Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus logs


  • This topic is locked This topic is locked
19 replies to this topic

#1 Jukeboxx

Jukeboxx

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 24 July 2012 - 08:41 PM

Hi I was told to post here with my DDS logs. Did not post GMER because the computer is 64 bit. Topic referenced is here: http://www.bleepingcomputer.com/forums/topic461789.html ~ OB
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Inuk at 21:34:38 on 2012-07-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6055.4588 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\windows\system32\nvvsvc.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
C:\windows\system32\igfxext.exe
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
"C:\windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: BFlix Toolbar: {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files (x86)\bflixtoolbar\vmntemplateX.dll
BHO: W2PBrowser Class: {aa609d72-8482-4076-8991-8cdae5b93bcb} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: BFlix Toolbar: {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files (x86)\bflixtoolbar\vmntemplateX.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://www.pb3476.org/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{6F1C4B52-6A11-484C-BECF-B34B98FA53CE} : DhcpNameServer = 128.122.253.79 128.122.253.103
TCP: Interfaces\{C19CEC72-7577-48BE-A8F4-0ABF3208B009} : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{C19CEC72-7577-48BE-A8F4-0ABF3208B009}\2456C6B696E6F5052756D2E4F5130333631363 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{C19CEC72-7577-48BE-A8F4-0ABF3208B009}\E45647775656E4 : DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: BFlix Toolbar: {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files (x86)\bflixtoolbar\vmntemplateX.dll
BHO-X64: BFlix Toolbar - No File
BHO-X64: W2PBrowser Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO-X64: W2PBrowser Browser Helper - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: GOM Player + Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: GOM Player + Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: BFlix Toolbar: {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files (x86)\bflixtoolbar\vmntemplateX.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
AppInit_DLLs-X64: C:\windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Inuk\AppData\Roaming\Mozilla\Firefox\Profiles\km5bo8cz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z134&install_date=20111214
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z134&form=ZGAADF&install_date=20111214&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Inuk\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\windows\system32\DRIVERS\nvpciflt.sys --> C:\windows\system32\DRIVERS\nvpciflt.sys [?]
R1 ctxusbm;Citrix USB Monitor Driver;C:\windows\system32\DRIVERS\ctxusbm.sys --> C:\windows\system32\DRIVERS\ctxusbm.sys [?]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-4-20 2009704]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SSPORT;SSPORT;\??\C:\windows\system32\Drivers\SSPORT.sys --> C:\windows\system32\Drivers\SSPORT.sys [?]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\system32\DRIVERS\TurboB.sys --> C:\windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-16 2655768]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2011/03/16 18:22:46;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-8-24 246256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-30 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 250056]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-30 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Samsung UPD Service;Samsung UPD Service;"C:\windows\System32\SUPDSvc.exe" --> C:\windows\System32\SUPDSvc.exe [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\system32\DRIVERS\wdcsam64.sys --> C:\windows\system32\DRIVERS\wdcsam64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-18 19:13:08 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-12 18:49:56 -------- d-----w- C:\ProgramData\SUPERSetup
2012-07-12 18:35:37 -------- d-----w- C:\Users\Inuk\AppData\Roaming\SUPERAntiSpyware.com
2012-07-12 18:35:29 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-07-12 18:35:29 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-07-12 15:09:44 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-07-12 02:36:52 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%
.
==================== Find3M ====================
.
2012-07-11 20:05:14 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 20:05:14 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-07-03 17:46:44 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
.
============= FINISH: 21:35:22.32 ===============

Edited by Orange Blossom, 24 July 2012 - 10:19 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 PM

Posted 27 July 2012 - 12:54 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Jukeboxx

Jukeboxx
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 27 July 2012 - 11:39 AM

Hello, the computer seems to be running fine, the redirects seemed to have stopped. However I made the dumb mistake of not saving the SecurityCheck file. Everything seems to be running okay. Here is the Combofix log.

ComboFix 12-07-27.03 - Inuk 07/27/2012 12:17:46.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6056.4603 [GMT -4:00]
Running from: c:\users\Inuk\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\bflixtoolbar
c:\program files (x86)\bflixtoolbar\chrome\content\lib\about.xml
c:\program files (x86)\bflixtoolbar\chrome\content\lib\dtxpanel.xul
c:\program files (x86)\bflixtoolbar\chrome\content\lib\dtxpaneltransparent.xul
c:\program files (x86)\bflixtoolbar\chrome\content\lib\dtxpanelwin.xul
c:\program files (x86)\bflixtoolbar\chrome\content\lib\dtxprefwin.xul
c:\program files (x86)\bflixtoolbar\chrome\content\lib\dtxtransparentwin.xul
c:\program files (x86)\bflixtoolbar\chrome\content\lib\dtxwin.xul
c:\program files (x86)\bflixtoolbar\chrome\content\lib\emailnotifierproviders.xml
c:\program files (x86)\bflixtoolbar\chrome\content\lib\external.js
c:\program files (x86)\bflixtoolbar\chrome\content\lib\neterror.xhtml
c:\program files (x86)\bflixtoolbar\chrome\content\lib\rsspreview.html
c:\program files (x86)\bflixtoolbar\chrome\content\lib\rsswin.xml
c:\program files (x86)\bflixtoolbar\chrome\content\lib\rsswin.xsl
c:\program files (x86)\bflixtoolbar\chrome\content\lib\vmncode.js
c:\program files (x86)\bflixtoolbar\chrome\content\lib\wmpstreamer.html
c:\program files (x86)\bflixtoolbar\chrome\content\modules\datastore.jsm
c:\program files (x86)\bflixtoolbar\chrome\content\modules\nsDragAndDrop.js
c:\program files (x86)\bflixtoolbar\chrome\content\neterror.xhtml
c:\program files (x86)\bflixtoolbar\chrome\content\newtab\images\btn_search.gif
c:\program files (x86)\bflixtoolbar\chrome\content\newtab\images\bullet.gif
c:\program files (x86)\bflixtoolbar\chrome\content\newtab\images\field_bg.gif
c:\program files (x86)\bflixtoolbar\chrome\content\newtab\images\powered_by_yahoo.gif
c:\program files (x86)\bflixtoolbar\chrome\content\newtab\newtab.html
c:\program files (x86)\bflixtoolbar\chrome\content\newtab\newtab_mystart.html
c:\program files (x86)\bflixtoolbar\chrome\content\newtab\newtab_yahoo.html
c:\program files (x86)\bflixtoolbar\chrome\content\preferences.xml
c:\program files (x86)\bflixtoolbar\chrome\content\template.xml
c:\program files (x86)\bflixtoolbar\chrome\content\toolbar.htm
c:\program files (x86)\bflixtoolbar\chrome\content\toolbar.xul
c:\program files (x86)\bflixtoolbar\chrome\content\vmncode.js
c:\program files (x86)\bflixtoolbar\chrome\content\vmnrsswin.xml
c:\program files (x86)\bflixtoolbar\chrome\data\dynamicElements\vmntoolbar.xsl
c:\program files (x86)\bflixtoolbar\chrome\data\product.xml
c:\program files (x86)\bflixtoolbar\chrome\data\rss\rss.xml
c:\program files (x86)\bflixtoolbar\chrome\data\search\engines.xml
c:\program files (x86)\bflixtoolbar\chrome\data\search\search.xsl
c:\program files (x86)\bflixtoolbar\chrome\data\weather\icons.xml
c:\program files (x86)\bflixtoolbar\chrome\skin\1x1_png
c:\program files (x86)\bflixtoolbar\chrome\skin\1x1_white_png
c:\program files (x86)\bflixtoolbar\chrome\skin\about.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\about_logo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\arcade_png
c:\program files (x86)\bflixtoolbar\chrome\skin\babylon_logo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\bflix_logo_png
c:\program files (x86)\bflixtoolbar\chrome\skin\blank_png
c:\program files (x86)\bflixtoolbar\chrome\skin\bluelite.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\bluesky.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\btn-search-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\btn-search.png
c:\program files (x86)\bflixtoolbar\chrome\skin\btn-settings-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\btn-settings.png
c:\program files (x86)\bflixtoolbar\chrome\skin\btn-widgets-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\btn-widgets.png
c:\program files (x86)\bflixtoolbar\chrome\skin\btn_settings.png
c:\program files (x86)\bflixtoolbar\chrome\skin\ca.png
c:\program files (x86)\bflixtoolbar\chrome\skin\dictionary.png
c:\program files (x86)\bflixtoolbar\chrome\skin\divider.png
c:\program files (x86)\bflixtoolbar\chrome\skin\downloadcom.png
c:\program files (x86)\bflixtoolbar\chrome\skin\dtxlogo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\email.png
c:\program files (x86)\bflixtoolbar\chrome\skin\email_on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\facebook.png
c:\program files (x86)\bflixtoolbar\chrome\skin\facebook_png
c:\program files (x86)\bflixtoolbar\chrome\skin\games.png
c:\program files (x86)\bflixtoolbar\chrome\skin\Games_png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphna.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred0.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred0_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred1.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred1_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred2.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred2_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred3.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred3_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred4.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred4_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphredna.png
c:\program files (x86)\bflixtoolbar\chrome\skin\grey.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\ico-shield.png
c:\program files (x86)\bflixtoolbar\chrome\skin\images.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lfg_smll_png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\add.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\alexabutton.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\aol.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\arrow-dn.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\arrow-right.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\arrow-up.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btn-divider.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btn-end.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btn-mdl.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btn-start.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btnover-divider.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btnover-end.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btnover-start.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\blank.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btn-widgets-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btn-widgets.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btn_slider.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btnback-down-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btnback-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btnleft-down-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btnleft-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btnright-down-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btnright-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\button-splitter-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\button-splitter.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\checkmark.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\chevron.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\collapse.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\comcast.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\debugbar\debug.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\dtx-test.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\dtx.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\edit-back-hot.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\edit-back.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\embarq.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\expand.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\fast.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\found.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\gmail.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\gripper.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\highlight.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\highlight_blue.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\highlight_cyan.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\highlight_lime.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\highlight_magenta.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\highlight_yellow.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\hotmail.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\ico-check.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\imap.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\launchers.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\loadingMid.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\lock.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\logo-separator.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\mailcom.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menu_bg-basic.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menu_separator_bar.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menu_separator_white.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitem-splitter.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitemback-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitemleft-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitemleft.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitemright-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\minus.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\modify.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\move.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\movetarget.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\newsitem.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\css\panels.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\css\popupGames.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\default.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\main.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\footer.htm
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\gameData.js
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\gameList.xsl
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\games.xsl
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\gametype.xsl
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-back.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-next.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\ico-download.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\ico-play.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\icon-download.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\icon-play.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollb.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollt.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\widgets.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\initHTML.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\popupGames.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\popupHTML.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\popupRSS.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\popupWidgets.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\scroll.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\plus.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\pop.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\css\manager.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\css\slider.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\music-note.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-options.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\slider.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\slideron.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\track.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\managerpanel.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\volumeslider.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank0.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank0_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank1.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank1_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank2.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank2_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank3.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank3_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank4.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank4_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rankna.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\reload.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\remove.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rename.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\resize-box.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rss.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rsschannelback.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\RSSLogo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rsstabdivider.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\scroll-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\scroll-right.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\search-go.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\search.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\separator.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\text-ellipsis.xml
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\throbber.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\toolbarsplitter.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\transparent_1px.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_02.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_03.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_04.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_06.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_07.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_08.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_09.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_10.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_11.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_12.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_13.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_14.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_15.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_16.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_18.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_19.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_20.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_21.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\close-hot.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\close-normal.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\proxy.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\template.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\template.xml
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\templateFF.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\throbber.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\websiteinspector-highrisk-user.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\websiteinspector-highrisk.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\websiteinspector-lowrisk.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\websiteinspector-norating.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\websiteinspector-verified-user.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\websiteinspector-verified.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\websiteinspector-verifying.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\yahoo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lichen.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\Linked_in_png
c:\program files (x86)\bflixtoolbar\chrome\skin\logo-about.png
c:\program files (x86)\bflixtoolbar\chrome\skin\logo-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\logo-separator.png
c:\program files (x86)\bflixtoolbar\chrome\skin\logo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\mail.png
c:\program files (x86)\bflixtoolbar\chrome\skin\menuseparatorback.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\modify-save.png
c:\program files (x86)\bflixtoolbar\chrome\skin\modify.png
c:\program files (x86)\bflixtoolbar\chrome\skin\modifyhot.png
c:\program files (x86)\bflixtoolbar\chrome\skin\music.png
c:\program files (x86)\bflixtoolbar\chrome\skin\music_png
c:\program files (x86)\bflixtoolbar\chrome\skin\Myspace_png
c:\program files (x86)\bflixtoolbar\chrome\skin\namespacetoolbar.css
c:\program files (x86)\bflixtoolbar\chrome\skin\news.png
c:\program files (x86)\bflixtoolbar\chrome\skin\options-main.png
c:\program files (x86)\bflixtoolbar\chrome\skin\options-search.png
c:\program files (x86)\bflixtoolbar\chrome\skin\options\options-main.png
c:\program files (x86)\bflixtoolbar\chrome\skin\options\options-search.png
c:\program files (x86)\bflixtoolbar\chrome\skin\options\options-weather.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\options\options-weather.png
c:\program files (x86)\bflixtoolbar\chrome\skin\options\options-widgets.png
c:\program files (x86)\bflixtoolbar\chrome\skin\orange.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\p_yahoo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\pixsy.png
c:\program files (x86)\bflixtoolbar\chrome\skin\ppcbully.png
c:\program files (x86)\bflixtoolbar\chrome\skin\protect-id.png
c:\program files (x86)\bflixtoolbar\chrome\skin\relatedlinks.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-collapse.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-delete.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-expand.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-feed.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-folder-remove.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-folder-rename.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-folder.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-found.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-reload.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-subscribe.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rssback.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\rsstopback.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\search-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\search.png
c:\program files (x86)\bflixtoolbar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files (x86)\bflixtoolbar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files (x86)\bflixtoolbar\chrome\skin\settings.png
c:\program files (x86)\bflixtoolbar\chrome\skin\shopping.png
c:\program files (x86)\bflixtoolbar\chrome\skin\siteinfo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\skin-bluelite.png
c:\program files (x86)\bflixtoolbar\chrome\skin\skin-bluesky.png
c:\program files (x86)\bflixtoolbar\chrome\skin\skin-grey.png
c:\program files (x86)\bflixtoolbar\chrome\skin\skin-lichen.png
c:\program files (x86)\bflixtoolbar\chrome\skin\skin-orange.png
c:\program files (x86)\bflixtoolbar\chrome\skin\skin-yellow.png
c:\program files (x86)\bflixtoolbar\chrome\skin\skin.xml
c:\program files (x86)\bflixtoolbar\chrome\skin\technorati.png
c:\program files (x86)\bflixtoolbar\chrome\skin\throbber.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\toolbarsplitter.png
c:\program files (x86)\bflixtoolbar\chrome\skin\translate.png
c:\program files (x86)\bflixtoolbar\chrome\skin\TRUSTe_about.png
c:\program files (x86)\bflixtoolbar\chrome\skin\tv_png
c:\program files (x86)\bflixtoolbar\chrome\skin\twitter_png
c:\program files (x86)\bflixtoolbar\chrome\skin\vmn.css
c:\program files (x86)\bflixtoolbar\chrome\skin\vmn.png
c:\program files (x86)\bflixtoolbar\chrome\skin\Weather_png
c:\program files (x86)\bflixtoolbar\chrome\skin\web.png
c:\program files (x86)\bflixtoolbar\chrome\skin\websearch.png
c:\program files (x86)\bflixtoolbar\chrome\skin\wikipedia.png
c:\program files (x86)\bflixtoolbar\chrome\skin\yahoosearch.png
c:\program files (x86)\bflixtoolbar\chrome\skin\yellow.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\youtube.png
c:\program files (x86)\bflixtoolbar\chrome\skin\zoom.png
c:\program files (x86)\bflixtoolbar\components\windowmediator.js
c:\program files (x86)\bflixtoolbar\install.ico
c:\program files (x86)\bflixtoolbar\manifest.xml
c:\program files (x86)\bflixtoolbar\partner.xml
c:\program files (x86)\bflixtoolbar\uninstall.exe
c:\program files (x86)\bflixtoolbar\vmntemplate.dll
c:\program files (x86)\bflixtoolbar\vmNTemplatex.dll
c:\programdata\Roaming
c:\users\Inuk\AppData\Local\aqce.exe
c:\users\Inuk\AppData\Local\evvc.exe
c:\users\Inuk\AppData\Local\glbq.exe
c:\users\Inuk\AppData\Local\xbdq.exe
c:\users\Inuk\AppData\Roaming\Mozilla\Firefox\Profiles\km5bo8cz.default\searchplugins\bing-zugo.xml
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{eae2c803-4aaf-fd5d-4796-58d89b9ef80e}\@
c:\windows\Installer\{eae2c803-4aaf-fd5d-4796-58d89b9ef80e}\L\00000004.@
c:\windows\Installer\{eae2c803-4aaf-fd5d-4796-58d89b9ef80e}\L\1afb2d56
c:\windows\Installer\{eae2c803-4aaf-fd5d-4796-58d89b9ef80e}\L\201d3dde
c:\windows\Installer\{eae2c803-4aaf-fd5d-4796-58d89b9ef80e}\U\00000004.@
c:\windows\Installer\{eae2c803-4aaf-fd5d-4796-58d89b9ef80e}\U\00000008.@
c:\windows\Installer\{eae2c803-4aaf-fd5d-4796-58d89b9ef80e}\U\000000cb.@
c:\windows\Installer\{eae2c803-4aaf-fd5d-4796-58d89b9ef80e}\U\80000000.@
c:\windows\Installer\{eae2c803-4aaf-fd5d-4796-58d89b9ef80e}\U\80000032.@
c:\windows\Installer\{eae2c803-4aaf-fd5d-4796-58d89b9ef80e}\U\80000064.@
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy2_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 )))))))))))))))))))))))))))))))
.
.
2012-07-27 16:24 . 2012-07-27 16:24 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-27 16:24 . 2012-07-27 16:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-18 19:13 . 2012-07-18 19:13 -------- d-----w- c:\program files (x86)\ESET
2012-07-12 18:49 . 2012-07-12 18:49 -------- d-----w- c:\programdata\SUPERSetup
2012-07-12 18:35 . 2012-07-12 18:35 -------- d-----w- c:\users\Inuk\AppData\Roaming\SUPERAntiSpyware.com
2012-07-12 18:35 . 2012-07-12 18:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-12 18:35 . 2012-07-12 18:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-12 15:09 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 02:36 . 2012-07-12 02:36 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-26 22:39 . 2012-04-09 19:43 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-26 22:39 . 2011-05-29 20:11 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 15:06 . 2011-06-21 02:19 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 17:46 . 2011-05-29 20:47 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-19 16:01 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 16:01 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 16:01 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 16:01 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 16:01 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 16:01 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 16:01 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-19 16:00 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-19 16:00 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-04 11:06 . 2012-06-12 17:56 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-12 17:56 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-12 17:56 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-12 17:56 209920 ----a-w- c:\windows\system32\profsvc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 17:29 1490312 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-05-11 1242448]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/03/16 18:22;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-08-25 246256]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-31 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 250056]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-31 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-30 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-01-17 25960]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 87600]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2011-01-25 60416]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-01-17 2009704]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-08-07 11576]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-10-08 19192]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-11-10 31088]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-12-29 207656]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-01-04 8507392]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-03 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-03 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-25 409192]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2011-01-25 18432]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-11-30 42392]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 22:39]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-31 03:37]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-31 03:37]
.
2012-07-21 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 7512db34-bb47-4f40-82b9-cdeeed910658.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-07-27 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task f139b109-6fd6-4041-bf79-f0844c84e605.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-17 11613288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-03 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-03 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-03 417560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Inuk\AppData\Roaming\Mozilla\Firefox\Profiles\km5bo8cz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z134&install_date=20111214
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z134&form=ZGAADF&install_date=20111214&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-bflixtoolbar - c:\program files (x86)\bflixtoolbar\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
c:\program files (x86)\Samsung\Easy Display Manager\WifiManager.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
c:\program files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\program files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
c:\program files (x86)\Cyberlink\Shared files\brs.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
c:\program files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
.
**************************************************************************
.
Completion time: 2012-07-27 12:32:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-27 16:32
.
Pre-Run: 145,740,148,736 bytes free
Post-Run: 146,636,578,816 bytes free
.
- - End Of File - - ADEB12675DA4BD66B547C8291764FEFF

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 PM

Posted 27 July 2012 - 02:14 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Jukeboxx

Jukeboxx
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 27 July 2012 - 11:31 PM

00:29:33.0349 1480 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
00:29:33.0609 1480 ============================================================
00:29:33.0609 1480 Current date / time: 2012/07/28 00:29:33.0609
00:29:33.0609 1480 SystemInfo:
00:29:33.0609 1480
00:29:33.0609 1480 OS Version: 6.1.7601 ServicePack: 1.0
00:29:33.0609 1480 Product type: Workstation
00:29:33.0609 1480 ComputerName: MOPREME
00:29:33.0609 1480 UserName: Inuk
00:29:33.0609 1480 Windows directory: C:\windows
00:29:33.0609 1480 System windows directory: C:\windows
00:29:33.0609 1480 Running under WOW64
00:29:33.0609 1480 Processor architecture: Intel x64
00:29:33.0609 1480 Number of processors: 4
00:29:33.0609 1480 Page size: 0x1000
00:29:33.0609 1480 Boot type: Normal boot
00:29:33.0609 1480 ============================================================
00:29:33.0879 1480 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:29:33.0889 1480 ============================================================
00:29:33.0889 1480 \Device\Harddisk0\DR0:
00:29:33.0889 1480 MBR partitions:
00:29:33.0889 1480 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:29:33.0889 1480 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x19200000
00:29:33.0909 1480 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x19233000, BlocksNum 0x2EB29000
00:29:33.0909 1480 ============================================================
00:29:33.0979 1480 C: <-> \Device\Harddisk0\DR0\Partition1
00:29:34.0019 1480 D: <-> \Device\Harddisk0\DR0\Partition2
00:29:34.0019 1480 ============================================================
00:29:34.0019 1480 Initialize success
00:29:34.0019 1480 ============================================================
00:29:35.0539 5384 ============================================================
00:29:35.0539 5384 Scan started
00:29:35.0539 5384 Mode: Manual;
00:29:35.0539 5384 ============================================================
00:29:35.0759 5384 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
00:29:35.0759 5384 !SASCORE - ok
00:29:35.0949 5384 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
00:29:35.0949 5384 1394ohci - ok
00:29:36.0029 5384 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
00:29:36.0039 5384 ACPI - ok
00:29:36.0079 5384 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
00:29:36.0079 5384 AcpiPmi - ok
00:29:36.0319 5384 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:29:36.0319 5384 AdobeFlashPlayerUpdateSvc - ok
00:29:36.0379 5384 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
00:29:36.0389 5384 adp94xx - ok
00:29:36.0419 5384 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
00:29:36.0429 5384 adpahci - ok
00:29:36.0519 5384 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
00:29:36.0529 5384 adpu320 - ok
00:29:36.0569 5384 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
00:29:36.0569 5384 AeLookupSvc - ok
00:29:36.0639 5384 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
00:29:36.0649 5384 AFD - ok
00:29:36.0789 5384 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
00:29:36.0789 5384 agp440 - ok
00:29:36.0839 5384 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
00:29:36.0839 5384 ALG - ok
00:29:36.0879 5384 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
00:29:36.0879 5384 aliide - ok
00:29:36.0919 5384 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
00:29:36.0919 5384 amdide - ok
00:29:36.0969 5384 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
00:29:36.0969 5384 AmdK8 - ok
00:29:36.0989 5384 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
00:29:36.0999 5384 AmdPPM - ok
00:29:37.0069 5384 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
00:29:37.0069 5384 amdsata - ok
00:29:37.0099 5384 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
00:29:37.0099 5384 amdsbs - ok
00:29:37.0119 5384 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
00:29:37.0119 5384 amdxata - ok
00:29:37.0159 5384 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
00:29:37.0159 5384 AppID - ok
00:29:37.0229 5384 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
00:29:37.0229 5384 AppIDSvc - ok
00:29:37.0269 5384 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
00:29:37.0269 5384 Appinfo - ok
00:29:37.0319 5384 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
00:29:37.0329 5384 arc - ok
00:29:37.0379 5384 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
00:29:37.0379 5384 arcsas - ok
00:29:37.0409 5384 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
00:29:37.0409 5384 AsyncMac - ok
00:29:37.0459 5384 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
00:29:37.0469 5384 atapi - ok
00:29:37.0549 5384 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
00:29:37.0549 5384 AudioEndpointBuilder - ok
00:29:37.0559 5384 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
00:29:37.0569 5384 AudioSrv - ok
00:29:37.0609 5384 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
00:29:37.0609 5384 AxInstSV - ok
00:29:37.0689 5384 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
00:29:37.0689 5384 b06bdrv - ok
00:29:37.0719 5384 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
00:29:37.0729 5384 b57nd60a - ok
00:29:37.0879 5384 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
00:29:37.0879 5384 BBSvc - ok
00:29:37.0909 5384 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
00:29:37.0919 5384 BDESVC - ok
00:29:37.0939 5384 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
00:29:37.0939 5384 Beep - ok
00:29:38.0029 5384 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
00:29:38.0039 5384 BFE - ok
00:29:38.0099 5384 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
00:29:38.0099 5384 blbdrive - ok
00:29:38.0149 5384 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
00:29:38.0149 5384 bowser - ok
00:29:38.0179 5384 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
00:29:38.0179 5384 BrFiltLo - ok
00:29:38.0209 5384 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
00:29:38.0209 5384 BrFiltUp - ok
00:29:38.0279 5384 Bridge (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
00:29:38.0279 5384 Bridge - ok
00:29:38.0289 5384 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
00:29:38.0299 5384 BridgeMP - ok
00:29:38.0329 5384 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
00:29:38.0329 5384 Browser - ok
00:29:38.0369 5384 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\system32\DRIVERS\BrSerId.sys
00:29:38.0369 5384 Brserid - ok
00:29:38.0389 5384 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
00:29:38.0389 5384 BrSerWdm - ok
00:29:38.0459 5384 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
00:29:38.0459 5384 BrUsbMdm - ok
00:29:38.0479 5384 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\system32\DRIVERS\BrUsbSer.sys
00:29:38.0489 5384 BrUsbSer - ok
00:29:38.0529 5384 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
00:29:38.0529 5384 BTHMODEM - ok
00:29:38.0599 5384 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
00:29:38.0599 5384 bthserv - ok
00:29:38.0619 5384 catchme - ok
00:29:38.0649 5384 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
00:29:38.0649 5384 cdfs - ok
00:29:38.0699 5384 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
00:29:38.0709 5384 cdrom - ok
00:29:38.0779 5384 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
00:29:38.0779 5384 CertPropSvc - ok
00:29:38.0819 5384 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
00:29:38.0819 5384 circlass - ok
00:29:38.0869 5384 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
00:29:38.0869 5384 CLFS - ok
00:29:39.0019 5384 CLKMSVC10_38F51D56 (fe1c81a049e5c5d67c4ab7c31c899f6f) C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
00:29:39.0029 5384 CLKMSVC10_38F51D56 - ok
00:29:39.0129 5384 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:29:39.0139 5384 clr_optimization_v2.0.50727_32 - ok
00:29:39.0189 5384 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:29:39.0189 5384 clr_optimization_v2.0.50727_64 - ok
00:29:39.0289 5384 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:29:39.0289 5384 clr_optimization_v4.0.30319_32 - ok
00:29:39.0319 5384 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:29:39.0319 5384 clr_optimization_v4.0.30319_64 - ok
00:29:39.0439 5384 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\windows\system32\DRIVERS\clwvd.sys
00:29:39.0439 5384 clwvd - ok
00:29:39.0509 5384 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
00:29:39.0509 5384 CmBatt - ok
00:29:39.0539 5384 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
00:29:39.0539 5384 cmdide - ok
00:29:39.0599 5384 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys
00:29:39.0609 5384 CNG - ok
00:29:39.0659 5384 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
00:29:39.0659 5384 Compbatt - ok
00:29:39.0699 5384 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
00:29:39.0699 5384 CompositeBus - ok
00:29:39.0709 5384 COMSysApp - ok
00:29:39.0759 5384 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
00:29:39.0759 5384 crcdisk - ok
00:29:39.0799 5384 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
00:29:39.0799 5384 CryptSvc - ok
00:29:39.0859 5384 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\windows\system32\DRIVERS\ctxusbm.sys
00:29:39.0859 5384 ctxusbm - ok
00:29:39.0979 5384 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
00:29:39.0979 5384 cvhsvc - ok
00:29:40.0069 5384 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\windows\system32\DRIVERS\dc3d.sys
00:29:40.0069 5384 dc3d - ok
00:29:40.0129 5384 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
00:29:40.0129 5384 DcomLaunch - ok
00:29:40.0199 5384 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
00:29:40.0199 5384 defragsvc - ok
00:29:40.0239 5384 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
00:29:40.0249 5384 DfsC - ok
00:29:40.0319 5384 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
00:29:40.0329 5384 Dhcp - ok
00:29:40.0389 5384 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
00:29:40.0389 5384 discache - ok
00:29:40.0419 5384 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
00:29:40.0429 5384 Disk - ok
00:29:40.0479 5384 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
00:29:40.0489 5384 Dnscache - ok
00:29:40.0529 5384 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
00:29:40.0539 5384 dot3svc - ok
00:29:40.0579 5384 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
00:29:40.0579 5384 DPS - ok
00:29:40.0659 5384 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
00:29:40.0669 5384 drmkaud - ok
00:29:40.0729 5384 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
00:29:40.0739 5384 DXGKrnl - ok
00:29:40.0779 5384 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
00:29:40.0779 5384 EapHost - ok
00:29:40.0939 5384 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
00:29:41.0009 5384 ebdrv - ok
00:29:41.0159 5384 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
00:29:41.0159 5384 EFS - ok
00:29:41.0269 5384 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
00:29:41.0289 5384 ehRecvr - ok
00:29:41.0329 5384 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
00:29:41.0339 5384 ehSched - ok
00:29:41.0489 5384 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
00:29:41.0509 5384 elxstor - ok
00:29:41.0569 5384 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
00:29:41.0569 5384 ErrDev - ok
00:29:41.0649 5384 ETD (3bb2c05d9a515601e85dbf353369e672) C:\windows\system32\DRIVERS\ETD.sys
00:29:41.0649 5384 ETD - ok
00:29:41.0689 5384 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
00:29:41.0689 5384 EventSystem - ok
00:29:41.0859 5384 EvtEng (7ee9f35bc1dd0ce1a4976032f9ac5162) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
00:29:41.0879 5384 EvtEng - ok
00:29:42.0009 5384 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
00:29:42.0009 5384 exfat - ok
00:29:42.0039 5384 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
00:29:42.0039 5384 fastfat - ok
00:29:42.0099 5384 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
00:29:42.0109 5384 Fax - ok
00:29:42.0149 5384 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
00:29:42.0149 5384 fdc - ok
00:29:42.0189 5384 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
00:29:42.0189 5384 fdPHost - ok
00:29:42.0229 5384 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
00:29:42.0229 5384 FDResPub - ok
00:29:42.0259 5384 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
00:29:42.0269 5384 FileInfo - ok
00:29:42.0279 5384 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
00:29:42.0279 5384 Filetrace - ok
00:29:42.0309 5384 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
00:29:42.0309 5384 flpydisk - ok
00:29:42.0349 5384 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
00:29:42.0359 5384 FltMgr - ok
00:29:42.0449 5384 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
00:29:42.0459 5384 FontCache - ok
00:29:42.0599 5384 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:29:42.0599 5384 FontCache3.0.0.0 - ok
00:29:42.0689 5384 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
00:29:42.0699 5384 FsDepends - ok
00:29:42.0729 5384 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
00:29:42.0729 5384 Fs_Rec - ok
00:29:42.0809 5384 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
00:29:42.0809 5384 fvevol - ok
00:29:42.0839 5384 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
00:29:42.0849 5384 gagp30kx - ok
00:29:42.0959 5384 GameConsoleService (521a469caf61f00e1de081cc2099c1d6) C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
00:29:42.0959 5384 GameConsoleService - ok
00:29:43.0019 5384 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
00:29:43.0029 5384 gpsvc - ok
00:29:43.0209 5384 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:29:43.0209 5384 gupdate - ok
00:29:43.0239 5384 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:29:43.0239 5384 gupdatem - ok
00:29:43.0299 5384 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
00:29:43.0299 5384 hcw85cir - ok
00:29:43.0389 5384 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
00:29:43.0399 5384 HdAudAddService - ok
00:29:43.0429 5384 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
00:29:43.0429 5384 HDAudBus - ok
00:29:43.0479 5384 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
00:29:43.0479 5384 HidBatt - ok
00:29:43.0499 5384 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
00:29:43.0509 5384 HidBth - ok
00:29:43.0529 5384 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
00:29:43.0539 5384 HidIr - ok
00:29:43.0569 5384 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
00:29:43.0569 5384 hidserv - ok
00:29:43.0639 5384 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
00:29:43.0639 5384 HidUsb - ok
00:29:43.0679 5384 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
00:29:43.0679 5384 hkmsvc - ok
00:29:43.0739 5384 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
00:29:43.0739 5384 HomeGroupListener - ok
00:29:43.0769 5384 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
00:29:43.0769 5384 HomeGroupProvider - ok
00:29:43.0809 5384 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
00:29:43.0809 5384 HpSAMD - ok
00:29:43.0859 5384 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
00:29:43.0869 5384 HTTP - ok
00:29:43.0929 5384 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
00:29:43.0929 5384 hwpolicy - ok
00:29:43.0989 5384 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
00:29:43.0989 5384 i8042prt - ok
00:29:44.0079 5384 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\windows\system32\DRIVERS\iaStor.sys
00:29:44.0089 5384 iaStor - ok
00:29:44.0169 5384 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
00:29:44.0179 5384 iaStorV - ok
00:29:44.0299 5384 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:29:44.0319 5384 idsvc - ok
00:29:44.0829 5384 igfx (f4f91789c7c7a159ce8215c1f69f2a85) C:\windows\system32\DRIVERS\igdkmd64.sys
00:29:45.0089 5384 igfx - ok
00:29:45.0209 5384 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
00:29:45.0209 5384 iirsp - ok
00:29:45.0279 5384 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
00:29:45.0299 5384 IKEEXT - ok
00:29:45.0439 5384 IntcAzAudAddService (b54138716ec5945bae6914ad8da086c0) C:\windows\system32\drivers\RTKVHD64.sys
00:29:45.0469 5384 IntcAzAudAddService - ok
00:29:45.0609 5384 IntcDAud (ae594cc17c33ac146739494615e14851) C:\windows\system32\DRIVERS\IntcDAud.sys
00:29:45.0619 5384 IntcDAud - ok
00:29:45.0659 5384 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
00:29:45.0659 5384 intelide - ok
00:29:45.0739 5384 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
00:29:45.0739 5384 intelppm - ok
00:29:45.0769 5384 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
00:29:45.0769 5384 IPBusEnum - ok
00:29:45.0799 5384 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
00:29:45.0799 5384 IpFilterDriver - ok
00:29:45.0899 5384 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
00:29:45.0909 5384 iphlpsvc - ok
00:29:45.0949 5384 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
00:29:45.0949 5384 IPMIDRV - ok
00:29:46.0009 5384 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
00:29:46.0009 5384 IPNAT - ok
00:29:46.0039 5384 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
00:29:46.0039 5384 IRENUM - ok
00:29:46.0059 5384 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
00:29:46.0059 5384 isapnp - ok
00:29:46.0099 5384 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
00:29:46.0099 5384 iScsiPrt - ok
00:29:46.0129 5384 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
00:29:46.0129 5384 kbdclass - ok
00:29:46.0169 5384 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
00:29:46.0169 5384 kbdhid - ok
00:29:46.0219 5384 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
00:29:46.0219 5384 KeyIso - ok
00:29:46.0249 5384 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys
00:29:46.0259 5384 KSecDD - ok
00:29:46.0289 5384 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys
00:29:46.0289 5384 KSecPkg - ok
00:29:46.0369 5384 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
00:29:46.0369 5384 ksthunk - ok
00:29:46.0419 5384 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
00:29:46.0429 5384 KtmRm - ok
00:29:46.0489 5384 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
00:29:46.0489 5384 LanmanServer - ok
00:29:46.0539 5384 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
00:29:46.0539 5384 LanmanWorkstation - ok
00:29:46.0619 5384 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
00:29:46.0619 5384 lltdio - ok
00:29:46.0679 5384 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
00:29:46.0679 5384 lltdsvc - ok
00:29:46.0699 5384 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
00:29:46.0699 5384 lmhosts - ok
00:29:46.0809 5384 LMS (926eba26a8b49d1597751ced06b50862) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
00:29:46.0809 5384 LMS - ok
00:29:46.0889 5384 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
00:29:46.0889 5384 LSI_FC - ok
00:29:46.0919 5384 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
00:29:46.0919 5384 LSI_SAS - ok
00:29:46.0929 5384 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
00:29:46.0929 5384 LSI_SAS2 - ok
00:29:46.0949 5384 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
00:29:46.0949 5384 LSI_SCSI - ok
00:29:46.0969 5384 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
00:29:46.0979 5384 luafv - ok
00:29:47.0059 5384 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
00:29:47.0059 5384 McComponentHostService - ok
00:29:47.0109 5384 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
00:29:47.0109 5384 Mcx2Svc - ok
00:29:47.0129 5384 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
00:29:47.0129 5384 megasas - ok
00:29:47.0159 5384 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
00:29:47.0169 5384 MegaSR - ok
00:29:47.0199 5384 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\windows\system32\DRIVERS\HECIx64.sys
00:29:47.0199 5384 MEIx64 - ok
00:29:47.0229 5384 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
00:29:47.0239 5384 MMCSS - ok
00:29:47.0249 5384 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
00:29:47.0259 5384 Modem - ok
00:29:47.0329 5384 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
00:29:47.0329 5384 monitor - ok
00:29:47.0369 5384 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
00:29:47.0369 5384 mouclass - ok
00:29:47.0429 5384 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
00:29:47.0439 5384 mouhid - ok
00:29:47.0469 5384 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
00:29:47.0479 5384 mountmgr - ok
00:29:47.0569 5384 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:29:47.0579 5384 MozillaMaintenance - ok
00:29:47.0619 5384 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
00:29:47.0619 5384 mpio - ok
00:29:47.0659 5384 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
00:29:47.0659 5384 mpsdrv - ok
00:29:47.0759 5384 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
00:29:47.0779 5384 MpsSvc - ok
00:29:47.0859 5384 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
00:29:47.0859 5384 MRxDAV - ok
00:29:47.0899 5384 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
00:29:47.0909 5384 mrxsmb - ok
00:29:47.0969 5384 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
00:29:47.0979 5384 mrxsmb10 - ok
00:29:48.0009 5384 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
00:29:48.0009 5384 mrxsmb20 - ok
00:29:48.0039 5384 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
00:29:48.0039 5384 msahci - ok
00:29:48.0109 5384 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
00:29:48.0119 5384 msdsm - ok
00:29:48.0149 5384 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
00:29:48.0159 5384 MSDTC - ok
00:29:48.0229 5384 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
00:29:48.0229 5384 Msfs - ok
00:29:48.0249 5384 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
00:29:48.0249 5384 mshidkmdf - ok
00:29:48.0279 5384 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
00:29:48.0279 5384 msisadrv - ok
00:29:48.0449 5384 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
00:29:48.0449 5384 MSiSCSI - ok
00:29:48.0459 5384 msiserver - ok
00:29:48.0489 5384 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
00:29:48.0499 5384 MSKSSRV - ok
00:29:48.0539 5384 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
00:29:48.0539 5384 MSPCLOCK - ok
00:29:48.0559 5384 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
00:29:48.0559 5384 MSPQM - ok
00:29:48.0599 5384 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
00:29:48.0599 5384 MsRPC - ok
00:29:48.0669 5384 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
00:29:48.0679 5384 mssmbios - ok
00:29:48.0699 5384 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
00:29:48.0699 5384 MSTEE - ok
00:29:48.0719 5384 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
00:29:48.0719 5384 MTConfig - ok
00:29:48.0729 5384 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
00:29:48.0729 5384 Mup - ok
00:29:48.0819 5384 MyWiFiDHCPDNS (0cf5580f27918ffd2e165ecafa734103) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
00:29:48.0829 5384 MyWiFiDHCPDNS - ok
00:29:48.0879 5384 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
00:29:48.0889 5384 napagent - ok
00:29:48.0989 5384 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
00:29:48.0989 5384 NativeWifiP - ok
00:29:49.0089 5384 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
00:29:49.0109 5384 NDIS - ok
00:29:49.0189 5384 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
00:29:49.0189 5384 NdisCap - ok
00:29:49.0209 5384 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
00:29:49.0219 5384 NdisTapi - ok
00:29:49.0249 5384 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
00:29:49.0249 5384 Ndisuio - ok
00:29:49.0309 5384 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
00:29:49.0309 5384 NdisWan - ok
00:29:49.0349 5384 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
00:29:49.0359 5384 NDProxy - ok
00:29:49.0389 5384 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
00:29:49.0389 5384 NetBIOS - ok
00:29:49.0469 5384 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
00:29:49.0469 5384 NetBT - ok
00:29:49.0509 5384 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
00:29:49.0519 5384 Netlogon - ok
00:29:49.0609 5384 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
00:29:49.0619 5384 Netman - ok
00:29:49.0649 5384 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
00:29:49.0649 5384 netprofm - ok
00:29:49.0749 5384 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:29:49.0759 5384 NetTcpPortSharing - ok
00:29:50.0079 5384 NETwNs64 (b9c587bdaa61a689883439d5ae6fe7f3) C:\windows\system32\DRIVERS\NETwNs64.sys
00:29:50.0269 5384 NETwNs64 - ok
00:29:50.0389 5384 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
00:29:50.0389 5384 nfrd960 - ok
00:29:50.0449 5384 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
00:29:50.0449 5384 NlaSvc - ok
00:29:50.0629 5384 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
00:29:50.0649 5384 NOBU - ok
00:29:50.0769 5384 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
00:29:50.0769 5384 Npfs - ok
00:29:50.0789 5384 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
00:29:50.0799 5384 nsi - ok
00:29:50.0799 5384 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
00:29:50.0809 5384 nsiproxy - ok
00:29:50.0899 5384 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
00:29:50.0919 5384 Ntfs - ok
00:29:51.0049 5384 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
00:29:51.0059 5384 Null - ok
00:29:51.0129 5384 nusb3hub (a7127e86f9ffe2a53e271b56b2c4cedf) C:\windows\system32\DRIVERS\nusb3hub.sys
00:29:51.0129 5384 nusb3hub - ok
00:29:51.0169 5384 nusb3xhc (49bbec6f48d5f9284b03abf3a959b19b) C:\windows\system32\DRIVERS\nusb3xhc.sys
00:29:51.0169 5384 nusb3xhc - ok
00:29:51.0629 5384 nvlddmkm (fbe6ac1c3591cb67543fad15abd26bcb) C:\windows\system32\DRIVERS\nvlddmkm.sys
00:29:51.0699 5384 nvlddmkm - ok
00:29:51.0859 5384 nvpciflt (680c5baf7d0190b1485068fc4ba75f1c) C:\windows\system32\DRIVERS\nvpciflt.sys
00:29:51.0859 5384 nvpciflt - ok
00:29:51.0919 5384 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
00:29:51.0919 5384 nvraid - ok
00:29:51.0939 5384 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
00:29:51.0939 5384 nvstor - ok
00:29:52.0069 5384 NVSvc (147b0d17255fd796f990cc6f745605c5) C:\windows\system32\nvvsvc.exe
00:29:52.0089 5384 NVSvc - ok
00:29:52.0269 5384 nvUpdatusService (812bf9531c827e1d8029843cddb2b5d6) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
00:29:52.0289 5384 nvUpdatusService - ok
00:29:52.0439 5384 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
00:29:52.0439 5384 nv_agp - ok
00:29:52.0509 5384 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
00:29:52.0509 5384 ohci1394 - ok
00:29:52.0579 5384 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:29:52.0579 5384 ose - ok
00:29:52.0789 5384 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:29:52.0919 5384 osppsvc - ok
00:29:53.0089 5384 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
00:29:53.0089 5384 p2pimsvc - ok
00:29:53.0139 5384 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
00:29:53.0149 5384 p2psvc - ok
00:29:53.0239 5384 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
00:29:53.0239 5384 Parport - ok
00:29:53.0269 5384 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
00:29:53.0269 5384 partmgr - ok
00:29:53.0309 5384 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
00:29:53.0319 5384 PcaSvc - ok
00:29:53.0359 5384 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
00:29:53.0369 5384 pci - ok
00:29:53.0389 5384 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
00:29:53.0389 5384 pciide - ok
00:29:53.0429 5384 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
00:29:53.0429 5384 pcmcia - ok
00:29:53.0459 5384 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
00:29:53.0459 5384 pcw - ok
00:29:53.0499 5384 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
00:29:53.0509 5384 PEAUTH - ok
00:29:53.0619 5384 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
00:29:53.0619 5384 PerfHost - ok
00:29:53.0739 5384 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
00:29:53.0769 5384 pla - ok
00:29:53.0879 5384 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
00:29:53.0889 5384 PlugPlay - ok
00:29:53.0909 5384 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
00:29:53.0909 5384 PNRPAutoReg - ok
00:29:53.0939 5384 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
00:29:53.0949 5384 PNRPsvc - ok
00:29:53.0989 5384 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
00:29:53.0999 5384 PolicyAgent - ok
00:29:54.0089 5384 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
00:29:54.0099 5384 Power - ok
00:29:54.0179 5384 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
00:29:54.0189 5384 PptpMiniport - ok
00:29:54.0249 5384 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
00:29:54.0249 5384 Processor - ok
00:29:54.0299 5384 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
00:29:54.0299 5384 ProfSvc - ok
00:29:54.0339 5384 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
00:29:54.0339 5384 ProtectedStorage - ok
00:29:54.0389 5384 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
00:29:54.0389 5384 Psched - ok
00:29:54.0479 5384 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
00:29:54.0499 5384 ql2300 - ok
00:29:54.0659 5384 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
00:29:54.0669 5384 ql40xx - ok
00:29:54.0709 5384 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
00:29:54.0719 5384 QWAVE - ok
00:29:54.0739 5384 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
00:29:54.0739 5384 QWAVEdrv - ok
00:29:54.0759 5384 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
00:29:54.0759 5384 RasAcd - ok
00:29:54.0789 5384 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
00:29:54.0789 5384 RasAgileVpn - ok
00:29:54.0819 5384 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
00:29:54.0819 5384 RasAuto - ok
00:29:54.0859 5384 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
00:29:54.0869 5384 Rasl2tp - ok
00:29:54.0959 5384 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
00:29:54.0969 5384 RasMan - ok
00:29:54.0999 5384 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
00:29:55.0009 5384 RasPppoe - ok
00:29:55.0019 5384 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
00:29:55.0019 5384 RasSstp - ok
00:29:55.0069 5384 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
00:29:55.0069 5384 rdbss - ok
00:29:55.0089 5384 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
00:29:55.0089 5384 rdpbus - ok
00:29:55.0109 5384 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
00:29:55.0109 5384 RDPCDD - ok
00:29:55.0179 5384 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
00:29:55.0179 5384 RDPENCDD - ok
00:29:55.0189 5384 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
00:29:55.0189 5384 RDPREFMP - ok
00:29:55.0229 5384 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
00:29:55.0229 5384 RDPWD - ok
00:29:55.0319 5384 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
00:29:55.0319 5384 rdyboost - ok
00:29:55.0479 5384 RegSrvc (aa9fd849c028ccb441a78061b57db734) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
00:29:55.0489 5384 RegSrvc - ok
00:29:55.0559 5384 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
00:29:55.0569 5384 RemoteAccess - ok
00:29:55.0609 5384 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
00:29:55.0609 5384 RemoteRegistry - ok
00:29:55.0749 5384 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
00:29:55.0749 5384 RichVideo - ok
00:29:55.0809 5384 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
00:29:55.0819 5384 RpcEptMapper - ok
00:29:55.0849 5384 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
00:29:55.0849 5384 RpcLocator - ok
00:29:55.0909 5384 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
00:29:55.0919 5384 RpcSs - ok
00:29:55.0989 5384 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
00:29:55.0999 5384 rspndr - ok
00:29:56.0049 5384 RTL8167 (bfe0ef0c4c15820698f50ad73af5e35f) C:\windows\system32\DRIVERS\Rt64win7.sys
00:29:56.0049 5384 RTL8167 - ok
00:29:56.0179 5384 rtport (4ca0dba9e224473d664c25e411f5a3bd) C:\windows\SysWOW64\drivers\rtport.sys
00:29:56.0179 5384 rtport - ok
00:29:56.0259 5384 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\windows\system32\Drivers\SABI.sys
00:29:56.0259 5384 SABI - ok
00:29:56.0299 5384 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
00:29:56.0299 5384 SamSs - ok
00:29:56.0349 5384 Samsung UPD Service (d641337b75b9a9d5ae10687aa1097755) C:\windows\System32\SUPDSvc.exe
00:29:56.0359 5384 Samsung UPD Service - ok
00:29:56.0459 5384 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
00:29:56.0459 5384 SASDIFSV - ok
00:29:56.0519 5384 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
00:29:56.0519 5384 SASKUTIL - ok
00:29:56.0569 5384 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
00:29:56.0569 5384 sbp2port - ok
00:29:56.0599 5384 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
00:29:56.0609 5384 SCardSvr - ok
00:29:56.0679 5384 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
00:29:56.0679 5384 scfilter - ok
00:29:56.0759 5384 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
00:29:56.0779 5384 Schedule - ok
00:29:56.0809 5384 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
00:29:56.0819 5384 SCPolicySvc - ok
00:29:56.0849 5384 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
00:29:56.0849 5384 SDRSVC - ok
00:29:56.0979 5384 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
00:29:56.0989 5384 SeaPort - ok
00:29:57.0059 5384 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
00:29:57.0059 5384 secdrv - ok
00:29:57.0089 5384 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
00:29:57.0089 5384 seclogon - ok
00:29:57.0159 5384 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
00:29:57.0169 5384 SENS - ok
00:29:57.0179 5384 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
00:29:57.0189 5384 SensrSvc - ok
00:29:57.0199 5384 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
00:29:57.0199 5384 Serenum - ok
00:29:57.0229 5384 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
00:29:57.0229 5384 Serial - ok
00:29:57.0309 5384 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
00:29:57.0319 5384 sermouse - ok
00:29:57.0349 5384 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
00:29:57.0359 5384 SessionEnv - ok
00:29:57.0389 5384 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
00:29:57.0389 5384 sffdisk - ok
00:29:57.0399 5384 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
00:29:57.0399 5384 sffp_mmc - ok
00:29:57.0409 5384 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
00:29:57.0409 5384 sffp_sd - ok
00:29:57.0429 5384 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
00:29:57.0429 5384 sfloppy - ok
00:29:57.0539 5384 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
00:29:57.0549 5384 Sftfs - ok
00:29:57.0669 5384 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
00:29:57.0669 5384 sftlist - ok
00:29:57.0719 5384 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
00:29:57.0719 5384 Sftplay - ok
00:29:57.0729 5384 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
00:29:57.0729 5384 Sftredir - ok
00:29:57.0769 5384 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
00:29:57.0769 5384 Sftvol - ok
00:29:57.0819 5384 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
00:29:57.0829 5384 sftvsa - ok
00:29:57.0929 5384 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
00:29:57.0939 5384 SharedAccess - ok
00:29:58.0019 5384 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
00:29:58.0019 5384 ShellHWDetection - ok
00:29:58.0069 5384 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
00:29:58.0069 5384 SiSRaid2 - ok
00:29:58.0089 5384 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
00:29:58.0089 5384 SiSRaid4 - ok
00:29:58.0179 5384 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
00:29:58.0179 5384 SkypeUpdate - ok
00:29:58.0209 5384 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
00:29:58.0219 5384 Smb - ok
00:29:58.0279 5384 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
00:29:58.0279 5384 SNMPTRAP - ok
00:29:58.0319 5384 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
00:29:58.0319 5384 spldr - ok
00:29:58.0379 5384 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
00:29:58.0389 5384 Spooler - ok
00:29:58.0549 5384 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
00:29:58.0639 5384 sppsvc - ok
00:29:58.0759 5384 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
00:29:58.0759 5384 sppuinotify - ok
00:29:58.0839 5384 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
00:29:58.0839 5384 srv - ok
00:29:58.0869 5384 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
00:29:58.0879 5384 srv2 - ok
00:29:58.0899 5384 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
00:29:58.0909 5384 srvnet - ok
00:29:58.0989 5384 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
00:29:58.0999 5384 SSDPSRV - ok
00:29:59.0039 5384 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\windows\system32\Drivers\SSPORT.sys
00:29:59.0039 5384 SSPORT - ok
00:29:59.0089 5384 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
00:29:59.0099 5384 SstpSvc - ok
00:29:59.0149 5384 Steam Client Service - ok
00:29:59.0189 5384 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
00:29:59.0189 5384 stexstor - ok
00:29:59.0289 5384 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys
00:29:59.0299 5384 StillCam - ok
00:29:59.0359 5384 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
00:29:59.0369 5384 stisvc - ok
00:29:59.0399 5384 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
00:29:59.0399 5384 swenum - ok
00:29:59.0449 5384 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
00:29:59.0459 5384 swprv - ok
00:29:59.0579 5384 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
00:29:59.0589 5384 SysMain - ok
00:29:59.0749 5384 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
00:29:59.0759 5384 TabletInputService - ok
00:29:59.0819 5384 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
00:29:59.0829 5384 TapiSrv - ok
00:29:59.0869 5384 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
00:29:59.0869 5384 TBS - ok
00:30:00.0039 5384 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
00:30:00.0059 5384 Tcpip - ok
00:30:00.0319 5384 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
00:30:00.0339 5384 TCPIP6 - ok
00:30:00.0489 5384 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
00:30:00.0489 5384 tcpipreg - ok
00:30:00.0529 5384 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
00:30:00.0539 5384 TDPIPE - ok
00:30:00.0559 5384 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
00:30:00.0569 5384 TDTCP - ok
00:30:00.0599 5384 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
00:30:00.0599 5384 tdx - ok
00:30:00.0639 5384 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
00:30:00.0649 5384 TermDD - ok
00:30:00.0699 5384 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
00:30:00.0709 5384 TermService - ok
00:30:00.0739 5384 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
00:30:00.0739 5384 Themes - ok
00:30:00.0779 5384 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
00:30:00.0779 5384 THREADORDER - ok
00:30:00.0789 5384 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
00:30:00.0789 5384 TrkWks - ok
00:30:00.0869 5384 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
00:30:00.0869 5384 TrustedInstaller - ok
00:30:00.0939 5384 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
00:30:00.0939 5384 tssecsrv - ok
00:30:00.0979 5384 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
00:30:00.0989 5384 TsUsbFlt - ok
00:30:01.0069 5384 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
00:30:01.0079 5384 tunnel - ok
00:30:01.0109 5384 TurboB (48743b69ea47c020a792d8649f753f44) C:\windows\system32\DRIVERS\TurboB.sys
00:30:01.0119 5384 TurboB - ok
00:30:01.0239 5384 TurboBoost (759f59e3ea3802ff23f93dcdb6fe9171) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
00:30:01.0249 5384 TurboBoost - ok
00:30:01.0279 5384 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
00:30:01.0279 5384 uagp35 - ok
00:30:01.0319 5384 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
00:30:01.0329 5384 udfs - ok
00:30:01.0369 5384 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
00:30:01.0369 5384 UI0Detect - ok
00:30:01.0449 5384 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
00:30:01.0459 5384 uliagpkx - ok
00:30:01.0489 5384 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
00:30:01.0499 5384 umbus - ok
00:30:01.0559 5384 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
00:30:01.0559 5384 UmPass - ok
00:30:01.0749 5384 UNS (fdf92ec84fecee834fb10a2a0a19bcda) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
00:30:01.0789 5384 UNS - ok
00:30:01.0899 5384 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
00:30:01.0909 5384 upnphost - ok
00:30:01.0989 5384 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
00:30:01.0999 5384 usbccgp - ok
00:30:02.0049 5384 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
00:30:02.0049 5384 usbcir - ok
00:30:02.0069 5384 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
00:30:02.0079 5384 usbehci - ok
00:30:02.0119 5384 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
00:30:02.0119 5384 usbhub - ok
00:30:02.0159 5384 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
00:30:02.0159 5384 usbohci - ok
00:30:02.0229 5384 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
00:30:02.0229 5384 usbprint - ok
00:30:02.0259 5384 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
00:30:02.0259 5384 usbscan - ok
00:30:02.0279 5384 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
00:30:02.0279 5384 USBSTOR - ok
00:30:02.0309 5384 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
00:30:02.0309 5384 usbuhci - ok
00:30:02.0399 5384 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
00:30:02.0409 5384 usbvideo - ok
00:30:02.0439 5384 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
00:30:02.0449 5384 UxSms - ok
00:30:02.0509 5384 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
00:30:02.0509 5384 VaultSvc - ok
00:30:02.0559 5384 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
00:30:02.0559 5384 vdrvroot - ok
00:30:02.0609 5384 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
00:30:02.0629 5384 vds - ok
00:30:02.0679 5384 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
00:30:02.0679 5384 vga - ok
00:30:02.0699 5384 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
00:30:02.0699 5384 VgaSave - ok
00:30:02.0729 5384 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
00:30:02.0739 5384 vhdmp - ok
00:30:02.0769 5384 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
00:30:02.0769 5384 viaide - ok
00:30:02.0809 5384 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
00:30:02.0819 5384 volmgr - ok
00:30:02.0869 5384 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
00:30:02.0879 5384 volmgrx - ok
00:30:02.0929 5384 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
00:30:02.0939 5384 volsnap - ok
00:30:03.0009 5384 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
00:30:03.0009 5384 vsmraid - ok
00:30:03.0109 5384 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
00:30:03.0139 5384 VSS - ok
00:30:03.0289 5384 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
00:30:03.0289 5384 vwifibus - ok
00:30:03.0359 5384 VWiFiFlt (13a0decd1794de60a8427862c8669d27) C:\windows\system32\DRIVERS\vwififlt.sys
00:30:03.0359 5384 VWiFiFlt - ok
00:30:03.0389 5384 vwifimp (49003b357d101cdc474937437ecf5abc) C:\windows\system32\DRIVERS\vwifimp.sys
00:30:03.0389 5384 vwifimp - ok
00:30:03.0429 5384 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
00:30:03.0439 5384 W32Time - ok
00:30:03.0469 5384 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
00:30:03.0469 5384 WacomPen - ok
00:30:03.0539 5384 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
00:30:03.0539 5384 WANARP - ok
00:30:03.0549 5384 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
00:30:03.0549 5384 Wanarpv6 - ok
00:30:03.0639 5384 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
00:30:03.0659 5384 WatAdminSvc - ok
00:30:03.0739 5384 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
00:30:03.0769 5384 wbengine - ok
00:30:03.0899 5384 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
00:30:03.0909 5384 WbioSrvc - ok
00:30:03.0959 5384 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
00:30:03.0969 5384 wcncsvc - ok
00:30:04.0039 5384 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
00:30:04.0049 5384 WcsPlugInService - ok
00:30:04.0109 5384 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
00:30:04.0109 5384 Wd - ok
00:30:04.0139 5384 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\windows\system32\DRIVERS\wdcsam64.sys
00:30:04.0149 5384 WDC_SAM - ok
00:30:04.0199 5384 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
00:30:04.0209 5384 Wdf01000 - ok
00:30:04.0239 5384 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
00:30:04.0239 5384 WdiServiceHost - ok
00:30:04.0239 5384 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
00:30:04.0249 5384 WdiSystemHost - ok
00:30:04.0289 5384 wdkmd (94dc2bf6cbaaa95e369c3756d3115a76) C:\windows\system32\DRIVERS\WDKMD.sys
00:30:04.0289 5384 wdkmd - ok
00:30:04.0319 5384 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
00:30:04.0319 5384 WebClient - ok
00:30:04.0399 5384 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
00:30:04.0399 5384 Wecsvc - ok
00:30:04.0419 5384 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
00:30:04.0429 5384 wercplsupport - ok
00:30:04.0449 5384 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
00:30:04.0459 5384 WerSvc - ok
00:30:04.0529 5384 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
00:30:04.0529 5384 WfpLwf - ok
00:30:04.0559 5384 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
00:30:04.0559 5384 WIMMount - ok
00:30:04.0629 5384 WinDefend - ok
00:30:04.0639 5384 WinHttpAutoProxySvc - ok
00:30:04.0689 5384 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
00:30:04.0689 5384 Winmgmt - ok
00:30:04.0849 5384 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
00:30:04.0869 5384 WinRM - ok
00:30:05.0049 5384 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
00:30:05.0059 5384 WinUsb - ok
00:30:05.0119 5384 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
00:30:05.0139 5384 Wlansvc - ok
00:30:05.0249 5384 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:30:05.0249 5384 wlcrasvc - ok
00:30:05.0369 5384 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:30:05.0399 5384 wlidsvc - ok
00:30:05.0569 5384 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
00:30:05.0569 5384 WmiAcpi - ok
00:30:05.0619 5384 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
00:30:05.0629 5384 wmiApSrv - ok
00:30:05.0649 5384 WMPNetworkSvc - ok
00:30:05.0679 5384 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
00:30:05.0679 5384 WPCSvc - ok
00:30:05.0739 5384 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
00:30:05.0739 5384 WPDBusEnum - ok
00:30:05.0769 5384 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
00:30:05.0769 5384 ws2ifsl - ok
00:30:05.0809 5384 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
00:30:05.0809 5384 wscsvc - ok
00:30:05.0809 5384 WSearch - ok
00:30:05.0949 5384 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
00:30:05.0969 5384 wuauserv - ok
00:30:06.0129 5384 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
00:30:06.0139 5384 WudfPf - ok
00:30:06.0169 5384 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
00:30:06.0179 5384 WUDFRd - ok
00:30:06.0219 5384 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
00:30:06.0219 5384 wudfsvc - ok
00:30:06.0259 5384 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
00:30:06.0269 5384 WwanSvc - ok
00:30:06.0349 5384 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
00:30:06.0579 5384 \Device\Harddisk0\DR0 - ok
00:30:06.0579 5384 Boot (0x1200) (fb05a3756a8fbf06ab31dcb5a1393388) \Device\Harddisk0\DR0\Partition0
00:30:06.0589 5384 \Device\Harddisk0\DR0\Partition0 - ok
00:30:06.0599 5384 Boot (0x1200) (e7985e10b1fd477c4aed2845c7d4ecdf) \Device\Harddisk0\DR0\Partition1
00:30:06.0599 5384 \Device\Harddisk0\DR0\Partition1 - ok
00:30:06.0629 5384 Boot (0x1200) (cc664193686d6ece8dba5f3ed3e0343d) \Device\Harddisk0\DR0\Partition2
00:30:06.0629 5384 \Device\Harddisk0\DR0\Partition2 - ok
00:30:06.0629 5384 ============================================================
00:30:06.0629 5384 Scan finished
00:30:06.0629 5384 ============================================================
00:30:06.0639 3460 Detected object count: 0
00:30:06.0639 3460 Actual detected object count: 0





And






aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-28 00:31:14
-----------------------------
00:31:14.168 OS Version: Windows x64 6.1.7601 Service Pack 1
00:31:14.168 Number of processors: 4 586 0x2A07
00:31:14.168 ComputerName: MOPREME UserName: Inuk
00:31:14.588 Initialize success
00:31:22.568 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:31:22.568 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 610480MB BusType: 3
00:31:22.578 Disk 0 MBR read successfully
00:31:22.588 Disk 0 MBR scan
00:31:22.588 Disk 0 unknown MBR code
00:31:22.598 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
00:31:22.608 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 205824 MB offset 206848
00:31:22.618 Disk 0 Partition - 00 0F Extended LBA 382547 MB offset 421734400
00:31:22.648 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 22006 MB offset 1205190656
00:31:22.688 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 382546 MB offset 421736448
00:31:22.788 Disk 0 scanning C:\windows\system32\drivers
00:31:31.708 Service scanning
00:31:52.558 Modules scanning
00:31:52.568 Disk 0 trace - called modules:
00:31:52.588 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
00:31:52.598 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e4f060]
00:31:52.608 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005f43050]
00:31:52.618 Scan finished successfully
00:32:07.808 Disk 0 MBR has been saved successfully to "C:\Users\Inuk\Desktop\MBR.dat"
00:32:07.808 The log file has been saved successfully to "C:\Users\Inuk\Desktop\aswMBR.txt"

Edited by Jukeboxx, 27 July 2012 - 11:32 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 PM

Posted 27 July 2012 - 11:59 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\Ask.com

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Jukeboxx

Jukeboxx
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 28 July 2012 - 10:19 AM

I think I must inform you that before I started running the script the computer gave me quite as scare as I turned it on but realized soon the system file could not find the desktop and all of its icons were gone. The problem is fixed now, but is this anything I should worry about?

ComboFix 12-07-27.03 - Inuk 07/28/2012 10:50:44.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6055.4138 [GMT -4:00]
Running from: c:\users\Inuk\Downloads\ComboFix.exe
Command switches used :: c:\users\Inuk\Desktop\CFscript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\assets\oobe\b.png
c:\program files (x86)\Ask.com\assets\oobe\bl.png
c:\program files (x86)\Ask.com\assets\oobe\br.png
c:\program files (x86)\Ask.com\assets\oobe\l.png
c:\program files (x86)\Ask.com\assets\oobe\pointer.png
c:\program files (x86)\Ask.com\assets\oobe\r.png
c:\program files (x86)\Ask.com\assets\oobe\t.png
c:\program files (x86)\Ask.com\assets\oobe\tl.png
c:\program files (x86)\Ask.com\assets\oobe\tr.png
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\fv_8b1f.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\precache.exe
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\Updater\config.xml
c:\program files (x86)\Ask.com\Updater\Updater.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-28 )))))))))))))))))))))))))))))))
.
.
2012-07-28 14:57 . 2012-07-28 14:57 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-28 14:57 . 2012-07-28 14:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-28 14:41 . 2012-07-28 14:41 -------- d-----w- c:\users\Default\AppData\Roaming\Intel
2012-07-28 14:41 . 2012-07-28 14:41 -------- d-----w- c:\users\Default\AppData\Local\Power2Go
2012-07-27 16:39 . 2012-07-16 06:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{33D062A9-2BC7-4452-BDC3-0B51BA9D098C}\mpengine.dll
2012-07-18 19:13 . 2012-07-18 19:13 -------- d-----w- c:\program files (x86)\ESET
2012-07-12 18:49 . 2012-07-12 18:49 -------- d-----w- c:\programdata\SUPERSetup
2012-07-12 18:35 . 2012-07-12 18:35 -------- d-----w- c:\users\Inuk\AppData\Roaming\SUPERAntiSpyware.com
2012-07-12 18:35 . 2012-07-12 18:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-12 18:35 . 2012-07-12 18:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-12 15:09 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 02:36 . 2012-07-12 02:36 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-26 22:39 . 2012-04-09 19:43 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-26 22:39 . 2011-05-29 20:11 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 15:06 . 2011-06-21 02:19 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 17:46 . 2011-05-29 20:47 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-19 16:01 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 16:01 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 16:01 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 16:01 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 16:01 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 16:01 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 16:01 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-19 16:00 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-19 16:00 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-04 11:06 . 2012-06-12 17:56 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-12 17:56 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-12 17:56 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-12 17:56 209920 ----a-w- c:\windows\system32\profsvc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-27_16.25.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-28 14:57 . 2012-07-28 14:57 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-07-27 16:24 . 2012-07-27 16:24 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-03-16 10:38 . 2012-07-28 14:45 49668 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-28 14:45 35932 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-30 01:12 . 2012-07-28 14:45 15192 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3007334548-303238922-589925700-1001_UserData.bin
+ 2011-06-18 02:00 . 2012-07-27 16:33 5930 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-07-27 16:25 . 2012-07-27 16:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-28 14:58 . 2012-07-28 14:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-28 14:58 . 2012-07-28 14:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-27 16:25 . 2012-07-27 16:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-30 00:10 . 2012-07-28 04:18 276202 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-07-27 15:41 624864 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-28 15:02 624864 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-27 15:41 106950 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-28 15:02 106950 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-07-28 14:57 233276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-27 16:24 233276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-30 00:15 . 2012-07-28 14:57 27167364 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3007334548-303238922-589925700-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-05-11 1242448]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/03/16 18:22;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-08-25 246256]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-31 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 250056]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-31 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-30 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-01-17 25960]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 87600]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2011-01-25 60416]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-01-17 2009704]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-08-07 11576]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-10-08 19192]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-11-10 31088]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-12-29 207656]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-01-04 8507392]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-03 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-03 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-25 409192]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2011-01-25 18432]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-11-30 42392]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 22:39]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-31 03:37]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-31 03:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-17 11613288]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-03 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-03 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-03 417560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Inuk\AppData\Roaming\Mozilla\Firefox\Profiles\km5bo8cz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z134&install_date=20111214
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z134&form=ZGAADF&install_date=20111214&q=
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Wow6432Node-HKLM-Run-ApnUpdater - c:\program files (x86)\Ask.com\Updater\Updater.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Samsung\Easy Display Manager\WifiManager.exe
c:\program files (x86)\Cyberlink\Shared files\brs.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
c:\program files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
c:\program files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
.
**************************************************************************
.
Completion time: 2012-07-28 11:13:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-28 15:13
ComboFix2.txt 2012-07-27 16:32
.
Pre-Run: 146,180,665,344 bytes free
Post-Run: 146,047,483,904 bytes free
.
- - End Of File - - A61B9A06309639D4FF0063C2AD5C3530

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 PM

Posted 28 July 2012 - 12:09 PM

Hello

It is something to keep an eye on.

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Jukeboxx

Jukeboxx
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 30 July 2012 - 02:37 PM

Thanks a bunch, Gringo!

???? ??? Windows Live
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
???????? ?????????? Windows Live
?????????? Windows Live
??????????? ?? Windows Live
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1
Agatha Christie - Death on the Nile
Ask Toolbar
„Windows Live Essentials“
„Windows Live Mail“
„Windows Live Messenger“
„Windows Live“ fotogalerija
BatteryLifeExtender
Bejeweled 2 Deluxe
BFlix Toolbar
Bing Bar
Brother MFL-Pro Suite MFC-8660DN
Build-a-lot
ChargeableUSB
Chuzzle Deluxe
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
CyberLink Media Suite
CyberLink MediaShow
CyberLink Power2Go
CyberLink PowerDirector
CyberLink PowerDVD 10
CyberLink YouCam
D3DX10
Day of Defeat
Diner Dash 2 Restaurant Rescue
Easy Content Share
Easy Display Manager
Easy Migration
Easy Network Manager
Easy SpeedUp Manager
EasyBatteryManager
EasyFileShare
ESET Online Scanner v3
Farm Frenzy
Fast Start
Fotogalerija Windows Live
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
GOM Player
Google Chrome
Google Update Helper
Half-Life
Half-Life 2
Insaniquarium Deluxe
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® Wireless Display
John Deere Drive Green
Juniper Networks Host Checker
Juniper Networks, Inc. Setup Client
Junk Mail filter update
Malwarebytes Anti-Malware version 1.62.0.1300
McAfee Security Scan Plus
Mesh Runtime
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Movie Color Enhancer
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird (3.1.13)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia POP
Norton Online Backup
Peggle
Penguins!
Plants vs. Zombies
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Polar Golfer
Pošta Windows Live
Raccolta foto di Windows Live
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
S?????? f?t???af??? t?? Windows Live
Samsung AnyWeb Print
Samsung Recovery Solution 5
Samsung Support Center 1.0
Samsung Universal Print Driver
Samsung Universal Scan Driver
Samsung Update Plus
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype Click to Call
Skype™ 5.10
Spotify
Steam
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
User Guide
WildTangent Games
WildTangent ORB Game Console
Windows Live
Windows Live ??
Windows Live ?? ???
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Foto-galerija
Windows Live fotoattelu galerija
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Pošta
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
WinRAR 4.01 (32-bit)
Zuma Deluxe

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 PM

Posted 30 July 2012 - 09:18 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.1
Ask Toolbar
BFlix Toolbar
Bing Bar
McAfee Security Scan Plus
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 PM

Posted 02 August 2012 - 11:25 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Jukeboxx

Jukeboxx
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 04 August 2012 - 06:23 PM

Sorry for the late response. Been a little busy lately. Here is the MBAM log and the HIJACKTHIS log. When I ran it it says that it wouldn't be able to make changes to the Host file. The only other problem I had was when I was uninstalling Ask toolbar with Revo. It said that it wasn't able to remove a toolbar.dll file.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.04.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Inuk :: MOPREME [administrator]

8/4/2012 7:18:41 PM
mbam-log-2012-08-04 (19-18-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213514
Time elapsed: 2 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:24:08 PM, on 8/4/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Users\Inuk\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: W2PBrowser Browser Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: GOM Player + Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://www.pb3476.org/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: CyberLink Product - 2011/03/16 18:22:46 (CLKMSVC10_38F51D56) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Samsung UPD Service - Unknown owner - C:\windows\System32\SUPDSvc.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Intel® Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10754 bytes

Edited by Jukeboxx, 04 August 2012 - 06:26 PM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 PM

Posted 04 August 2012 - 07:02 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 PM

Posted 06 August 2012 - 11:18 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 PM

Posted 10 August 2012 - 07:20 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users