Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible zeroaccess rootkit


  • This topic is locked This topic is locked
22 replies to this topic

#1 doggypeg

doggypeg

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 24 June 2012 - 10:38 PM

I was getting shut down by the bsod. When I removed McAfee the bsod's seemed to stop. When I installed Microsoft Security Essentials, they started again. I removed MSE and I haven't had any problems (except slow booting?) but I do not have any security.

I originally posted the problem in windows xp forum (http://www.bleepingcomputer.com/forums/topic454488.html/page__p__2707152__fromsearch__1#entry2707152) (blue screen/invalid process detach attempt). There are several dump reports copied there.
Here are the results of the scans suggested in the Am I Infected forum.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Run by Rob at 21:54:40 on 2012-06-24
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll
BHO: BFlix Toolbar: {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - c:\program files\bflixtoolbar\vmntemplateX.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll
TB: BFlix Toolbar: {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - c:\program files\bflixtoolbar\vmntemplateX.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\8.0"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [StartNowToolbarHelper] "c:\program files\startnow toolbar\ToolbarHelper.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10l_ActiveX.exe -update activex
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{700D4181-56F1-40BE-8204-868F68E01E89} : DhcpNameServer = 192.168.1.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\rob\application data\mozilla\firefox\profiles\p7oolroo.default\
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-06-25 01:33:47 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-21 01:57:01 -------- d-----w- c:\documents and settings\rob\application data\Malwarebytes
2012-06-21 01:56:57 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-21 01:56:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-14 21:16:51 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-09 17:44:15 215920 ----a-w- c:\windows\system32\muweb.dll
2012-06-09 17:44:14 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-06-09 17:44:14 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-08 18:48:23 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-06-08 17:42:23 -------- d-----w- c:\documents and settings\rob\local settings\application data\ApplicationHistory
2012-06-08 17:35:50 -------- dc-h--w- c:\windows\ie8
2012-06-08 17:20:21 -------- d-----w- c:\documents and settings\rob\application data\vmntemplate
2012-06-08 17:08:20 -------- d-----w- C:\mfe
.
==================== Find3M ====================
.
2012-06-25 01:49:35 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-18 15:44:37 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-31 02:13:11 3993600 ----a-w- c:\program files\GUT9.tmp
2012-03-31 02:11:25 3993600 ----a-w- c:\program files\GUT8.tmp
2012-03-31 02:09:35 3993600 ----a-w- c:\program files\GUT7.tmp
2012-03-31 02:07:51 3993600 ----a-w- c:\program files\GUT4.tmp
2012-03-31 02:06:04 3993600 ----a-w- c:\program files\GUT6.tmp
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe >>UNKNOWN [0x89A83A2E]<<
_asm { MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; PUSH EBX; MOV EBX, [EBP+0xc]; MOV EAX, [EBX+0x60]; PUSH ESI; MOV ESI, [EBP+0x8]; CMP ESI, [0x89a86180]; JZ 0x25; PUSH EBX; PUSH ESI; CALL [0x89a86178]; }
1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x8A9A7AB8]
\Driver\Disk[0x8A9AAA08] -> IRP_MJ_READ -> 0x89A83A2E
kernel: MBR read successfully
_asm { XOR EAX, EAX; MOV DS, AX; NOP ; MOV ES, AX; NOP ; MOV SS, AX; MOV SP, 0x7c00; CLD ; MOV SI, 0x7c00; MOV DI, 0x600; NOP ; MOV CX, 0x80; NOP ; REP MOVSD ; NOP ; JMP FAR 0x0:0x624; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x89A840AE
\Driver\atapi -> 0x89a83f76
IoDeviceObjectType -> ParseProcedure -> 0x89a8320c
\Device\Harddisk0\DR0 -> ParseProcedure -> 0x89a8320c
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 21:55:43.40 ===============


I got an error message trying to attach the gmer log. I am going to try and attach it in a new message.
Rob

Attached Files

  • Attached File  ark.txt   12.88KB   1 downloads


BC AdBot (Login to Remove)

 


#2 doggypeg

doggypeg
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 24 June 2012 - 10:42 PM

continuation from last post. The error was mine. The log is attached.
Thanks for your help.

Attached Files



#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:01 AM

Posted 24 June 2012 - 11:33 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 doggypeg

doggypeg
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 26 June 2012 - 09:38 PM

Gringo--Thanks for helping. I'm pasting in the 2 logs you requested. During the combofix I got a pop-up from Visual Studio Just-in-time debugger saying there was an unhandled win32 exception that occurred in explorer.exe[356] and asking me if I wanted to debug. I said no.
The only problem I have right now (other than working with no anti-virus program) is an excessively long time to boot up. No bsods.
Here are the logs:

Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
McAfee Virtual Technician
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 25
Java version out of Date!
Adobe Flash Player 11.3.300.262
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 10.0.2 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 2%
````````````````````End of Log``````````````````````



ComboFix 12-06-26.02 - Rob 06/26/2012 22:15:53.1.2 - x86
Running from: c:\documents and settings\Rob\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
c:\documents and settings\All Users\Documents\~WRL0004.tmp
c:\documents and settings\All Users\Documents\~WRL2532.tmp
c:\documents and settings\Nathan\WINDOWS
c:\documents and settings\Rob\Application Data\bflixtoolbar
c:\documents and settings\Rob\Application Data\bflixtoolbar\dtx.ini
c:\documents and settings\Rob\Application Data\bflixtoolbar\guid.dat
c:\documents and settings\Rob\Application Data\bflixtoolbar\preferences.dat
c:\documents and settings\Rob\Application Data\bflixtoolbar\stats.dat
c:\documents and settings\Rob\Application Data\bflixtoolbar\uninstallIE.dat
c:\documents and settings\Rob\Application Data\bflixtoolbar\version.xml
c:\documents and settings\Rob\GoToAssistDownloadHelper.exe
c:\program files\bflixtoolbar
c:\program files\bflixtoolbar\chrome\content\lib\about.xml
c:\program files\bflixtoolbar\chrome\content\lib\dtxpanel.xul
c:\program files\bflixtoolbar\chrome\content\lib\dtxpaneltransparent.xul
c:\program files\bflixtoolbar\chrome\content\lib\dtxpanelwin.xul
c:\program files\bflixtoolbar\chrome\content\lib\dtxprefwin.xul
c:\program files\bflixtoolbar\chrome\content\lib\dtxtransparentwin.xul
c:\program files\bflixtoolbar\chrome\content\lib\dtxwin.xul
c:\program files\bflixtoolbar\chrome\content\lib\emailnotifierproviders.xml
c:\program files\bflixtoolbar\chrome\content\lib\external.js
c:\program files\bflixtoolbar\chrome\content\lib\neterror.xhtml
c:\program files\bflixtoolbar\chrome\content\lib\rsspreview.html
c:\program files\bflixtoolbar\chrome\content\lib\rsswin.xml
c:\program files\bflixtoolbar\chrome\content\lib\rsswin.xsl
c:\program files\bflixtoolbar\chrome\content\lib\vmncode.js
c:\program files\bflixtoolbar\chrome\content\lib\wmpstreamer.html
c:\program files\bflixtoolbar\chrome\content\modules\datastore.jsm
c:\program files\bflixtoolbar\chrome\content\modules\nsDragAndDrop.js
c:\program files\bflixtoolbar\chrome\content\neterror.xhtml
c:\program files\bflixtoolbar\chrome\content\newtab\images\btn_search.gif
c:\program files\bflixtoolbar\chrome\content\newtab\images\bullet.gif
c:\program files\bflixtoolbar\chrome\content\newtab\images\field_bg.gif
c:\program files\bflixtoolbar\chrome\content\newtab\images\powered_by_yahoo.gif
c:\program files\bflixtoolbar\chrome\content\newtab\newtab.html
c:\program files\bflixtoolbar\chrome\content\newtab\newtab_mystart.html
c:\program files\bflixtoolbar\chrome\content\newtab\newtab_yahoo.html
c:\program files\bflixtoolbar\chrome\content\preferences.xml
c:\program files\bflixtoolbar\chrome\content\template.xml
c:\program files\bflixtoolbar\chrome\content\toolbar.htm
c:\program files\bflixtoolbar\chrome\content\toolbar.xul
c:\program files\bflixtoolbar\chrome\content\vmncode.js
c:\program files\bflixtoolbar\chrome\content\vmnrsswin.xml
c:\program files\bflixtoolbar\chrome\data\dynamicElements\vmntoolbar.xsl
c:\program files\bflixtoolbar\chrome\data\product.xml
c:\program files\bflixtoolbar\chrome\data\rss\rss.xml
c:\program files\bflixtoolbar\chrome\data\search\engines.xml
c:\program files\bflixtoolbar\chrome\data\search\search.xsl
c:\program files\bflixtoolbar\chrome\data\weather\icons.xml
c:\program files\bflixtoolbar\chrome\skin\1x1_png
c:\program files\bflixtoolbar\chrome\skin\1x1_white_png
c:\program files\bflixtoolbar\chrome\skin\about.gif
c:\program files\bflixtoolbar\chrome\skin\about_logo.png
c:\program files\bflixtoolbar\chrome\skin\arcade_png
c:\program files\bflixtoolbar\chrome\skin\babylon_logo.png
c:\program files\bflixtoolbar\chrome\skin\bflix_logo_png
c:\program files\bflixtoolbar\chrome\skin\blank_png
c:\program files\bflixtoolbar\chrome\skin\bluelite.gif
c:\program files\bflixtoolbar\chrome\skin\bluesky.gif
c:\program files\bflixtoolbar\chrome\skin\btn-search-over.png
c:\program files\bflixtoolbar\chrome\skin\btn-search.png
c:\program files\bflixtoolbar\chrome\skin\btn-settings-over.png
c:\program files\bflixtoolbar\chrome\skin\btn-settings.png
c:\program files\bflixtoolbar\chrome\skin\btn-widgets-over.png
c:\program files\bflixtoolbar\chrome\skin\btn-widgets.png
c:\program files\bflixtoolbar\chrome\skin\btn_settings.png
c:\program files\bflixtoolbar\chrome\skin\ca.png
c:\program files\bflixtoolbar\chrome\skin\dictionary.png
c:\program files\bflixtoolbar\chrome\skin\divider.png
c:\program files\bflixtoolbar\chrome\skin\downloadcom.png
c:\program files\bflixtoolbar\chrome\skin\dtxlogo.png
c:\program files\bflixtoolbar\chrome\skin\email.png
c:\program files\bflixtoolbar\chrome\skin\email_on.png
c:\program files\bflixtoolbar\chrome\skin\facebook.png
c:\program files\bflixtoolbar\chrome\skin\facebook_png
c:\program files\bflixtoolbar\chrome\skin\games.png
c:\program files\bflixtoolbar\chrome\skin\Games_png
c:\program files\bflixtoolbar\chrome\skin\graphna.png
c:\program files\bflixtoolbar\chrome\skin\graphred0.png
c:\program files\bflixtoolbar\chrome\skin\graphred0_5.png
c:\program files\bflixtoolbar\chrome\skin\graphred1.png
c:\program files\bflixtoolbar\chrome\skin\graphred1_5.png
c:\program files\bflixtoolbar\chrome\skin\graphred2.png
c:\program files\bflixtoolbar\chrome\skin\graphred2_5.png
c:\program files\bflixtoolbar\chrome\skin\graphred3.png
c:\program files\bflixtoolbar\chrome\skin\graphred3_5.png
c:\program files\bflixtoolbar\chrome\skin\graphred4.png
c:\program files\bflixtoolbar\chrome\skin\graphred4_5.png
c:\program files\bflixtoolbar\chrome\skin\graphred5.png
c:\program files\bflixtoolbar\chrome\skin\graphredna.png
c:\program files\bflixtoolbar\chrome\skin\grey.gif
c:\program files\bflixtoolbar\chrome\skin\ico-shield.png
c:\program files\bflixtoolbar\chrome\skin\images.png
c:\program files\bflixtoolbar\chrome\skin\lfg_smll_png
c:\program files\bflixtoolbar\chrome\skin\lib\add.png
c:\program files\bflixtoolbar\chrome\skin\lib\alexabutton.css
c:\program files\bflixtoolbar\chrome\skin\lib\aol.png
c:\program files\bflixtoolbar\chrome\skin\lib\arrow-dn.gif
c:\program files\bflixtoolbar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files\bflixtoolbar\chrome\skin\lib\arrow-right.gif
c:\program files\bflixtoolbar\chrome\skin\lib\arrow-up.gif
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btn-divider.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btn-end.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btn-mdl.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btn-start.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btnover-divider.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btnover-end.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btnover-start.png
c:\program files\bflixtoolbar\chrome\skin\lib\blank.gif
c:\program files\bflixtoolbar\chrome\skin\lib\btn-widgets-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\btn-widgets.png
c:\program files\bflixtoolbar\chrome\skin\lib\btn_slider.png
c:\program files\bflixtoolbar\chrome\skin\lib\btnback-down-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\btnback-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\btnleft-down-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\btnleft-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\btnright-down-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\btnright-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\button-splitter-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\button-splitter.png
c:\program files\bflixtoolbar\chrome\skin\lib\checkmark.png
c:\program files\bflixtoolbar\chrome\skin\lib\chevron.png
c:\program files\bflixtoolbar\chrome\skin\lib\collapse.png
c:\program files\bflixtoolbar\chrome\skin\lib\comcast.png
c:\program files\bflixtoolbar\chrome\skin\lib\debugbar\debug.html
c:\program files\bflixtoolbar\chrome\skin\lib\dtx-test.css
c:\program files\bflixtoolbar\chrome\skin\lib\dtx.css
c:\program files\bflixtoolbar\chrome\skin\lib\edit-back-hot.png
c:\program files\bflixtoolbar\chrome\skin\lib\edit-back.png
c:\program files\bflixtoolbar\chrome\skin\lib\embarq.png
c:\program files\bflixtoolbar\chrome\skin\lib\expand.png
c:\program files\bflixtoolbar\chrome\skin\lib\fast.png
c:\program files\bflixtoolbar\chrome\skin\lib\found.png
c:\program files\bflixtoolbar\chrome\skin\lib\gmail.png
c:\program files\bflixtoolbar\chrome\skin\lib\gripper.png
c:\program files\bflixtoolbar\chrome\skin\lib\highlight.png
c:\program files\bflixtoolbar\chrome\skin\lib\highlight_blue.png
c:\program files\bflixtoolbar\chrome\skin\lib\highlight_cyan.png
c:\program files\bflixtoolbar\chrome\skin\lib\highlight_lime.png
c:\program files\bflixtoolbar\chrome\skin\lib\highlight_magenta.png
c:\program files\bflixtoolbar\chrome\skin\lib\highlight_yellow.png
c:\program files\bflixtoolbar\chrome\skin\lib\hotmail.png
c:\program files\bflixtoolbar\chrome\skin\lib\ico-check.png
c:\program files\bflixtoolbar\chrome\skin\lib\imap.png
c:\program files\bflixtoolbar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files\bflixtoolbar\chrome\skin\lib\launchers.css
c:\program files\bflixtoolbar\chrome\skin\lib\loadingMid.gif
c:\program files\bflixtoolbar\chrome\skin\lib\lock.png
c:\program files\bflixtoolbar\chrome\skin\lib\logo-separator.png
c:\program files\bflixtoolbar\chrome\skin\lib\mailcom.png
c:\program files\bflixtoolbar\chrome\skin\lib\menu_bg-basic.png
c:\program files\bflixtoolbar\chrome\skin\lib\menu_separator_bar.png
c:\program files\bflixtoolbar\chrome\skin\lib\menu_separator_white.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitem-splitter.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitemback-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitemleft-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitemleft.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitemright-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\minus.gif
c:\program files\bflixtoolbar\chrome\skin\lib\modify.png
c:\program files\bflixtoolbar\chrome\skin\lib\move.gif
c:\program files\bflixtoolbar\chrome\skin\lib\movetarget.png
c:\program files\bflixtoolbar\chrome\skin\lib\newsitem.gif
c:\program files\bflixtoolbar\chrome\skin\lib\panels\css\panels.css
c:\program files\bflixtoolbar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files\bflixtoolbar\chrome\skin\lib\panels\css\popupGames.css
c:\program files\bflixtoolbar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files\bflixtoolbar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\default.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\main.html
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files\bflixtoolbar\chrome\skin\lib\panels\footer.htm
c:\program files\bflixtoolbar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files\bflixtoolbar\chrome\skin\lib\panels\gameData.js
c:\program files\bflixtoolbar\chrome\skin\lib\panels\gameList.xsl
c:\program files\bflixtoolbar\chrome\skin\lib\panels\games.xsl
c:\program files\bflixtoolbar\chrome\skin\lib\panels\gametype.xsl
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-back.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-next.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-download.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-play.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\icon-download.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\icon-play.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollb.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollt.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\widgets.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\initHTML.html
c:\program files\bflixtoolbar\chrome\skin\lib\panels\popupGames.html
c:\program files\bflixtoolbar\chrome\skin\lib\panels\popupHTML.html
c:\program files\bflixtoolbar\chrome\skin\lib\panels\popupRSS.html
c:\program files\bflixtoolbar\chrome\skin\lib\panels\popupWidgets.html
c:\program files\bflixtoolbar\chrome\skin\lib\panels\scroll.png
c:\program files\bflixtoolbar\chrome\skin\lib\plus.gif
c:\program files\bflixtoolbar\chrome\skin\lib\pop.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\css\manager.css
c:\program files\bflixtoolbar\chrome\skin\lib\radio\css\slider.css
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\music-note.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-options.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\slider.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\slideron.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\track.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\managerpanel.html
c:\program files\bflixtoolbar\chrome\skin\lib\radio\volumeslider.html
c:\program files\bflixtoolbar\chrome\skin\lib\rank0.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank0_5.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank1.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank1_5.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank2.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank2_5.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank3.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank3_5.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank4.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank4_5.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank5.png
c:\program files\bflixtoolbar\chrome\skin\lib\rankna.png
c:\program files\bflixtoolbar\chrome\skin\lib\reload.png
c:\program files\bflixtoolbar\chrome\skin\lib\remove.png
c:\program files\bflixtoolbar\chrome\skin\lib\rename.gif
c:\program files\bflixtoolbar\chrome\skin\lib\resize-box.gif
c:\program files\bflixtoolbar\chrome\skin\lib\rss.png
c:\program files\bflixtoolbar\chrome\skin\lib\rsschannelback.png
c:\program files\bflixtoolbar\chrome\skin\lib\RSSLogo.png
c:\program files\bflixtoolbar\chrome\skin\lib\rsstabdivider.gif
c:\program files\bflixtoolbar\chrome\skin\lib\scroll-left.png
c:\program files\bflixtoolbar\chrome\skin\lib\scroll-right.png
c:\program files\bflixtoolbar\chrome\skin\lib\search-go.png
c:\program files\bflixtoolbar\chrome\skin\lib\search.png
c:\program files\bflixtoolbar\chrome\skin\lib\separator.png
c:\program files\bflixtoolbar\chrome\skin\lib\text-ellipsis.xml
c:\program files\bflixtoolbar\chrome\skin\lib\throbber.gif
c:\program files\bflixtoolbar\chrome\skin\lib\toolbarsplitter.gif
c:\program files\bflixtoolbar\chrome\skin\lib\transparent_1px.gif
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_02.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_03.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_04.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_06.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_07.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_08.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_09.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_10.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_11.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_12.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_13.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_14.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_15.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_16.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_18.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_19.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_20.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\border_21.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\close-hot.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\close-normal.png
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\proxy.html
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\template.html
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\template.xml
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\templateFF.html
c:\program files\bflixtoolbar\chrome\skin\lib\uwa\throbber.gif
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton.css
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-highrisk-user.gif
c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-highrisk.gif
c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-lowrisk.gif
c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-norating.gif
c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-verified-user.gif
c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-verified.gif
c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-verifying.gif
c:\program files\bflixtoolbar\chrome\skin\lib\yahoo.png
c:\program files\bflixtoolbar\chrome\skin\lichen.gif
c:\program files\bflixtoolbar\chrome\skin\Linked_in_png
c:\program files\bflixtoolbar\chrome\skin\logo-about.png
c:\program files\bflixtoolbar\chrome\skin\logo-over.png
c:\program files\bflixtoolbar\chrome\skin\logo-separator.png
c:\program files\bflixtoolbar\chrome\skin\logo.png
c:\program files\bflixtoolbar\chrome\skin\mail.png
c:\program files\bflixtoolbar\chrome\skin\menuseparatorback.gif
c:\program files\bflixtoolbar\chrome\skin\modify-save.png
c:\program files\bflixtoolbar\chrome\skin\modify.png
c:\program files\bflixtoolbar\chrome\skin\modifyhot.png
c:\program files\bflixtoolbar\chrome\skin\music.png
c:\program files\bflixtoolbar\chrome\skin\music_png
c:\program files\bflixtoolbar\chrome\skin\Myspace_png
c:\program files\bflixtoolbar\chrome\skin\namespacetoolbar.css
c:\program files\bflixtoolbar\chrome\skin\news.png
c:\program files\bflixtoolbar\chrome\skin\options-main.png
c:\program files\bflixtoolbar\chrome\skin\options-search.png
c:\program files\bflixtoolbar\chrome\skin\options\options-main.png
c:\program files\bflixtoolbar\chrome\skin\options\options-search.png
c:\program files\bflixtoolbar\chrome\skin\options\options-weather.gif
c:\program files\bflixtoolbar\chrome\skin\options\options-weather.png
c:\program files\bflixtoolbar\chrome\skin\options\options-widgets.png
c:\program files\bflixtoolbar\chrome\skin\orange.gif
c:\program files\bflixtoolbar\chrome\skin\p_yahoo.png
c:\program files\bflixtoolbar\chrome\skin\pixsy.png
c:\program files\bflixtoolbar\chrome\skin\ppcbully.png
c:\program files\bflixtoolbar\chrome\skin\protect-id.png
c:\program files\bflixtoolbar\chrome\skin\relatedlinks.png
c:\program files\bflixtoolbar\chrome\skin\rss-collapse.png
c:\program files\bflixtoolbar\chrome\skin\rss-delete.png
c:\program files\bflixtoolbar\chrome\skin\rss-expand.png
c:\program files\bflixtoolbar\chrome\skin\rss-feed.png
c:\program files\bflixtoolbar\chrome\skin\rss-folder-remove.png
c:\program files\bflixtoolbar\chrome\skin\rss-folder-rename.png
c:\program files\bflixtoolbar\chrome\skin\rss-folder.png
c:\program files\bflixtoolbar\chrome\skin\rss-found.png
c:\program files\bflixtoolbar\chrome\skin\rss-reload.png
c:\program files\bflixtoolbar\chrome\skin\rss-subscribe.png
c:\program files\bflixtoolbar\chrome\skin\rss.png
c:\program files\bflixtoolbar\chrome\skin\rssback.gif
c:\program files\bflixtoolbar\chrome\skin\rsstopback.gif
c:\program files\bflixtoolbar\chrome\skin\search-over.png
c:\program files\bflixtoolbar\chrome\skin\search.png
c:\program files\bflixtoolbar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files\bflixtoolbar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files\bflixtoolbar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files\bflixtoolbar\chrome\skin\settings.png
c:\program files\bflixtoolbar\chrome\skin\shopping.png
c:\program files\bflixtoolbar\chrome\skin\siteinfo.png
c:\program files\bflixtoolbar\chrome\skin\skin-bluelite.png
c:\program files\bflixtoolbar\chrome\skin\skin-bluesky.png
c:\program files\bflixtoolbar\chrome\skin\skin-grey.png
c:\program files\bflixtoolbar\chrome\skin\skin-lichen.png
c:\program files\bflixtoolbar\chrome\skin\skin-orange.png
c:\program files\bflixtoolbar\chrome\skin\skin-yellow.png
c:\program files\bflixtoolbar\chrome\skin\skin.xml
c:\program files\bflixtoolbar\chrome\skin\technorati.png
c:\program files\bflixtoolbar\chrome\skin\throbber.gif
c:\program files\bflixtoolbar\chrome\skin\toolbarsplitter.png
c:\program files\bflixtoolbar\chrome\skin\translate.png
c:\program files\bflixtoolbar\chrome\skin\TRUSTe_about.png
c:\program files\bflixtoolbar\chrome\skin\tv_png
c:\program files\bflixtoolbar\chrome\skin\twitter_png
c:\program files\bflixtoolbar\chrome\skin\vmn.css
c:\program files\bflixtoolbar\chrome\skin\vmn.png
c:\program files\bflixtoolbar\chrome\skin\Weather_png
c:\program files\bflixtoolbar\chrome\skin\web.png
c:\program files\bflixtoolbar\chrome\skin\websearch.png
c:\program files\bflixtoolbar\chrome\skin\wikipedia.png
c:\program files\bflixtoolbar\chrome\skin\yahoosearch.png
c:\program files\bflixtoolbar\chrome\skin\yellow.gif
c:\program files\bflixtoolbar\chrome\skin\youtube.png
c:\program files\bflixtoolbar\chrome\skin\zoom.png
c:\program files\bflixtoolbar\components\windowmediator.js
c:\program files\bflixtoolbar\install.ico
c:\program files\bflixtoolbar\manifest.xml
c:\program files\bflixtoolbar\partner.xml
c:\program files\bflixtoolbar\uninstall.exe
c:\program files\bflixtoolbar\vmntemplate.dll
c:\program files\bflixtoolbar\vmNTemplatex.dll
c:\program files\StartNow Toolbar
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\protect\index.html
c:\program files\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files\StartNow Toolbar\Resources\protect\window.css
c:\program files\StartNow Toolbar\Resources\protect\window.js
c:\program files\StartNow Toolbar\Resources\reactivate\index.html
c:\program files\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files\StartNow Toolbar\Resources\reactivate\window.css
c:\program files\StartNow Toolbar\Resources\reactivate\window.js
c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\skin\separator.png
c:\program files\StartNow Toolbar\Resources\skin\splitter.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Resources\update.xml
c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files\StartNow Toolbar\Toolbar32.dll
c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files\StartNow Toolbar\uninstall.dat
c:\windows\EventSystem.log
c:\windows\Installer\{0f603b6b-37cc-9036-8372-93e3c8c29873}
c:\windows\Installer\{0f603b6b-37cc-9036-8372-93e3c8c29873}\@
c:\windows\system32\config\systemprofile\Application Data\bflixtoolbar
c:\windows\system32\config\systemprofile\Application Data\bflixtoolbar\dtx.ini
c:\windows\system32\config\systemprofile\Application Data\bflixtoolbar\guid.dat
c:\windows\system32\config\systemprofile\Application Data\bflixtoolbar\preferences.dat
c:\windows\system32\config\systemprofile\Application Data\bflixtoolbar\stats.dat
c:\windows\system32\config\systemprofile\Application Data\bflixtoolbar\uninstallIE.dat
c:\windows\system32\config\systemprofile\Application Data\bflixtoolbar\version.xml
c:\windows\system32\config\systemprofile\Local Settings\Application Data\{0f603b6b-37cc-9036-8372-93e3c8c29873}
c:\windows\system32\config\systemprofile\Local Settings\Application Data\{0f603b6b-37cc-9036-8372-93e3c8c29873}\@
c:\windows\system32\config\systemprofile\Local Settings\Application Data\{0f603b6b-37cc-9036-8372-93e3c8c29873}\n
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_Updater_Service_for_StartNow_Toolbar
-------\Legacy_Updater_Service_for_StartNow_Toolbar
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
.
.
2012-06-25 01:33 . 2012-06-25 01:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-21 01:57 . 2012-06-21 01:57 -------- d-----w- c:\documents and settings\Rob\Application Data\Malwarebytes
2012-06-21 01:56 . 2012-06-21 01:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-21 01:56 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-21 01:27 . 2012-06-21 01:27 -------- d-----w- c:\program files\7-zip
2012-06-14 21:16 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-10 22:54 . 2012-06-10 22:54 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-06-09 17:44 . 2012-06-02 19:18 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-09 17:44 . 2012-06-02 19:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-08 22:03 . 2012-06-09 18:00 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2012-06-08 18:48 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-06-08 17:42 . 2012-06-08 17:42 -------- d-----w- c:\documents and settings\Rob\Local Settings\Application Data\ApplicationHistory
2012-06-08 17:35 . 2012-06-08 17:36 -------- dc-h--w- c:\windows\ie8
2012-06-08 17:25 . 2012-06-08 17:25 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\vmntemplate
2012-06-08 17:20 . 2012-06-08 17:20 -------- d-----w- c:\documents and settings\Rob\Application Data\vmntemplate
2012-06-08 17:08 . 2012-06-08 17:08 -------- d-----w- C:\mfe
2012-06-08 16:33 . 2012-06-08 16:33 -------- d-----w- c:\documents and settings\Administrator.WIRELESS.000\Local Settings\Application Data\Mozilla
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 01:49 . 2011-06-11 01:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-18 15:44 . 2008-04-14 12:00 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2012-06-09 18:25 . 2011-02-22 20:42 84192 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-06-02 19:19 . 2009-08-06 23:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2010-09-11 03:02 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2010-09-11 03:02 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2010-09-11 03:02 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2009-08-06 23:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2010-09-11 03:02 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2010-09-11 03:02 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2009-08-06 23:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2009-08-06 23:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2009-08-06 23:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2010-09-11 03:02 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2010-09-11 03:02 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2008-04-14 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2008-04-14 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2010-09-11 03:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-31 02:13 . 2012-03-31 02:13 3993600 ----a-w- c:\program files\GUT9.tmp
2012-03-31 02:11 . 2012-03-31 02:11 3993600 ----a-w- c:\program files\GUT8.tmp
2012-03-31 02:09 . 2012-03-31 02:09 3993600 ----a-w- c:\program files\GUT7.tmp
2012-03-31 02:07 . 2012-03-31 02:07 3993600 ----a-w- c:\program files\GUT4.tmp
2012-03-31 02:06 . 2012-03-31 02:06 3993600 ----a-w- c:\program files\GUT6.tmp
2012-02-18 21:19 . 2011-06-13 21:36 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 18:01 . 2011-01-14 15:57 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"RTHDCPL"="RTHDCPL.EXE" [2010-07-28 19557480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\documents and settings\Jacob\Start Menu\Programs\Startup\
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2011-6-12 333088]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mfevtp"=2 (0x2)
"mfefire"=2 (0x2)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"McNaiAnn"=2 (0x2)
"mcmscsvc"=2 (0x2)
"McMPFSvc"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [5/23/2012 9:17 PM 22784]
S1 kusddzkg;kusddzkg;\??\c:\windows\system32\drivers\kusddzkg.sys --> c:\windows\system32\drivers\kusddzkg.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/30/2011 6:51 PM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [6/24/2012 9:33 PM 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/10/2010 10:04 PM 1691480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/30/2011 6:51 PM 136176]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 01:49]
.
2012-06-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-30 18:42]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd0ee356c45f4c.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-30 18:42]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-30 18:42]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1004336348-1801674531-1005Core.job
- c:\documents and settings\Jacob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-06 18:42]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1004336348-1801674531-1005UA.job
- c:\documents and settings\Jacob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-06 18:42]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1004336348-1801674531-1006Core.job
- c:\documents and settings\Nathan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-10 15:38]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1004336348-1801674531-1006UA.job
- c:\documents and settings\Nathan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-10 15:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\p7oolroo.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-StartNowToolbarHelper - c:\program files\StartNow Toolbar\ToolbarHelper.exe
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
AddRemove-bflixtoolbar - c:\program files\bflixtoolbar\uninstall.exe
AddRemove-McAfee Virtual Technician - c:\program files\McAfee\Supportability\MVT\MVTInstaller.exe
AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-26 22:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
c:\program files\Internet Explorer\iexplore.exe [2232] 0x897E6B28
c:\program files\Internet Explorer\iexplore.exe [2324] 0x897DE240
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x89A6B0AE
\Driver\atapi -> 0x89a6af76
IoDeviceObjectType -> ParseProcedure -> 0x89a6a20c
\Device\Harddisk0\DR0 -> ParseProcedure -> 0x89a6a20c
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,12,1a,a2,cc,a4,39,83,46,bc,63,ed,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,12,1a,a2,cc,a4,39,83,46,bc,63,ed,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(112)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Razer\DeathAdder\razertra.exe
c:\program files\Razer\DeathAdder\razerofa.exe
.
**************************************************************************
.
Completion time: 2012-06-26 22:27:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-27 02:27
.
Pre-Run: 508,855,111,680 bytes free
Post-Run: 512,017,076,224 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - D3F2965565046E62B63CF89383E213AA

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:01 AM

Posted 26 June 2012 - 10:41 PM

Greetings



I want you to reset the DMA you can do this by this script here - Reset DMA

If you have problems when you click on the link try to right click on the link and select "Save Target As" and then save to your desktop.
Once it is on your desktop right click on the file and select "Run"

If you still can't run it then you can go here "Reset DMA" to see what I want to do




I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 doggypeg

doggypeg
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 27 June 2012 - 10:57 PM

Gringo--Here are the logs from TDSs and ASW: I did not click on fixmbr After resetting the DMA, I did not immediately reboot.

23:37:01.0125 3700 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
23:37:01.0437 3700 ============================================================
23:37:01.0437 3700 Current date / time: 2012/06/27 23:37:01.0437
23:37:01.0437 3700 SystemInfo:
23:37:01.0437 3700
23:37:01.0437 3700 OS Version: 5.1.2600 ServicePack: 3.0
23:37:01.0437 3700 Product type: Workstation
23:37:01.0437 3700 ComputerName: WIRELESS
23:37:01.0437 3700 UserName: Rob
23:37:01.0437 3700 Windows directory: C:\WINDOWS
23:37:01.0437 3700 System windows directory: C:\WINDOWS
23:37:01.0437 3700 Processor architecture: Intel x86
23:37:01.0437 3700 Number of processors: 2
23:37:01.0437 3700 Page size: 0x1000
23:37:01.0437 3700 Boot type: Normal boot
23:37:01.0437 3700 ============================================================
23:37:02.0593 3700 Drive \Device\Harddisk0\DR0 - Size: 0x950AF4DE00 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:37:02.0593 3700 ============================================================
23:37:02.0593 3700 \Device\Harddisk0\DR0:
23:37:02.0593 3700 MBR partitions:
23:37:02.0593 3700 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852FC1
23:37:02.0593 3700 ============================================================
23:37:02.0609 3700 C: <-> \Device\Harddisk0\DR0\Partition0
23:37:02.0609 3700 ============================================================
23:37:02.0609 3700 Initialize success
23:37:02.0609 3700 ============================================================
23:37:06.0953 1568 ============================================================
23:37:06.0953 1568 Scan started
23:37:06.0953 1568 Mode: Manual;
23:37:06.0953 1568 ============================================================
23:37:08.0234 1568 Abiosdsk - ok
23:37:08.0234 1568 abp480n5 - ok
23:37:08.0265 1568 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:37:08.0265 1568 ACPI - ok
23:37:08.0312 1568 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:37:08.0312 1568 ACPIEC - ok
23:37:08.0359 1568 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:37:08.0359 1568 AdobeFlashPlayerUpdateSvc - ok
23:37:08.0359 1568 adpu160m - ok
23:37:08.0406 1568 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:37:08.0406 1568 aec - ok
23:37:08.0437 1568 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:37:08.0437 1568 AFD - ok
23:37:08.0453 1568 Aha154x - ok
23:37:08.0453 1568 aic78u2 - ok
23:37:08.0453 1568 aic78xx - ok
23:37:08.0484 1568 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
23:37:08.0515 1568 Alerter - ok
23:37:08.0531 1568 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
23:37:08.0531 1568 ALG - ok
23:37:08.0531 1568 AliIde - ok
23:37:08.0625 1568 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
23:37:08.0656 1568 Ambfilt - ok
23:37:08.0687 1568 amsint - ok
23:37:08.0687 1568 AppMgmt - ok
23:37:08.0687 1568 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:37:08.0703 1568 Arp1394 - ok
23:37:08.0703 1568 asc - ok
23:37:08.0703 1568 asc3350p - ok
23:37:08.0703 1568 asc3550 - ok
23:37:08.0734 1568 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:37:08.0734 1568 aspnet_state - ok
23:37:08.0734 1568 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:37:08.0734 1568 AsyncMac - ok
23:37:08.0750 1568 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:37:08.0750 1568 atapi - ok
23:37:08.0750 1568 Atdisk - ok
23:37:08.0750 1568 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:37:08.0750 1568 Atmarpc - ok
23:37:08.0781 1568 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
23:37:08.0781 1568 AudioSrv - ok
23:37:08.0812 1568 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:37:08.0812 1568 audstub - ok
23:37:08.0859 1568 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:37:08.0859 1568 Beep - ok
23:37:08.0906 1568 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
23:37:08.0968 1568 BITS - ok
23:37:08.0984 1568 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
23:37:08.0984 1568 Browser - ok
23:37:08.0984 1568 BVRPMPR5 - ok
23:37:08.0984 1568 catchme - ok
23:37:09.0015 1568 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:37:09.0015 1568 cbidf2k - ok
23:37:09.0015 1568 cd20xrnt - ok
23:37:09.0046 1568 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:37:09.0046 1568 Cdaudio - ok
23:37:09.0062 1568 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:37:09.0062 1568 Cdfs - ok
23:37:09.0093 1568 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:37:09.0093 1568 Cdrom - ok
23:37:09.0093 1568 Changer - ok
23:37:09.0125 1568 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
23:37:09.0125 1568 CiSvc - ok
23:37:09.0125 1568 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
23:37:09.0125 1568 ClipSrv - ok
23:37:09.0171 1568 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:37:09.0187 1568 clr_optimization_v2.0.50727_32 - ok
23:37:09.0203 1568 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:37:09.0250 1568 clr_optimization_v4.0.30319_32 - ok
23:37:09.0250 1568 CmdIde - ok
23:37:09.0250 1568 COMSysApp - ok
23:37:09.0250 1568 Cpqarray - ok
23:37:09.0265 1568 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
23:37:09.0265 1568 CryptSvc - ok
23:37:09.0265 1568 dac2w2k - ok
23:37:09.0265 1568 dac960nt - ok
23:37:09.0312 1568 DAdderFltr (cb90f77e21109ccfd114a17bd87a42a7) C:\WINDOWS\system32\drivers\dadder.sys
23:37:09.0312 1568 DAdderFltr - ok
23:37:09.0359 1568 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
23:37:09.0375 1568 DcomLaunch - ok
23:37:09.0406 1568 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
23:37:09.0406 1568 Dhcp - ok
23:37:09.0421 1568 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:37:09.0421 1568 Disk - ok
23:37:09.0421 1568 dmadmin - ok
23:37:09.0484 1568 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:37:09.0484 1568 dmboot - ok
23:37:09.0500 1568 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:37:09.0500 1568 dmio - ok
23:37:09.0515 1568 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:37:09.0515 1568 dmload - ok
23:37:09.0515 1568 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
23:37:09.0515 1568 dmserver - ok
23:37:09.0546 1568 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:37:09.0546 1568 DMusic - ok
23:37:09.0562 1568 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
23:37:09.0562 1568 Dnscache - ok
23:37:09.0593 1568 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
23:37:09.0593 1568 Dot3svc - ok
23:37:09.0593 1568 dpti2o - ok
23:37:09.0593 1568 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:37:09.0593 1568 drmkaud - ok
23:37:09.0609 1568 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
23:37:09.0609 1568 EapHost - ok
23:37:09.0625 1568 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
23:37:09.0625 1568 ERSvc - ok
23:37:09.0656 1568 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:37:09.0656 1568 Eventlog - ok
23:37:09.0718 1568 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\Es.dll
23:37:09.0718 1568 EventSystem - ok
23:37:09.0734 1568 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:37:09.0734 1568 Fastfat - ok
23:37:09.0765 1568 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:37:09.0765 1568 FastUserSwitchingCompatibility - ok
23:37:09.0765 1568 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:37:09.0765 1568 Fdc - ok
23:37:09.0796 1568 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:37:09.0796 1568 Fips - ok
23:37:09.0828 1568 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:37:09.0843 1568 Flpydisk - ok
23:37:09.0875 1568 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:37:09.0875 1568 FltMgr - ok
23:37:09.0953 1568 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:37:09.0953 1568 FontCache3.0.0.0 - ok
23:37:09.0953 1568 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:37:09.0953 1568 Fs_Rec - ok
23:37:09.0968 1568 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:37:09.0968 1568 Ftdisk - ok
23:37:09.0984 1568 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:37:09.0984 1568 Gpc - ok
23:37:10.0078 1568 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
23:37:10.0078 1568 gupdate - ok
23:37:10.0078 1568 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
23:37:10.0078 1568 gupdatem - ok
23:37:10.0093 1568 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:37:10.0093 1568 HDAudBus - ok
23:37:10.0125 1568 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:37:10.0125 1568 helpsvc - ok
23:37:10.0140 1568 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
23:37:10.0140 1568 HidServ - ok
23:37:10.0171 1568 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:37:10.0171 1568 hidusb - ok
23:37:10.0187 1568 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
23:37:10.0187 1568 hkmsvc - ok
23:37:10.0203 1568 hpn - ok
23:37:10.0234 1568 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:37:10.0234 1568 HTTP - ok
23:37:10.0265 1568 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
23:37:10.0265 1568 HTTPFilter - ok
23:37:10.0265 1568 i2omgmt - ok
23:37:10.0265 1568 i2omp - ok
23:37:10.0281 1568 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
23:37:10.0281 1568 i8042prt - ok
23:37:10.0312 1568 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:37:10.0312 1568 IDriverT - ok
23:37:10.0390 1568 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:37:10.0406 1568 idsvc - ok
23:37:10.0453 1568 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:37:10.0453 1568 Imapi - ok
23:37:10.0484 1568 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
23:37:10.0484 1568 ImapiService - ok
23:37:10.0484 1568 ini910u - ok
23:37:10.0765 1568 IntcAzAudAddService (a109fe3ca1ee4e92292b349de1b32f7b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:37:10.0796 1568 IntcAzAudAddService - ok
23:37:10.0906 1568 IntelIde - ok
23:37:10.0937 1568 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:37:10.0937 1568 intelppm - ok
23:37:10.0953 1568 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:37:10.0953 1568 Ip6Fw - ok
23:37:10.0968 1568 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:37:10.0968 1568 IpFilterDriver - ok
23:37:10.0984 1568 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:37:10.0984 1568 IpInIp - ok
23:37:10.0984 1568 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:37:10.0984 1568 IpNat - ok
23:37:11.0015 1568 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:37:11.0015 1568 IPSec - ok
23:37:11.0031 1568 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:37:11.0031 1568 IRENUM - ok
23:37:11.0062 1568 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:37:11.0062 1568 isapnp - ok
23:37:11.0171 1568 JavaQuickStarterService (11c3efb4bac41175d03b1595db1a4a4f) C:\Program Files\Java\jre6\bin\jqs.exe
23:37:11.0171 1568 JavaQuickStarterService - ok
23:37:11.0203 1568 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:37:11.0203 1568 Kbdclass - ok
23:37:11.0250 1568 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:37:11.0250 1568 kbdhid - ok
23:37:11.0250 1568 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:37:11.0265 1568 kmixer - ok
23:37:11.0281 1568 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:37:11.0281 1568 KSecDD - ok
23:37:11.0281 1568 kusddzkg - ok
23:37:11.0312 1568 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
23:37:11.0312 1568 LanmanServer - ok
23:37:11.0343 1568 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
23:37:11.0359 1568 lanmanworkstation - ok
23:37:11.0359 1568 lbrtfdc - ok
23:37:11.0390 1568 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
23:37:11.0390 1568 LmHosts - ok
23:37:11.0406 1568 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
23:37:11.0406 1568 Messenger - ok
23:37:11.0421 1568 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:37:11.0421 1568 mnmdd - ok
23:37:11.0421 1568 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
23:37:11.0437 1568 mnmsrvc - ok
23:37:11.0453 1568 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:37:11.0453 1568 Modem - ok
23:37:11.0515 1568 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
23:37:11.0562 1568 Monfilt - ok
23:37:11.0562 1568 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:37:11.0562 1568 Mouclass - ok
23:37:11.0609 1568 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:37:11.0609 1568 mouhid - ok
23:37:11.0609 1568 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:37:11.0609 1568 MountMgr - ok
23:37:11.0609 1568 mraid35x - ok
23:37:11.0625 1568 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:37:11.0625 1568 MRxDAV - ok
23:37:11.0671 1568 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:37:11.0671 1568 MRxSmb - ok
23:37:11.0703 1568 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
23:37:11.0703 1568 MSDTC - ok
23:37:11.0703 1568 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:37:11.0703 1568 Msfs - ok
23:37:11.0703 1568 MSIServer - ok
23:37:11.0703 1568 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:37:11.0703 1568 MSKSSRV - ok
23:37:11.0703 1568 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:37:11.0703 1568 MSPCLOCK - ok
23:37:11.0703 1568 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:37:11.0703 1568 MSPQM - ok
23:37:11.0734 1568 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:37:11.0734 1568 mssmbios - ok
23:37:11.0750 1568 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:37:11.0750 1568 Mup - ok
23:37:11.0796 1568 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
23:37:11.0812 1568 napagent - ok
23:37:11.0828 1568 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:37:11.0828 1568 NDIS - ok
23:37:11.0875 1568 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:37:11.0875 1568 NdisTapi - ok
23:37:11.0890 1568 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:37:11.0890 1568 Ndisuio - ok
23:37:11.0906 1568 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:37:11.0906 1568 NdisWan - ok
23:37:11.0906 1568 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:37:11.0906 1568 NDProxy - ok
23:37:11.0906 1568 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:37:11.0906 1568 NetBIOS - ok
23:37:11.0937 1568 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:37:11.0937 1568 NetBT - ok
23:37:11.0968 1568 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:37:11.0968 1568 NetDDE - ok
23:37:11.0968 1568 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:37:11.0968 1568 NetDDEdsdm - ok
23:37:12.0000 1568 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:37:12.0000 1568 Netlogon - ok
23:37:12.0031 1568 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
23:37:12.0046 1568 Netman - ok
23:37:12.0140 1568 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:37:12.0156 1568 NetTcpPortSharing - ok
23:37:12.0171 1568 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:37:12.0171 1568 NIC1394 - ok
23:37:12.0203 1568 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
23:37:12.0218 1568 Nla - ok
23:37:12.0218 1568 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:37:12.0218 1568 Npfs - ok
23:37:12.0234 1568 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:37:12.0250 1568 Ntfs - ok
23:37:12.0250 1568 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:37:12.0250 1568 NtLmSsp - ok
23:37:12.0281 1568 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
23:37:12.0312 1568 NtmsSvc - ok
23:37:12.0343 1568 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:37:12.0343 1568 Null - ok
23:37:12.0781 1568 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:37:12.0937 1568 nv - ok
23:37:13.0046 1568 nvsvc (a2322c6207ebb0761a6c8cc9003ebacf) C:\WINDOWS\system32\nvsvc32.exe
23:37:13.0046 1568 nvsvc - ok
23:37:13.0078 1568 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:37:13.0078 1568 NwlnkFlt - ok
23:37:13.0093 1568 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:37:13.0093 1568 NwlnkFwd - ok
23:37:13.0218 1568 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:37:13.0234 1568 ohci1394 - ok
23:37:13.0406 1568 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:37:13.0406 1568 ose - ok
23:37:13.0421 1568 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
23:37:13.0437 1568 Parport - ok
23:37:13.0453 1568 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:37:13.0453 1568 PartMgr - ok
23:37:13.0484 1568 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:37:13.0484 1568 ParVdm - ok
23:37:13.0531 1568 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:37:13.0531 1568 PCI - ok
23:37:13.0531 1568 PCIDump - ok
23:37:13.0546 1568 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:37:13.0546 1568 PCIIde - ok
23:37:13.0562 1568 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:37:13.0562 1568 Pcmcia - ok
23:37:13.0578 1568 PDCOMP - ok
23:37:13.0578 1568 PDFRAME - ok
23:37:13.0578 1568 PDRELI - ok
23:37:13.0578 1568 PDRFRAME - ok
23:37:13.0578 1568 perc2 - ok
23:37:13.0578 1568 perc2hib - ok
23:37:13.0609 1568 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:37:13.0609 1568 PlugPlay - ok
23:37:13.0609 1568 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:37:13.0609 1568 PolicyAgent - ok
23:37:13.0625 1568 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:37:13.0625 1568 PptpMiniport - ok
23:37:13.0625 1568 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:37:13.0625 1568 ProtectedStorage - ok
23:37:13.0625 1568 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:37:13.0625 1568 PSched - ok
23:37:13.0640 1568 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:37:13.0640 1568 Ptilink - ok
23:37:13.0671 1568 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:37:13.0671 1568 PxHelp20 - ok
23:37:13.0687 1568 ql1080 - ok
23:37:13.0687 1568 Ql10wnt - ok
23:37:13.0687 1568 ql12160 - ok
23:37:13.0687 1568 ql1240 - ok
23:37:13.0687 1568 ql1280 - ok
23:37:13.0703 1568 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:37:13.0703 1568 RasAcd - ok
23:37:13.0718 1568 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
23:37:13.0718 1568 RasAuto - ok
23:37:13.0718 1568 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:37:13.0718 1568 Rasl2tp - ok
23:37:13.0750 1568 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
23:37:13.0750 1568 RasMan - ok
23:37:13.0765 1568 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:37:13.0765 1568 RasPppoe - ok
23:37:13.0765 1568 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:37:13.0765 1568 Raspti - ok
23:37:13.0781 1568 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:37:13.0796 1568 Rdbss - ok
23:37:13.0796 1568 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:37:13.0796 1568 RDPCDD - ok
23:37:13.0828 1568 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
23:37:13.0828 1568 RDPWD - ok
23:37:13.0859 1568 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
23:37:13.0875 1568 RDSessMgr - ok
23:37:13.0875 1568 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:37:13.0875 1568 redbook - ok
23:37:13.0906 1568 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
23:37:13.0906 1568 RemoteAccess - ok
23:37:13.0937 1568 RichVideo (616f6e52cae254727a886ba8eda1beea) C:\Program Files\CyberLink\Shared files\RichVideo.exe
23:37:13.0953 1568 RichVideo - ok
23:37:13.0968 1568 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
23:37:13.0968 1568 RpcLocator - ok
23:37:14.0000 1568 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
23:37:14.0000 1568 RpcSs - ok
23:37:14.0031 1568 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
23:37:14.0046 1568 RSVP - ok
23:37:14.0062 1568 RTLE8023xp (c6d34a1874cd2b212dc3e788091c64b4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
23:37:14.0062 1568 RTLE8023xp - ok
23:37:14.0078 1568 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:37:14.0078 1568 SamSs - ok
23:37:14.0109 1568 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
23:37:14.0109 1568 SCardSvr - ok
23:37:14.0140 1568 SCDEmu (9a8925f0e6919272a768d7c42232aa3a) C:\WINDOWS\system32\drivers\SCDEmu.sys
23:37:14.0140 1568 SCDEmu - ok
23:37:14.0187 1568 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
23:37:14.0187 1568 Schedule - ok
23:37:14.0203 1568 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:37:14.0203 1568 Secdrv - ok
23:37:14.0234 1568 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
23:37:14.0234 1568 seclogon - ok
23:37:14.0250 1568 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
23:37:14.0250 1568 SENS - ok
23:37:14.0265 1568 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:37:14.0265 1568 serenum - ok
23:37:14.0265 1568 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
23:37:14.0281 1568 Serial - ok
23:37:14.0296 1568 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:37:14.0296 1568 Sfloppy - ok
23:37:14.0343 1568 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
23:37:14.0343 1568 SharedAccess - ok
23:37:14.0390 1568 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:37:14.0390 1568 ShellHWDetection - ok
23:37:14.0390 1568 Simbad - ok
23:37:14.0390 1568 Sparrow - ok
23:37:14.0421 1568 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:37:14.0421 1568 splitter - ok
23:37:14.0437 1568 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
23:37:14.0437 1568 Spooler - ok
23:37:14.0468 1568 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:37:14.0468 1568 sr - ok
23:37:14.0484 1568 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
23:37:14.0484 1568 srservice - ok
23:37:14.0515 1568 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:37:14.0515 1568 Srv - ok
23:37:14.0562 1568 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
23:37:14.0562 1568 SSDPSRV - ok
23:37:14.0593 1568 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
23:37:14.0625 1568 stisvc - ok
23:37:14.0640 1568 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:37:14.0640 1568 swenum - ok
23:37:14.0671 1568 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:37:14.0671 1568 swmidi - ok
23:37:14.0671 1568 SwPrv - ok
23:37:14.0687 1568 symc810 - ok
23:37:14.0687 1568 symc8xx - ok
23:37:14.0687 1568 sym_hi - ok
23:37:14.0687 1568 sym_u3 - ok
23:37:14.0718 1568 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:37:14.0718 1568 sysaudio - ok
23:37:14.0734 1568 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
23:37:14.0734 1568 SysmonLog - ok
23:37:14.0765 1568 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
23:37:14.0765 1568 TapiSrv - ok
23:37:14.0812 1568 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:37:14.0828 1568 Tcpip - ok
23:37:14.0859 1568 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:37:14.0859 1568 TDPIPE - ok
23:37:14.0875 1568 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:37:14.0875 1568 TDTCP - ok
23:37:14.0875 1568 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:37:14.0875 1568 TermDD - ok
23:37:14.0906 1568 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
23:37:14.0906 1568 TermService - ok
23:37:14.0953 1568 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:37:14.0953 1568 Themes - ok
23:37:14.0953 1568 TosIde - ok
23:37:14.0968 1568 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
23:37:14.0968 1568 TrkWks - ok
23:37:14.0984 1568 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:37:14.0984 1568 Udfs - ok
23:37:14.0984 1568 ultra - ok
23:37:15.0031 1568 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:37:15.0031 1568 Update - ok
23:37:15.0062 1568 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
23:37:15.0062 1568 upnphost - ok
23:37:15.0078 1568 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
23:37:15.0078 1568 UPS - ok
23:37:15.0093 1568 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:37:15.0093 1568 usbccgp - ok
23:37:15.0125 1568 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:37:15.0125 1568 usbehci - ok
23:37:15.0125 1568 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:37:15.0140 1568 usbhub - ok
23:37:15.0156 1568 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:37:15.0156 1568 usbprint - ok
23:37:15.0187 1568 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:37:15.0187 1568 usbstor - ok
23:37:15.0218 1568 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:37:15.0218 1568 usbuhci - ok
23:37:15.0250 1568 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:37:15.0250 1568 VgaSave - ok
23:37:15.0250 1568 ViaIde - ok
23:37:15.0296 1568 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:37:15.0296 1568 VolSnap - ok
23:37:15.0328 1568 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
23:37:15.0343 1568 VSS - ok
23:37:15.0375 1568 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
23:37:15.0390 1568 W32Time - ok
23:37:15.0421 1568 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:37:15.0421 1568 Wanarp - ok
23:37:15.0421 1568 WDICA - ok
23:37:15.0453 1568 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:37:15.0453 1568 wdmaud - ok
23:37:15.0500 1568 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
23:37:15.0500 1568 WebClient - ok
23:37:15.0578 1568 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:37:15.0578 1568 winmgmt - ok
23:37:15.0609 1568 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
23:37:15.0609 1568 WmdmPmSN - ok
23:37:15.0625 1568 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:37:15.0640 1568 WmiApSrv - ok
23:37:15.0765 1568 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
23:37:15.0781 1568 WMPNetworkSvc - ok
23:37:15.0890 1568 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:37:15.0890 1568 WPFFontCache_v0400 - ok
23:37:16.0046 1568 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:37:16.0046 1568 WS2IFSL - ok
23:37:16.0062 1568 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
23:37:16.0062 1568 wscsvc - ok
23:37:16.0093 1568 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
23:37:16.0109 1568 wuauserv - ok
23:37:16.0140 1568 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:37:16.0140 1568 WudfPf - ok
23:37:16.0156 1568 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:37:16.0156 1568 WudfRd - ok
23:37:16.0171 1568 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
23:37:16.0187 1568 WudfSvc - ok
23:37:16.0218 1568 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
23:37:16.0218 1568 WZCSVC - ok
23:37:16.0250 1568 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
23:37:16.0343 1568 xmlprov - ok
23:37:16.0359 1568 MBR (0x1B8) (3dfbd33517922022aab2367021b4bbec) \Device\Harddisk0\DR0
23:37:16.0375 1568 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - infected
23:37:16.0375 1568 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Wistler.a (0)
23:37:16.0375 1568 Boot (0x1200) (4233447b4ec59a6b6897ffb6817ea7d2) \Device\Harddisk0\DR0\Partition0
23:37:16.0375 1568 \Device\Harddisk0\DR0\Partition0 - ok
23:37:16.0375 1568 ============================================================
23:37:16.0375 1568 Scan finished
23:37:16.0375 1568 ============================================================
23:37:16.0375 0108 Detected object count: 1
23:37:16.0375 0108 Actual detected object count: 1
23:38:10.0656 0108 \Device\Harddisk0\DR0\# - copied to quarantine
23:38:10.0656 0108 \Device\Harddisk0\DR0 - copied to quarantine
23:38:10.0656 0108 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - will be cured on reboot
23:38:10.0656 0108 \Device\Harddisk0\DR0 - ok
23:38:10.0656 0108 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - User select action: Cure
23:38:16.0640 0480 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-27 23:42:48
-----------------------------
23:42:48.296 OS Version: Windows 5.1.2600 Service Pack 3
23:42:48.296 Number of processors: 2 586 0x170A
23:42:48.296 ComputerName: WIRELESS UserName: Rob
23:42:49.421 Initialize success
23:46:16.125 AVAST engine defs: 12062701
23:46:34.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-1f
23:46:34.515 Disk 0 Vendor: WDC_WD6400AAKS-00A7B2 01.03B01 Size: 610479MB BusType: 3
23:46:34.531 Disk 0 MBR read successfully
23:46:34.531 Disk 0 MBR scan
23:46:34.578 Disk 0 Windows XP default MBR code
23:46:34.578 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 610469 MB offset 63
23:46:34.578 Disk 0 scanning sectors +1250242560
23:46:34.640 Disk 0 scanning C:\WINDOWS\system32\drivers
23:46:38.625 Service scanning
23:46:46.937 Modules scanning
23:46:49.859 Disk 0 trace - called modules:
23:46:49.875 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
23:46:49.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a98aab8]
23:46:49.875 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\0000006a[0x8a9f1160]
23:46:49.875 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-1f[0x8a923d98]
23:46:51.062 AVAST engine scan C:\WINDOWS
23:47:02.000 AVAST engine scan C:\WINDOWS\system32
23:48:53.093 AVAST engine scan C:\WINDOWS\system32\drivers
23:49:07.000 AVAST engine scan C:\Documents and Settings\Rob
23:50:29.890 AVAST engine scan C:\Documents and Settings\All Users
23:50:53.781 Scan finished successfully
23:51:41.125 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Rob\Desktop\MBR.dat"
23:51:41.125 The log file has been saved successfully to "C:\Documents and Settings\Rob\Desktop\aswMBRjune.txt"


Rob





#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:01 AM

Posted 27 June 2012 - 11:00 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 doggypeg

doggypeg
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 28 June 2012 - 11:03 PM

Gringo--I started to run Combofix but got a warning message that Microsoft Security Essentials real time scanner was still active. I thought I had uninstalled mse. I did a search for files with mse modified in the last month and found mseinstall (which I deleted) and Steam Service (whatever that is) and a comsetup text file. I did not complete the scan because the warning message scared me off. Is there any way to know if MSE is still active?

#9 doggypeg

doggypeg
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 29 June 2012 - 11:23 AM

Gringo--We are going away for the weekend. Would you mind holding open this thread until Monday?
Thanks.
Rob

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:01 AM

Posted 29 June 2012 - 10:43 PM

it is not active and go ahead and run combofix when you get back


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 doggypeg

doggypeg
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 02 July 2012 - 10:34 PM

Hi Gringo--I didn't have any problem with Combofix other than it detecting MSE. I'm pasting in the log. I haven't been using the computer except for running the scans and posting to Bleeping, but it seems ok. We have a subscription to McAfee. Is there any reason not to reinstall it? Was there any clue as to how we got the rootkit? Do I have to reset the DMA? What are the chances of getting the bsod when I intall the anti-virus?

ComboFix 12-07-02.01 - Rob 07/02/2012 23:10:24.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.2150 [GMT -4:00]
Running from: c:\documents and settings\Rob\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Rob\Desktop\cfscript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-06-03 to 2012-07-03 )))))))))))))))))))))))))))))))
.
.
2012-06-28 03:38 . 2012-06-28 03:38 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-27 02:35 . 2012-06-27 02:35 -------- d-----w- c:\documents and settings\Rob\Local Settings\Application Data\GameSpy
2012-06-25 01:33 . 2012-06-25 01:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-21 01:57 . 2012-06-21 01:57 -------- d-----w- c:\documents and settings\Rob\Application Data\Malwarebytes
2012-06-21 01:56 . 2012-06-21 01:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-21 01:56 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-21 01:27 . 2012-06-21 01:27 -------- d-----w- c:\program files\7-zip
2012-06-14 21:16 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-10 22:54 . 2012-06-10 22:54 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-06-09 17:44 . 2012-06-02 19:18 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-09 17:44 . 2012-06-02 19:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-08 22:03 . 2012-06-09 18:00 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2012-06-08 18:48 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-06-08 17:42 . 2012-06-27 02:36 -------- d-----w- c:\documents and settings\Rob\Local Settings\Application Data\ApplicationHistory
2012-06-08 17:35 . 2012-06-08 17:36 -------- dc-h--w- c:\windows\ie8
2012-06-08 17:25 . 2012-06-08 17:25 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\vmntemplate
2012-06-08 17:20 . 2012-06-08 17:20 -------- d-----w- c:\documents and settings\Rob\Application Data\vmntemplate
2012-06-08 17:08 . 2012-06-08 17:08 -------- d-----w- C:\mfe
2012-06-08 16:33 . 2012-06-08 16:33 -------- d-----w- c:\documents and settings\Administrator.WIRELESS.000\Local Settings\Application Data\Mozilla
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 01:49 . 2011-06-11 01:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-18 15:44 . 2008-04-14 12:00 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2012-06-09 18:25 . 2011-02-22 20:42 84192 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-06-02 19:19 . 2009-08-06 23:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2010-09-11 03:02 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2010-09-11 03:02 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2010-09-11 03:02 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2009-08-06 23:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2010-09-11 03:02 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2010-09-11 03:02 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2009-08-06 23:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2009-08-06 23:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2009-08-06 23:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2010-09-11 03:02 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2010-09-11 03:02 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2008-04-14 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2008-04-14 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2010-09-11 03:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-31 02:13 . 2012-03-31 02:13 3993600 ----a-w- c:\program files\GUT9.tmp
2012-03-31 02:11 . 2012-03-31 02:11 3993600 ----a-w- c:\program files\GUT8.tmp
2012-03-31 02:09 . 2012-03-31 02:09 3993600 ----a-w- c:\program files\GUT7.tmp
2012-03-31 02:07 . 2012-03-31 02:07 3993600 ----a-w- c:\program files\GUT4.tmp
2012-03-31 02:06 . 2012-03-31 02:06 3993600 ----a-w- c:\program files\GUT6.tmp
2012-02-18 21:19 . 2011-06-13 21:36 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 18:01 . 2011-01-14 15:57 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-06-27_02.24.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-03 02:59 . 2012-07-03 02:59 16384 c:\windows\Temp\Perflib_Perfdata_5a0.dat
+ 2012-06-27 02:22 . 2012-06-27 02:31 54272 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F8A5AD17-BFFE-11E1-B737-001FD0811150}.dat
+ 2012-06-28 03:16 . 2012-06-28 03:25 67072 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AB585367-C0CF-11E1-B738-001FD0811150}.dat
+ 2012-06-28 03:26 . 2012-06-28 03:36 94720 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0BAA12FF-C0D1-11E1-B738-001FD0811150}.dat
- 2012-03-23 21:30 . 2012-06-27 02:12 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-03-23 21:30 . 2012-06-28 03:26 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-06-27 02:22 . 2012-06-27 02:32 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{F8A5AD16-BFFE-11E1-B737-001FD0811150}.dat
+ 2012-06-28 03:16 . 2012-06-28 03:37 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{AB585366-C0CF-11E1-B738-001FD0811150}.dat
+ 2012-06-28 03:37 . 2012-06-28 03:38 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9298A82F-C0D2-11E1-B738-001FD0811150}.dat
+ 2012-06-27 02:32 . 2012-06-27 02:32 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{586F86A5-C000-11E1-B737-001FD0811150}.dat
+ 2010-09-11 03:06 . 2012-06-28 03:37 180224 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-09-11 03:06 . 2012-06-27 02:22 180224 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2011-04-14 18:07 . 2012-06-27 02:19 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2011-04-14 18:07 . 2012-06-28 03:37 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2010-09-11 03:06 . 2012-06-27 02:22 131072 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-09-11 03:06 . 2012-06-28 03:37 131072 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-03-23 21:22 . 2012-06-28 03:37 1327104 c:\windows\system32\config\systemprofile\PrivacIE\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"RTHDCPL"="RTHDCPL.EXE" [2010-07-28 19557480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\documents and settings\Jacob\Start Menu\Programs\Startup\
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2011-6-12 333088]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mfevtp"=2 (0x2)
"mfefire"=2 (0x2)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"McNaiAnn"=2 (0x2)
"mcmscsvc"=2 (0x2)
"McMPFSvc"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [5/23/2012 9:17 PM 22784]
S1 kusddzkg;kusddzkg;\??\c:\windows\system32\drivers\kusddzkg.sys --> c:\windows\system32\drivers\kusddzkg.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/30/2011 6:51 PM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [6/24/2012 9:33 PM 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/10/2010 10:04 PM 1691480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/30/2011 6:51 PM 136176]
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 01:49]
.
2012-06-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-30 18:42]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd0ee356c45f4c.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-30 18:42]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-30 18:42]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1004336348-1801674531-1005Core.job
- c:\documents and settings\Jacob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-06 18:42]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1004336348-1801674531-1005UA.job
- c:\documents and settings\Jacob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-06 18:42]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1004336348-1801674531-1006Core.job
- c:\documents and settings\Nathan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-10 15:38]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1004336348-1801674531-1006UA.job
- c:\documents and settings\Nathan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-10 15:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\p7oolroo.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-02 23:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,12,1a,a2,cc,a4,39,83,46,bc,63,ed,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,12,1a,a2,cc,a4,39,83,46,bc,63,ed,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3212)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-07-02 23:16:38
ComboFix-quarantined-files.txt 2012-07-03 03:16
ComboFix2.txt 2012-06-27 02:27
.
Pre-Run: 511,772,676,096 bytes free
Post-Run: 511,845,261,312 bytes free
.
- - End Of File - - 5146B75E90780BC366B8790DF453357F


Thanks.
Rob

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:01 AM

Posted 02 July 2012 - 10:38 PM

Greetings

Go ahead and reinstall McAfee now



These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.4.6
Adobe Reader 9.5.1
BFlix Toolbar
Java™ 6 Update 25
StartNow Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:01 AM

Posted 05 July 2012 - 08:21 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 doggypeg

doggypeg
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 06 July 2012 - 02:53 PM

Gringo--Thanks for checking in. I was gone for another couple of days. I am almost done with the cleaning. I see that nir-cmd (a part of combofix?) is controversial. Do you have an opinion?
Rob

#15 doggypeg

doggypeg
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 06 July 2012 - 09:39 PM

Gringo--Here are the two reports:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:15:34 PM, on 7/6/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rob\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120706133002.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: McAfee Online Backup (MOBKbackup) - McAfee, Inc. - C:\Program Files\McAfee Online Backup\MOBKbackup.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 8350 bytes

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:15:34 PM, on 7/6/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rob\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120706133002.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: McAfee Online Backup (MOBKbackup) - McAfee, Inc. - C:\Program Files\McAfee Online Backup\MOBKbackup.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 8350 bytes

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.06.13

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Rob :: WIRELESS [administrator]

7/6/2012 4:01:05 PM
mbam-log-2012-07-06 (16-01-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 308406
Time elapsed: 4 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Everything seems to be working fine. The desk top may be populating a little slower. Could this be due to all the tools and logs that I've accumulated in the process of fixing it? What should I keep and what should I delete? McAfee doesn't seem to like the NIRCMD tool. Should I let McAfee remove it? One other thing. In the booting up process, I'm now getting a brief alternate boot screen message.
Rob










0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users