoolbar\chrome\skin\menuseparatorback.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\modify-save.png
c:\program files (x86)\freecordertoolbar\chrome\skin\modify.png
c:\program files (x86)\freecordertoolbar\chrome\skin\modifyhot.png
c:\program files (x86)\freecordertoolbar\chrome\skin\music.png
c:\program files (x86)\freecordertoolbar\chrome\skin\namespacetoolbar.css
c:\program files (x86)\freecordertoolbar\chrome\skin\news.png
c:\program files (x86)\freecordertoolbar\chrome\skin\options-main.png
c:\program files (x86)\freecordertoolbar\chrome\skin\options-search.png
c:\program files (x86)\freecordertoolbar\chrome\skin\options\options-main.png
c:\program files (x86)\freecordertoolbar\chrome\skin\options\options-search.png
c:\program files (x86)\freecordertoolbar\chrome\skin\options\options-weather.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\options\options-weather.png
c:\program files (x86)\freecordertoolbar\chrome\skin\options\options-widgets.png
c:\program files (x86)\freecordertoolbar\chrome\skin\options_png
c:\program files (x86)\freecordertoolbar\chrome\skin\orange.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\p_yahoo.png
c:\program files (x86)\freecordertoolbar\chrome\skin\pixsy.png
c:\program files (x86)\freecordertoolbar\chrome\skin\play_png
c:\program files (x86)\freecordertoolbar\chrome\skin\ppcbully.png
c:\program files (x86)\freecordertoolbar\chrome\skin\protect-id.png
c:\program files (x86)\freecordertoolbar\chrome\skin\record_audio_png
c:\program files (x86)\freecordertoolbar\chrome\skin\relatedlinks.png
c:\program files (x86)\freecordertoolbar\chrome\skin\rss-collapse.png
c:\program files (x86)\freecordertoolbar\chrome\skin\rss-delete.png
c:\program files (x86)\freecordertoolbar\chrome\skin\rss-expand.png
c:\program files (x86)\freecordertoolbar\chrome\skin\rss-feed.png
c:\program files (x86)\freecordertoolbar\chrome\skin\rss-folder-remove.png
c:\program files (x86)\freecordertoolbar\chrome\skin\rss-folder-rename.png
c:\program files (x86)\freecordertoolbar\chrome\skin\rss-folder.png
c:\program files (x86)\freecordertoolbar\chrome\skin\rss-found.png
c:\program files (x86)\freecordertoolbar\chrome\skin\rss-reload.png
c:\program files (x86)\freecordertoolbar\chrome\skin\rss-subscribe.png
c:\program files (x86)\freecordertoolbar\chrome\skin\rss.png
c:\program files (x86)\freecordertoolbar\chrome\skin\rssback.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\rsstopback.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\search-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\search.png
c:\program files (x86)\freecordertoolbar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files (x86)\freecordertoolbar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files (x86)\freecordertoolbar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files (x86)\freecordertoolbar\chrome\skin\settings.png
c:\program files (x86)\freecordertoolbar\chrome\skin\shopping.png
c:\program files (x86)\freecordertoolbar\chrome\skin\siteinfo.png
c:\program files (x86)\freecordertoolbar\chrome\skin\skin-bluelite.png
c:\program files (x86)\freecordertoolbar\chrome\skin\skin-bluesky.png
c:\program files (x86)\freecordertoolbar\chrome\skin\skin-grey.png
c:\program files (x86)\freecordertoolbar\chrome\skin\skin-lichen.png
c:\program files (x86)\freecordertoolbar\chrome\skin\skin-orange.png
c:\program files (x86)\freecordertoolbar\chrome\skin\skin-yellow.png
c:\program files (x86)\freecordertoolbar\chrome\skin\skin.xml
c:\program files (x86)\freecordertoolbar\chrome\skin\technorati.png
c:\program files (x86)\freecordertoolbar\chrome\skin\throbber.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\toolbarsplitter.png
c:\program files (x86)\freecordertoolbar\chrome\skin\translate.png
c:\program files (x86)\freecordertoolbar\chrome\skin\TRUSTe_about.png
c:\program files (x86)\freecordertoolbar\chrome\skin\tv_png
c:\program files (x86)\freecordertoolbar\chrome\skin\video_history_png
c:\program files (x86)\freecordertoolbar\chrome\skin\vmn.css
c:\program files (x86)\freecordertoolbar\chrome\skin\vmn.png
c:\program files (x86)\freecordertoolbar\chrome\skin\web.png
c:\program files (x86)\freecordertoolbar\chrome\skin\websearch.png
c:\program files (x86)\freecordertoolbar\chrome\skin\wikipedia.png
c:\program files (x86)\freecordertoolbar\chrome\skin\yahoosearch.png
c:\program files (x86)\freecordertoolbar\chrome\skin\yellow.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\youtube.png
c:\program files (x86)\freecordertoolbar\chrome\skin\youtube_png
c:\program files (x86)\freecordertoolbar\chrome\skin\zoom.png
c:\program files (x86)\freecordertoolbar\components\windowmediator.js
c:\program files (x86)\freecordertoolbar\install.ico
c:\program files (x86)\freecordertoolbar\manifest.xml
c:\program files (x86)\freecordertoolbar\partner.xml
c:\program files (x86)\freecordertoolbar\uninstall.exe
c:\program files (x86)\freecordertoolbar\vmntemplate.dll
c:\program files (x86)\freecordertoolbar\vmntemplateX.dll
c:\windows\svchost.exe
c:\windows\system32\drivers\29282726.sys
c:\windows\system32\drivers\45000694.sys
c:\windows\system32\drivers\45143800.sys
c:\windows\system32\drivers\81878291.sys
c:\windows\system32\drivers\84598489.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_07736222
-------\Service_21487290
-------\Service_42637477
-------\Service_75751116
-------\Service_03391360
.
.
((((((((((((((((((((((((( Files Created from 2012-01-18 to 2012-02-18 )))))))))))))))))))))))))))))))
.
.
2012-02-18 02:48 . 2012-02-18 02:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-13 00:49 . 2012-02-17 22:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-13 00:41 . 2012-02-13 00:41 -------- d-----w- c:\program files (x86)\61658
2012-02-09 00:01 . 2012-02-09 00:19 -------- d-----w- c:\users\Blanca\AppData\Roaming\gtk-2.0
2012-02-08 23:51 . 2012-02-09 00:22 -------- d-----w- c:\users\Blanca\.gimp-2.6
2012-02-08 23:50 . 2012-02-08 23:50 -------- d-----w- c:\program files (x86)\GIMP-2.0
2012-02-08 23:41 . 2012-02-08 23:41 -------- d-----w- c:\users\Blanca\.thumbnails
2012-02-08 23:40 . 2012-02-08 23:40 -------- d-----w- c:\program files\Blender Foundation
2012-02-05 22:50 . 2012-02-05 22:50 -------- d-----w- c:\windows\system32\Macromed
2012-01-26 20:52 . 2012-01-26 20:52 -------- d-----w- c:\program files (x86)\AIM Toolbar
2012-01-26 20:52 . 2012-01-26 20:52 -------- d-----w- c:\programdata\AIM Toolbar
2012-01-26 20:51 . 2012-01-26 20:51 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility
2012-01-26 20:51 . 2012-01-26 20:52 -------- d-----w- c:\users\Blanca\AppData\Roaming\acccore
2012-01-26 20:51 . 2012-01-26 20:51 -------- d-----w- c:\users\Blanca\AppData\Local\AIM
2012-01-26 20:51 . 2012-01-26 20:51 -------- d-----w- c:\users\Blanca\AppData\Local\AOL
2012-01-26 20:50 . 2012-01-26 20:50 -------- d-----w- c:\programdata\AIM
2012-01-26 20:50 . 2012-01-26 20:50 -------- d-----w- c:\program files (x86)\AIM
2012-01-26 20:50 . 2012-01-26 20:50 -------- d-----w- c:\program files (x86)\Common Files\AOL
2012-01-26 04:56 . 2012-02-05 22:54 -------- d-----w- c:\users\Blanca\AppData\Local\Spotify
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-05 22:50 . 2011-06-02 01:14 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 21:24 . 2011-12-12 11:52 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 05:00 . 2011-12-14 00:19 3141632 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 11:40 . 2011-12-09 21:05 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5F56215D-B1DA-4DBE-A5B6-C66119C2BB51}\mpengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-17_03.26.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-02-18 02:53 35154 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-01-15 01:17 . 2012-02-05 22:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-15 01:17 . 2012-02-18 02:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-15 01:17 . 2012-02-05 22:53 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-15 01:17 . 2012-02-18 02:52 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-15 01:17 . 2012-02-05 22:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-15 01:17 . 2012-02-18 02:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-13 08:23 . 2012-02-18 02:53 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-13 08:23 . 2012-02-10 03:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-13 08:23 . 2012-02-18 02:53 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-13 08:23 . 2012-02-10 03:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-13 08:22 . 2012-02-18 02:53 9818 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1696579709-3731510357-1250199668-1000_UserData.bin
+ 2012-02-18 02:49 . 2012-02-18 02:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-17 03:26 . 2012-02-17 03:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-18 02:49 . 2012-02-18 02:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-17 03:26 . 2012-02-17 03:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-12-15 2292672]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-06 1242448]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-05-03 4321112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
eBook USB Driver.lnk - c:\program files (x86)\eBook Technologies\eBook USB Driver\TrayEBU.exe [2010-1-14 36864]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-11 135664]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-11 135664]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2008-06-11 468224]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2011-04-08 44480]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-11 01:42]
.
2012-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-11 01:42]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-11 8114720]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-11 1910016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 363544]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"combofix"="c:\combofix\CF32557.3XE" [2009-07-14 344576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Blanca\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Blanca\AppData\Roaming\Mozilla\Firefox\Profiles\u6chgggi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20120126205143896&tb_oid=26-01-2012&tb_mrud=26-01-2012
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20120126205143896&tb_oid=26-01-2012&tb_mrud=26-01-2012&query=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
BHO-{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - c:\program files (x86)\freecordertoolbar\vmntemplateX.dll
Toolbar-{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - c:\program files (x86)\freecordertoolbar\vmntemplateX.dll
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
AddRemove-Bandoo - c:\program files (x86)\Bandoo\PreUninstall.exe
AddRemove-freecordertoolbar - c:\program files (x86)\freecordertoolbar\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1696579709-3731510357-1250199668-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1696579709-3731510357-1250199668-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:f5,9c,26,fc,88,d1,d1,ac,90,6c,43,42,34,41,34,db,46,01,27,8a,26,
bb,64,7e,e0,61,ec,fc,84,b1,e7,48,15,09,6a,93,3b,ad,90,bd,e2,18,f9,ac,d9,6d,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10r_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10r_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
@Denied: (3) (LocalSystem)
"AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000409
"ProductBase"=dword:00000000
"ProductCode"="{8DF6101A-F41C-44C6-BB7F-3325CF425031}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="3.0.667.0"
"UniqueId"="0002BEFA4B4E149C"
"ScannerBuild"=dword:00000bcb
"ScannerVersionId"=dword:00000c78
"ScannerVersion"=""
"ei2"=hex(B):fc,a6,57,6a,e8,01,c6,b2
"ei1"=hex(B):00,19,d1,6c,6d,65,00,00
"ei3"=hex(B):ab,30,52,4e,00,00,00,00
"ei4"=dword:00000006
"FixId"=dword:00000009
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:f5,9c,26,fc,88,d1,d1,ac,90,6c,43,42,34,41,34,db,46,01,27,8a,26,
bb,64,7e,e0,61,ec,fc,84,b1,e7,48,15,09,6a,93,3b,ad,90,bd,e2,18,f9,ac,d9,6d,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files (x86)\HP\HP Software Update\HPWUCli.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
c:\program files (x86)\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
.
Completion time: 2012-02-17 21:06:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-18 03:06
ComboFix2.txt 2012-02-17 03:31
.
Pre-Run: 201,772,060,672 bytes free
Post-Run: 201,686,265,856 bytes free
.
- - End Of File - - 34B7DE4D10C2E6E08C54D77FE2A1DAE5

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:03 PM

Posted 17 February 2012 - 10:30 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.4.5
µTorrent
Bandoo
BitTorrent
Complitly
Freecorder 5
Freecorder Toolbar
Java™ 6 Update 26
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Axel55

Axel55
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 17 February 2012 - 11:43 PM

My computer is kinda slow but better.
here is the malewarebytes log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.13.01

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Blanca :: BLANCA-PC [administrator]

17/02/2012 22:36:54
mbam-log-2012-02-17 (22-36-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 191494
Time elapsed: 5 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#11 Axel55

Axel55
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 17 February 2012 - 11:47 PM

here is the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:46:34, on 17/02/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16912)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOL Messaging Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (file missing)
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: AOL Messaging Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
O3 - Toolbar: AOL Messaging Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe -update plugin
O4 - Global Startup: eBook USB Driver.lnk = C:\Program Files (x86)\eBook Technologies\eBook USB Driver\TrayEBU.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Blanca\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11699 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:03 PM

Posted 18 February 2012 - 12:11 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
      O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
      O4 - HKCU\..\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
      O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe -update plugin
      O4 - Global Startup: eBook USB Driver.lnk = C:\Program Files (x86)\eBook Technologies\eBook USB Driver\TrayEBU.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Axel55

Axel55
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 18 February 2012 - 05:17 PM

I'm not sure if this is the right log but these are the results:

C:\Program Files (x86)\Win7codecs\Tools\renderer32.exe Win32/Packed.Autoit.E.Gen application
C:\Program Files (x86)\Win7codecs\Tools\Settings32.exe Win32/Packed.Autoit.C.Gen application
C:\ProgramData\Win7codecs\{9358A3E1-C79C-4A76-86C8-383E19BB2346}\Win7codecs.msi multiple threats
C:\Qoobox\Quarantine\C\Program Files (x86)\Bandoo\Plugins\IE\iePLugin.dll.vir a variant of Win32/Adware.Bandoo.AA application
C:\Qoobox\Quarantine\C\PROGRA~2\Bandoo\InstallerHelper.dll.vir a variant of Win32/Adware.Bandoo.AA application
C:\Qoobox\Quarantine\C\PROGRA~2\Bandoo\Plugins\Yahoo\YahooPlugin.dll.vir a variant of Win32/Adware.Bandoo.AA application
C:\TDSSKiller_Quarantine\17.02.2012_16.04.34\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Olmarik.AYG trojan
C:\TDSSKiller_Quarantine\17.02.2012_16.04.34\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.JG trojan
C:\Users\All Users\Win7codecs\{9358A3E1-C79C-4A76-86C8-383E19BB2346}\Win7codecs.msi multiple threats
C:\Users\Blanca\Desktop\Downloads\cnet_RPG Maker XP_zip.exe a variant of Win32/InstallCore.D application
C:\Users\Blanca\Desktop\Downloads\FileExtensionFinder-1.0.exe Win32/Toolbar.Zugo application
C:\Users\Blanca\Desktop\Downloads\gamebooster.exe a variant of Win32/Toolbar.Widgi application
C:\Users\Blanca\Desktop\Downloads\Maya 2011.rar a variant of Win32/Keygen.BL application
C:\Users\Blanca\Desktop\Downloads\Maya 2011\Maya 2011\AutoDesk MAYA 2011.iso a variant of Win32/Keygen.BL application
C:\Windows\Installer\6aff7.msi multiple threats
C:\Windows\Setup\SCRIPTS\Activation Report.exe a variant of Win32/HiddenStart.A application

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:03 PM

Posted 18 February 2012 - 08:55 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Program Files (x86)\Win7codecs\Tools\renderer32.exe"
    del /f /s /q "C:\Program Files (x86)\Win7codecs\Tools\Settings32.exe"
    del /f /s /q "C:\ProgramData\Win7codecs\{9358A3E1-C79C-4A76-86C8-383E19BB2346}\Win7codecs.msi"
    del /f /s /q "C:\Users\All Users\Win7codecs\{9358A3E1-C79C-4A76-86C8-383E19BB2346}\Win7codecs.msi"
    del /f /s /q "C:\Users\Blanca\Desktop\Downloads\cnet_RPG Maker XP_zip.exe"
    del /f /s /q "C:\Users\Blanca\Desktop\Downloads\FileExtensionFinder-1.0.exe"
    del /f /s /q "C:\Users\Blanca\Desktop\Downloads\gamebooster.exe"
    del /f /s /q "C:\Users\Blanca\Desktop\Downloads\Maya 2011.rar"
    del /f /s /q "C:\Users\Blanca\Desktop\Downloads\Maya 2011\Maya 2011\AutoDesk MAYA 2011.iso"
    del /f /s /q "C:\Windows\Installer\6aff7.msi"
    del /f /s /q "C:\Windows\Setup\SCRIPTS\Activation Report.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop. TFC is a free temp file cleaner that is very easy to use, I would keep this and use before you do any scans or when you want to free up some space.

:DeFogger:

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Axel55

Axel55
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 18 February 2012 - 11:37 PM

Thank you for all the help. you have been very helpful. everything is fine now. my family and are very grateful.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users