Trojan.Maljavagen23 & various PUBs

Solved
By glhglh
Aug 1, 2012
  1. glhglh

    glhglh TechSpot Maniac Topic Starter Posts: 324

    inorder to post the above, I rebooted, opened techstop, and it took three times to post. the only way
    I get to post is to have my left hand ready to paste, and the mouse on the post reply button, and post it right away.

    this is strange.
  2. glhglh

    glhglh TechSpot Maniac Topic Starter Posts: 324

    is there a program to see if the network or router has been hacked, and someone is using it to send things out?

    when I find that one of the computers' connection has been changed from domain.local to public network #2, and look at the local area connection status, the "sent" activity is higher by a factor of 10 then the received. different than when it is right.
  3. Broni

    Broni Malware Annihilator Posts: 45,316   +243

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    Attached Files:

  4. glhglh

    glhglh TechSpot Maniac Topic Starter Posts: 324

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
    Ran by SYSTEM at 2012-08-07 15:02:41 Run:1
    Running from E:\
    ==============================================

    The operation completed successfully.
    The operation completed successfully.
    ==== End of Fixlog ====
  5. glhglh

    glhglh TechSpot Maniac Topic Starter Posts: 324

    15:10:45.0254 2756 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    15:10:45.0332 2756 ============================================================
    15:10:45.0332 2756 Current date / time: 2012/08/07 15:10:45.0332
    15:10:45.0332 2756 SystemInfo:
    15:10:45.0332 2756
    15:10:45.0332 2756 OS Version: 6.0.6002 ServicePack: 2.0
    15:10:45.0332 2756 Product type: Workstation
    15:10:45.0332 2756 ComputerName: BEN-DEL
    15:10:45.0332 2756 UserName: Benjamin
    15:10:45.0332 2756 Windows directory: C:\Windows
    15:10:45.0332 2756 System windows directory: C:\Windows
    15:10:45.0332 2756 Processor architecture: Intel x86
    15:10:45.0332 2756 Number of processors: 2
    15:10:45.0332 2756 Page size: 0x1000
    15:10:45.0332 2756 Boot type: Normal boot
    15:10:45.0332 2756 ============================================================
    15:10:47.0438 2756 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    15:10:47.0453 2756 Drive \Device\Harddisk1\DR1 - Size: 0x3BA800000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    15:10:47.0453 2756 ============================================================
    15:10:47.0453 2756 \Device\Harddisk0\DR0:
    15:10:47.0453 2756 MBR partitions:
    15:10:47.0453 2756 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
    15:10:47.0453 2756 \Device\Harddisk1\DR1:
    15:10:47.0453 2756 MBR partitions:
    15:10:47.0453 2756 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x1F80, BlocksNum 0x1DD2080
    15:10:47.0453 2756 ============================================================
    15:10:47.0516 2756 C: <-> \Device\Harddisk0\DR0\Partition0
    15:10:47.0516 2756 ============================================================
    15:10:47.0516 2756 Initialize success
    15:10:47.0516 2756 ============================================================
    15:10:57.0235 2148 ============================================================
    15:10:57.0250 2148 Scan started
    15:10:57.0250 2148 Mode: Manual;
    15:10:57.0250 2148 ============================================================
    15:10:58.0030 2148 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    15:10:58.0046 2148 ACPI - ok
    15:10:58.0249 2148 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    15:10:58.0373 2148 AdobeFlashPlayerUpdateSvc - ok
    15:10:58.0483 2148 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    15:10:58.0498 2148 adp94xx - ok
    15:10:58.0654 2148 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    15:10:58.0670 2148 adpahci - ok
    15:10:58.0701 2148 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    15:10:58.0717 2148 adpu160m - ok
    15:10:58.0763 2148 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    15:10:58.0779 2148 adpu320 - ok
    15:10:58.0841 2148 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
    15:10:58.0841 2148 AeLookupSvc - ok
    15:10:58.0904 2148 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
    15:10:58.0919 2148 AFD - ok
    15:10:58.0966 2148 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    15:10:58.0966 2148 agp440 - ok
    15:10:59.0013 2148 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    15:10:59.0013 2148 aic78xx - ok
    15:10:59.0029 2148 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
    15:10:59.0044 2148 ALG - ok
    15:10:59.0060 2148 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    15:10:59.0075 2148 aliide - ok
    15:10:59.0122 2148 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    15:10:59.0122 2148 amdagp - ok
    15:10:59.0169 2148 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    15:10:59.0169 2148 amdide - ok
    15:10:59.0263 2148 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    15:10:59.0263 2148 AmdK7 - ok
    15:10:59.0278 2148 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    15:10:59.0294 2148 AmdK8 - ok
    15:10:59.0341 2148 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
    15:10:59.0341 2148 Appinfo - ok
    15:10:59.0403 2148 AppMgmt (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll
    15:10:59.0419 2148 AppMgmt - ok
    15:10:59.0450 2148 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    15:10:59.0450 2148 arc - ok
    15:10:59.0497 2148 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    15:10:59.0497 2148 arcsas - ok
    15:10:59.0528 2148 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    15:10:59.0528 2148 AsyncMac - ok
    15:10:59.0575 2148 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    15:10:59.0575 2148 atapi - ok
    15:10:59.0668 2148 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
    15:10:59.0684 2148 AudioEndpointBuilder - ok
    15:10:59.0699 2148 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
    15:10:59.0699 2148 Audiosrv - ok
    15:10:59.0793 2148 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
    15:10:59.0809 2148 b57nd60x - ok
    15:10:59.0871 2148 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    15:10:59.0871 2148 Beep - ok
    15:10:59.0965 2148 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
    15:10:59.0980 2148 BFE - ok
    15:11:00.0448 2148 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20120711.012\BHDrvx86.sys
    15:11:00.0464 2148 BHDrvx86 - ok
    15:11:00.0573 2148 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
    15:11:00.0604 2148 BITS - ok
    15:11:00.0667 2148 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    15:11:00.0667 2148 blbdrive - ok
    15:11:00.0713 2148 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    15:11:00.0713 2148 bowser - ok
    15:11:00.0791 2148 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    15:11:00.0791 2148 BrFiltLo - ok
    15:11:00.0823 2148 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    15:11:00.0838 2148 BrFiltUp - ok
    15:11:00.0916 2148 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
    15:11:00.0916 2148 Browser - ok
    15:11:00.0994 2148 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    15:11:00.0994 2148 Brserid - ok
    15:11:01.0010 2148 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    15:11:01.0025 2148 BrSerWdm - ok
    15:11:01.0041 2148 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    15:11:01.0041 2148 BrUsbMdm - ok
    15:11:01.0072 2148 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    15:11:01.0088 2148 BrUsbSer - ok
    15:11:01.0119 2148 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    15:11:01.0119 2148 BTHMODEM - ok
    15:11:01.0587 2148 catchme - ok
    15:11:01.0634 2148 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    15:11:01.0634 2148 cdfs - ok
    15:11:01.0727 2148 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    15:11:01.0727 2148 cdrom - ok
    15:11:01.0790 2148 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
    15:11:01.0790 2148 CertPropSvc - ok
    15:11:01.0868 2148 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    15:11:01.0868 2148 circlass - ok
    15:11:01.0930 2148 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    15:11:01.0946 2148 CLFS - ok
    15:11:02.0039 2148 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    15:11:02.0039 2148 clr_optimization_v2.0.50727_32 - ok
    15:11:02.0117 2148 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    15:11:02.0117 2148 clr_optimization_v4.0.30319_32 - ok
    15:11:02.0195 2148 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    15:11:02.0195 2148 CmBatt - ok
    15:11:02.0320 2148 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    15:11:02.0320 2148 cmdide - ok
    15:11:02.0351 2148 COH_Mon - ok
    15:11:02.0383 2148 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    15:11:02.0383 2148 Compbatt - ok
    15:11:02.0398 2148 COMSysApp - ok
    15:11:02.0414 2148 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    15:11:02.0414 2148 crcdisk - ok
    15:11:02.0461 2148 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    15:11:02.0461 2148 Crusoe - ok
    15:11:02.0523 2148 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
    15:11:02.0523 2148 CryptSvc - ok
    15:11:02.0648 2148 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
    15:11:02.0663 2148 CSC - ok
    15:11:02.0741 2148 CscService (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll
    15:11:02.0741 2148 CscService - ok
    15:11:02.0866 2148 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
    15:11:02.0975 2148 DcomLaunch - ok
    15:11:03.0100 2148 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
    15:11:03.0116 2148 DfsC - ok
    15:11:03.0724 2148 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
    15:11:03.0802 2148 DFSR - ok
    15:11:04.0442 2148 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
    15:11:04.0442 2148 Dhcp - ok
    15:11:04.0551 2148 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    15:11:04.0551 2148 disk - ok
    15:11:04.0582 2148 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
    15:11:04.0582 2148 Dnscache - ok
    15:11:04.0769 2148 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
    15:11:04.0801 2148 dot3svc - ok
    15:11:04.0863 2148 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
    15:11:04.0863 2148 DPS - ok
    15:11:04.0941 2148 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    15:11:04.0941 2148 drmkaud - ok
    15:11:05.0113 2148 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    15:11:05.0128 2148 DXGKrnl - ok
    15:11:05.0191 2148 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    15:11:05.0191 2148 E1G60 - ok
    15:11:05.0331 2148 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
    15:11:05.0331 2148 EapHost - ok
    15:11:05.0409 2148 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    15:11:05.0409 2148 Ecache - ok
    15:11:05.0643 2148 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    15:11:05.0643 2148 eeCtrl - ok
    15:11:05.0737 2148 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    15:11:05.0752 2148 elxstor - ok
    15:11:06.0142 2148 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
    15:11:06.0205 2148 EMDMgmt - ok
    15:11:06.0376 2148 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    15:11:06.0376 2148 EraserUtilRebootDrv - ok
    15:11:06.0439 2148 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    15:11:06.0439 2148 ErrDev - ok
    15:11:06.0548 2148 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
    15:11:06.0548 2148 EventSystem - ok
    15:11:06.0626 2148 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    15:11:06.0626 2148 exfat - ok
    15:11:06.0782 2148 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    15:11:06.0782 2148 fastfat - ok
    15:11:06.0875 2148 Fax (dfba0f60fa301e5b1bfb1403a93ee23e) C:\Windows\system32\fxssvc.exe
    15:11:06.0891 2148 Fax - ok
    15:11:06.0938 2148 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    15:11:06.0938 2148 fdc - ok
    15:11:07.0016 2148 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
    15:11:07.0016 2148 fdPHost - ok
    15:11:07.0047 2148 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
    15:11:07.0047 2148 FDResPub - ok
    15:11:07.0063 2148 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    15:11:07.0063 2148 FileInfo - ok
    15:11:07.0109 2148 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    15:11:07.0109 2148 Filetrace - ok
    15:11:07.0125 2148 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    15:11:07.0125 2148 flpydisk - ok
    15:11:07.0172 2148 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    15:11:07.0172 2148 FltMgr - ok
    15:11:07.0312 2148 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
    15:11:07.0343 2148 FontCache - ok
    15:11:07.0484 2148 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    15:11:07.0484 2148 FontCache3.0.0.0 - ok
    15:11:07.0515 2148 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    15:11:07.0515 2148 Fs_Rec - ok
    15:11:07.0562 2148 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    15:11:07.0562 2148 gagp30kx - ok
    15:11:07.0671 2148 Giraffic - ok
    15:11:07.0952 2148 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
    15:11:07.0967 2148 gpsvc - ok
    15:11:08.0061 2148 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
    15:11:08.0092 2148 HdAudAddService - ok
    15:11:08.0186 2148 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    15:11:08.0217 2148 HDAudBus - ok
    15:11:08.0264 2148 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    15:11:08.0279 2148 HidBth - ok
    15:11:08.0326 2148 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    15:11:08.0342 2148 HidIr - ok
    15:11:08.0389 2148 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
    15:11:08.0389 2148 hidserv - ok
    15:11:08.0451 2148 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    15:11:08.0451 2148 HidUsb - ok
    15:11:08.0482 2148 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
    15:11:08.0482 2148 hkmsvc - ok
    15:11:08.0513 2148 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    15:11:08.0529 2148 HpCISSs - ok
    15:11:08.0607 2148 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    15:11:08.0607 2148 HSFHWAZL - ok
    15:11:08.0716 2148 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
    15:11:08.0779 2148 HSF_DPV - ok
    15:11:08.0903 2148 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    15:11:08.0919 2148 HTTP - ok
    15:11:08.0966 2148 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    15:11:08.0981 2148 i2omp - ok
    15:11:09.0059 2148 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    15:11:09.0059 2148 i8042prt - ok
    15:11:09.0278 2148 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    15:11:09.0309 2148 iaStorV - ok
    15:11:09.0902 2148 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    15:11:09.0949 2148 idsvc - ok
    15:11:10.0261 2148 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20120801.001\IDSvix86.sys
    15:11:10.0276 2148 IDSVix86 - ok
    15:11:11.0899 2148 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    15:11:11.0914 2148 iirsp - ok
    15:11:12.0398 2148 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
    15:11:12.0491 2148 IKEEXT - ok
    15:11:12.0647 2148 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    15:11:12.0647 2148 intelide - ok
    15:11:12.0725 2148 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    15:11:12.0725 2148 intelppm - ok
    15:11:12.0866 2148 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
    15:11:12.0866 2148 IPBusEnum - ok
    15:11:12.0944 2148 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    15:11:12.0959 2148 IpFilterDriver - ok
    15:11:13.0318 2148 iphlpsvc (7f83b06a929a981bc001b2ea304d2036) C:\Windows\System32\iphlpsvc.dll
    15:11:13.0443 2148 iphlpsvc - ok
    15:11:13.0459 2148 IpInIp - ok
    15:11:13.0599 2148 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    15:11:13.0615 2148 IPMIDRV - ok
    15:11:13.0646 2148 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    15:11:13.0677 2148 IPNAT - ok
    15:11:13.0755 2148 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    15:11:13.0771 2148 IRENUM - ok
    15:11:13.0802 2148 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    15:11:13.0817 2148 isapnp - ok
    15:11:14.0051 2148 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    15:11:14.0067 2148 iScsiPrt - ok
    15:11:14.0114 2148 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    15:11:14.0129 2148 iteatapi - ok
    15:11:14.0176 2148 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    15:11:14.0192 2148 iteraid - ok
    15:11:14.0223 2148 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    15:11:14.0223 2148 kbdclass - ok
    15:11:14.0285 2148 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    15:11:14.0285 2148 kbdhid - ok
    15:11:14.0410 2148 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    15:11:14.0410 2148 KeyIso - ok
    15:11:14.0894 2148 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
    15:11:15.0065 2148 KSecDD - ok
    15:11:15.0752 2148 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
    15:11:15.0783 2148 KtmRm - ok
    15:11:15.0877 2148 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
    15:11:15.0892 2148 LanmanServer - ok
    15:11:16.0048 2148 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
    15:11:16.0048 2148 LanmanWorkstation - ok
    15:11:16.0173 2148 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    15:11:16.0173 2148 lltdio - ok
    15:11:16.0501 2148 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
    15:11:16.0594 2148 lltdsvc - ok
    15:11:16.0641 2148 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
    15:11:16.0641 2148 lmhosts - ok
    15:11:16.0844 2148 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    15:11:16.0891 2148 LSI_FC - ok
    15:11:16.0969 2148 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    15:11:17.0000 2148 LSI_SAS - ok
    15:11:17.0125 2148 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    15:11:17.0187 2148 LSI_SCSI - ok
    15:11:17.0312 2148 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    15:11:17.0343 2148 luafv - ok
    15:11:17.0546 2148 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    15:11:17.0577 2148 megasas - ok
    15:11:18.0825 2148 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    15:11:19.0043 2148 MegaSR - ok
    15:11:19.0184 2148 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
    15:11:19.0184 2148 MMCSS - ok
    15:11:19.0293 2148 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    15:11:19.0293 2148 Modem - ok
    15:11:19.0667 2148 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    15:11:19.0667 2148 monitor - ok
    15:11:19.0886 2148 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    15:11:19.0886 2148 mouclass - ok
    15:11:19.0964 2148 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    15:11:19.0979 2148 mouhid - ok
    15:11:20.0213 2148 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    15:11:20.0229 2148 MountMgr - ok
    15:11:20.0900 2148 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    15:11:20.0947 2148 MozillaMaintenance - ok
    15:11:21.0524 2148 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    15:11:21.0571 2148 mpio - ok
    15:11:21.0820 2148 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    15:11:21.0820 2148 mpsdrv - ok
    15:11:22.0522 2148 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
    15:11:22.0600 2148 MpsSvc - ok
    15:11:22.0694 2148 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    15:11:22.0709 2148 Mraid35x - ok
    15:11:23.0037 2148 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    15:11:23.0084 2148 MRxDAV - ok
    15:11:23.0146 2148 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    15:11:23.0146 2148 mrxsmb - ok
    15:11:23.0739 2148 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    15:11:23.0755 2148 mrxsmb10 - ok
    15:11:24.0051 2148 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    15:11:24.0082 2148 mrxsmb20 - ok
    15:11:24.0207 2148 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
    15:11:24.0223 2148 msahci - ok
    15:11:24.0410 2148 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    15:11:24.0503 2148 msdsm - ok
    15:11:24.0675 2148 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
    15:11:24.0722 2148 MSDTC - ok
    15:11:24.0847 2148 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    15:11:24.0878 2148 Msfs - ok
    15:11:24.0987 2148 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    15:11:24.0987 2148 msisadrv - ok
    15:11:25.0424 2148 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
    15:11:25.0455 2148 MSiSCSI - ok
    15:11:25.0455 2148 msiserver - ok
    15:11:25.0564 2148 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    15:11:25.0564 2148 MSKSSRV - ok
    15:11:25.0627 2148 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    15:11:25.0658 2148 MSPCLOCK - ok
    15:11:25.0720 2148 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    15:11:25.0736 2148 MSPQM - ok
    15:11:25.0814 2148 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    15:11:25.0923 2148 MsRPC - ok
    15:11:25.0985 2148 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    15:11:25.0985 2148 mssmbios - ok
    15:11:26.0032 2148 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    15:11:26.0032 2148 MSTEE - ok
    15:11:26.0219 2148 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    15:11:26.0235 2148 Mup - ok
    15:11:26.0921 2148 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
    15:11:27.0046 2148 napagent - ok
    15:11:27.0514 2148 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
  6. glhglh

    glhglh TechSpot Maniac Topic Starter Posts: 324

    15:11:27.0608 2148 NativeWifiP - ok
    15:11:28.0497 2148 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120801.004\NAVENG.SYS
    15:11:28.0497 2148 NAVENG - ok
    15:11:32.0023 2148 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120801.004\NAVEX15.SYS
    15:11:32.0054 2148 NAVEX15 - ok
    15:11:33.0177 2148 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    15:11:33.0193 2148 NDIS - ok
    15:11:33.0255 2148 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    15:11:33.0255 2148 NdisTapi - ok
    15:11:33.0271 2148 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    15:11:33.0286 2148 Ndisuio - ok
    15:11:33.0317 2148 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    15:11:33.0317 2148 NdisWan - ok
    15:11:33.0364 2148 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    15:11:33.0364 2148 NDProxy - ok
    15:11:33.0395 2148 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    15:11:33.0395 2148 NetBIOS - ok
    15:11:33.0551 2148 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    15:11:33.0567 2148 netbt - ok
    15:11:33.0661 2148 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    15:11:33.0661 2148 Netlogon - ok
    15:11:33.0848 2148 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
    15:11:33.0863 2148 Netman - ok
    15:11:33.0926 2148 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
    15:11:33.0941 2148 netprofm - ok
    15:11:34.0051 2148 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    15:11:34.0066 2148 NetTcpPortSharing - ok
    15:11:34.0534 2148 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
    15:11:35.0080 2148 NETw3v32 - ok
    15:11:35.0860 2148 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    15:11:35.0860 2148 nfrd960 - ok
    15:11:35.0985 2148 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
    15:11:35.0985 2148 NlaSvc - ok
    15:11:36.0094 2148 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    15:11:36.0094 2148 Npfs - ok
    15:11:36.0188 2148 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
    15:11:36.0188 2148 nsi - ok
    15:11:36.0219 2148 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    15:11:36.0235 2148 nsiproxy - ok
    15:11:36.0609 2148 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    15:11:36.0905 2148 Ntfs - ok
    15:11:36.0937 2148 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    15:11:36.0983 2148 ntrigdigi - ok
    15:11:37.0030 2148 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    15:11:37.0046 2148 Null - ok
    15:11:38.0091 2148 nvlddmkm (cfddedc1151839dd71f78472645214a5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    15:11:38.0684 2148 nvlddmkm - ok
    15:11:39.0542 2148 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    15:11:39.0557 2148 nvraid - ok
    15:11:39.0604 2148 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    15:11:39.0604 2148 nvstor - ok
    15:11:39.0776 2148 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    15:11:39.0776 2148 nv_agp - ok
    15:11:39.0791 2148 NwlnkFlt - ok
    15:11:39.0807 2148 NwlnkFwd - ok
    15:11:40.0150 2148 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    15:11:40.0166 2148 odserv - ok
    15:11:40.0228 2148 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
    15:11:40.0228 2148 ohci1394 - ok
    15:11:40.0400 2148 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    15:11:40.0400 2148 ose - ok
    15:11:40.0696 2148 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    15:11:40.0883 2148 p2pimsvc - ok
    15:11:40.0915 2148 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    15:11:40.0930 2148 p2psvc - ok
    15:11:41.0008 2148 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    15:11:41.0024 2148 Parport - ok
    15:11:41.0086 2148 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    15:11:41.0086 2148 partmgr - ok
    15:11:41.0149 2148 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    15:11:41.0149 2148 Parvdm - ok
    15:11:41.0211 2148 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
    15:11:41.0227 2148 PcaSvc - ok
    15:11:41.0320 2148 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    15:11:41.0320 2148 pci - ok
    15:11:41.0383 2148 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
    15:11:41.0398 2148 pciide - ok
    15:11:41.0523 2148 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
    15:11:41.0554 2148 pcmcia - ok
    15:11:41.0835 2148 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    15:11:42.0053 2148 PEAUTH - ok
    15:11:43.0005 2148 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
    15:11:43.0301 2148 pla - ok
    15:11:43.0988 2148 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
    15:11:44.0003 2148 PlugPlay - ok
    15:11:44.0159 2148 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    15:11:44.0175 2148 PNRPAutoReg - ok
    15:11:44.0206 2148 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    15:11:44.0222 2148 PNRPsvc - ok
    15:11:44.0471 2148 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
    15:11:44.0487 2148 PolicyAgent - ok
    15:11:44.0643 2148 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    15:11:44.0659 2148 PptpMiniport - ok
    15:11:44.0721 2148 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    15:11:44.0752 2148 Processor - ok
    15:11:44.0877 2148 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
    15:11:44.0877 2148 ProfSvc - ok
    15:11:44.0971 2148 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    15:11:44.0971 2148 ProtectedStorage - ok
    15:11:45.0049 2148 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    15:11:45.0064 2148 PSched - ok
    15:11:45.0657 2148 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    15:11:46.0359 2148 ql2300 - ok
    15:11:46.0702 2148 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    15:11:46.0749 2148 ql40xx - ok
    15:11:46.0999 2148 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
    15:11:47.0030 2148 QWAVE - ok
    15:11:47.0092 2148 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    15:11:47.0092 2148 QWAVEdrv - ok
    15:11:47.0170 2148 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    15:11:47.0186 2148 RasAcd - ok
    15:11:47.0435 2148 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
    15:11:47.0451 2148 RasAuto - ok
    15:11:47.0638 2148 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    15:11:47.0716 2148 Rasl2tp - ok
    15:11:48.0278 2148 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
    15:11:48.0325 2148 RasMan - ok
    15:11:48.0403 2148 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    15:11:48.0418 2148 RasPppoe - ok
    15:11:48.0559 2148 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    15:11:48.0559 2148 RasSstp - ok
    15:11:48.0777 2148 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    15:11:48.0855 2148 rdbss - ok
    15:11:48.0917 2148 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    15:11:48.0949 2148 RDPCDD - ok
    15:11:49.0307 2148 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
    15:11:49.0354 2148 rdpdr - ok
    15:11:49.0417 2148 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    15:11:49.0417 2148 RDPENCDD - ok
    15:11:49.0682 2148 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
    15:11:49.0697 2148 RDPWD - ok
    15:11:49.0822 2148 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
    15:11:49.0869 2148 RemoteAccess - ok
    15:11:50.0072 2148 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
    15:11:50.0087 2148 RemoteRegistry - ok
    15:11:50.0165 2148 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
    15:11:50.0181 2148 RpcLocator - ok
    15:11:50.0977 2148 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
    15:11:50.0992 2148 RpcSs - ok
    15:11:51.0101 2148 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    15:11:51.0117 2148 rspndr - ok
    15:11:51.0211 2148 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    15:11:51.0226 2148 SamSs - ok
    15:11:51.0460 2148 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    15:11:51.0491 2148 sbp2port - ok
    15:11:51.0881 2148 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
    15:11:51.0881 2148 SCardSvr - ok
    15:11:52.0739 2148 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
    15:11:52.0880 2148 Schedule - ok
    15:11:52.0989 2148 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
    15:11:52.0989 2148 SCPolicySvc - ok
    15:11:53.0114 2148 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
    15:11:53.0129 2148 SDRSVC - ok
    15:11:53.0176 2148 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    15:11:53.0176 2148 secdrv - ok
    15:11:53.0254 2148 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
    15:11:53.0254 2148 seclogon - ok
    15:11:53.0301 2148 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
    15:11:53.0317 2148 SENS - ok
    15:11:53.0769 2148 SepMasterService (7e2c360b6cc0d87b8ef38439b53dfc71) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
    15:11:53.0769 2148 SepMasterService - ok
    15:11:53.0847 2148 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
    15:11:53.0847 2148 Serenum - ok
    15:11:54.0034 2148 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
    15:11:54.0050 2148 Serial - ok
    15:11:54.0143 2148 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    15:11:54.0159 2148 sermouse - ok
    15:11:54.0331 2148 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
    15:11:54.0346 2148 SessionEnv - ok
    15:11:54.0409 2148 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
  7. glhglh

    glhglh TechSpot Maniac Topic Starter Posts: 324

    15:11:54.0424 2148 sffdisk - ok
    15:11:54.0502 2148 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    15:11:54.0502 2148 sffp_mmc - ok
    15:11:54.0596 2148 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    15:11:54.0611 2148 sffp_sd - ok
    15:11:54.0674 2148 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    15:11:54.0689 2148 sfloppy - ok
    15:11:55.0189 2148 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
    15:11:55.0204 2148 SharedAccess - ok
    15:11:55.0532 2148 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
    15:11:55.0532 2148 ShellHWDetection - ok
    15:11:55.0641 2148 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    15:11:55.0688 2148 sisagp - ok
    15:11:55.0766 2148 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    15:11:55.0781 2148 SiSRaid2 - ok
    15:11:56.0031 2148 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    15:11:56.0093 2148 SiSRaid4 - ok
    15:11:58.0714 2148 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
    15:11:58.0777 2148 slsvc - ok
    15:11:59.0479 2148 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
    15:11:59.0494 2148 SLUINotify - ok
    15:11:59.0603 2148 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    15:11:59.0619 2148 Smb - ok
    15:12:00.0321 2148 SmcService (9fffea13a6181f1a92edbf023cdb6efd) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
    15:12:00.0352 2148 SmcService - ok
    15:12:00.0633 2148 SNAC (c83d26a2f51d8887b99acf86b7299716) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe
    15:12:00.0649 2148 SNAC - ok
    15:12:01.0288 2148 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
    15:12:01.0288 2148 SNMPTRAP - ok
    15:12:01.0429 2148 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    15:12:01.0444 2148 spldr - ok
    15:12:01.0538 2148 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
    15:12:01.0538 2148 Spooler - ok
    15:12:02.0006 2148 SRTSP (d1646b3db1e401a7fce2f82547d0ce32) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SRTSP.SYS
    15:12:02.0006 2148 SRTSP - ok
    15:12:02.0162 2148 SRTSPX (ab26657d755cc81f073892d833de426b) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SRTSPX.SYS
    15:12:02.0177 2148 SRTSPX - ok
    15:12:02.0318 2148 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    15:12:02.0333 2148 srv - ok
    15:12:02.0505 2148 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    15:12:02.0536 2148 srv2 - ok
    15:12:02.0567 2148 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    15:12:02.0567 2148 srvnet - ok
    15:12:02.0708 2148 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
    15:12:02.0723 2148 SSDPSRV - ok
    15:12:02.0864 2148 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
    15:12:02.0864 2148 SstpSvc - ok
    15:12:03.0519 2148 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
    15:12:03.0613 2148 stisvc - ok
    15:12:03.0706 2148 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    15:12:03.0706 2148 swenum - ok
    15:12:03.0940 2148 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
    15:12:04.0003 2148 swprv - ok
    15:12:04.0081 2148 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    15:12:04.0081 2148 Symc8xx - ok
    15:12:04.0346 2148 SymDS (4f52d56310fef75249914f352dde7d13) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMDS.SYS
    15:12:04.0361 2148 SymDS - ok
    15:12:04.0595 2148 SymEFA (6c30d676b806ed0324124c85146b46bc) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMEFA.SYS
    15:12:04.0751 2148 SymEFA - ok
    15:12:04.0829 2148 SymEvent (98d28d08e68145fb550ee7670b43baf2) C:\Windows\system32\Drivers\SYMEVENT.SYS
    15:12:04.0829 2148 SymEvent - ok
    15:12:04.0954 2148 SymIRON (057ac299d7a61bab2a1bdc483280ae57) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\Ironx86.SYS
    15:12:04.0954 2148 SymIRON - ok
    15:12:05.0235 2148 SYMTDIV (d42a7229e333af725f1445f785e4658d) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMTDIV.SYS
    15:12:05.0703 2148 SYMTDIV - ok
    15:12:05.0781 2148 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    15:12:05.0781 2148 Sym_hi - ok
    15:12:05.0828 2148 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    15:12:05.0859 2148 Sym_u3 - ok
    15:12:07.0466 2148 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
    15:12:07.0700 2148 SysMain - ok
    15:12:07.0918 2148 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
    15:12:07.0918 2148 TabletInputService - ok
    15:12:08.0043 2148 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
    15:12:08.0137 2148 TapiSrv - ok
    15:12:08.0277 2148 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
    15:12:08.0277 2148 TBS - ok
    15:12:11.0116 2148 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
    15:12:11.0771 2148 Tcpip - ok
    15:12:11.0818 2148 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
    15:12:11.0834 2148 Tcpip6 - ok
    15:12:11.0943 2148 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    15:12:11.0959 2148 tcpipreg - ok
    15:12:12.0395 2148 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    15:12:12.0411 2148 TDPIPE - ok
    15:12:12.0458 2148 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    15:12:12.0458 2148 TDTCP - ok
    15:12:12.0629 2148 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    15:12:12.0629 2148 tdx - ok
    15:12:13.0363 2148 Teefer2 (1734c9a8fa3b853a221a8d937e0e23b4) C:\Windows\system32\DRIVERS\Teefer.sys
    15:12:13.0363 2148 Teefer2 - ok
    15:12:13.0831 2148 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    15:12:13.0846 2148 TermDD - ok
    15:12:15.0859 2148 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
    15:12:15.0952 2148 TermService - ok
    15:12:16.0061 2148 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
    15:12:16.0077 2148 Themes - ok
    15:12:16.0186 2148 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
    15:12:16.0186 2148 THREADORDER - ok
    15:12:16.0280 2148 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
    15:12:16.0295 2148 TrkWks - ok
    15:12:16.0389 2148 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
    15:12:16.0389 2148 TrustedInstaller - ok
    15:12:16.0498 2148 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    15:12:16.0498 2148 tssecsrv - ok
    15:12:16.0592 2148 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    15:12:16.0623 2148 tunmp - ok
    15:12:16.0685 2148 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
    15:12:16.0701 2148 tunnel - ok
    15:12:16.0748 2148 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    15:12:16.0779 2148 uagp35 - ok
    15:12:16.0873 2148 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    15:12:16.0888 2148 udfs - ok
    15:12:16.0966 2148 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
    15:12:16.0982 2148 UI0Detect - ok
    15:12:17.0029 2148 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    15:12:17.0044 2148 uliagpkx - ok
    15:12:17.0122 2148 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    15:12:17.0122 2148 uliahci - ok
    15:12:17.0325 2148 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    15:12:17.0325 2148 UlSata - ok
    15:12:17.0731 2148 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    15:12:17.0731 2148 ulsata2 - ok
    15:12:17.0777 2148 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    15:12:17.0777 2148 umbus - ok
    15:12:17.0965 2148 UmRdpService (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll
    15:12:17.0965 2148 UmRdpService - ok
    15:12:18.0417 2148 Updater Service for StartNow Toolbar (87d6b7229afbba2ea523e28c5137c980) C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
    15:12:18.0573 2148 Updater Service for StartNow Toolbar - ok
    15:12:18.0682 2148 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
    15:12:18.0713 2148 upnphost - ok
    15:12:18.0854 2148 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
    15:12:18.0869 2148 usbaudio - ok
    15:12:18.0994 2148 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    15:12:19.0010 2148 usbccgp - ok
    15:12:19.0135 2148 USBCCID (32c068eaf37c92d7194eee1faa1e7853) C:\Windows\system32\DRIVERS\usbccid.sys
    15:12:19.0135 2148 USBCCID - ok
    15:12:19.0213 2148 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    15:12:19.0244 2148 usbcir - ok
    15:12:19.0369 2148 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    15:12:19.0384 2148 usbehci - ok
    15:12:19.0556 2148 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    15:12:19.0556 2148 usbhub - ok
    15:12:19.0649 2148 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    15:12:19.0649 2148 usbohci - ok
    15:12:19.0696 2148 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
    15:12:19.0712 2148 usbprint - ok
    15:12:19.0868 2148 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    15:12:19.0868 2148 USBSTOR - ok
    15:12:19.0977 2148 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    15:12:19.0977 2148 usbuhci - ok
    15:12:20.0055 2148 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
    15:12:20.0055 2148 UxSms - ok
    15:12:20.0180 2148 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
    15:12:20.0211 2148 vds - ok
    15:12:20.0258 2148 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    15:12:20.0305 2148 vga - ok
    15:12:20.0383 2148 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    15:12:20.0398 2148 VgaSave - ok
    15:12:20.0617 2148 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    15:12:20.0632 2148 viaagp - ok
    15:12:20.0726 2148 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    15:12:20.0726 2148 ViaC7 - ok
    15:12:20.0788 2148 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    15:12:20.0788 2148 viaide - ok
    15:12:20.0835 2148 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    15:12:20.0913 2148 volmgr - ok
    15:12:21.0053 2148 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    15:12:21.0069 2148 volmgrx - ok
    15:12:21.0631 2148 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    15:12:22.0426 2148 volsnap - ok
    15:12:22.0535 2148 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    15:12:22.0894 2148 vsmraid - ok
    15:12:24.0563 2148 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
    15:12:24.0595 2148 VSS - ok
    15:12:25.0109 2148 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
    15:12:25.0125 2148 W32Time - ok
    15:12:25.0250 2148 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    15:12:25.0250 2148 WacomPen - ok
    15:12:25.0390 2148 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    15:12:25.0390 2148 Wanarp - ok
    15:12:25.0390 2148 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    15:12:25.0406 2148 Wanarpv6 - ok
    15:12:25.0687 2148 wbengine (20b23332885dfb93fe0185362ee811e9) C:\Windows\system32\wbengine.exe
    15:12:25.0765 2148 wbengine - ok
    15:12:25.0858 2148 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
    15:12:25.0905 2148 wcncsvc - ok
    15:12:25.0999 2148 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
    15:12:26.0014 2148 WcsPlugInService - ok
    15:12:26.0170 2148 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    15:12:26.0170 2148 Wd - ok
    15:12:26.0264 2148 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    15:12:26.0295 2148 Wdf01000 - ok
    15:12:26.0326 2148 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
    15:12:26.0342 2148 WdiServiceHost - ok
    15:12:26.0357 2148 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
    15:12:26.0357 2148 WdiSystemHost - ok
    15:12:26.0716 2148 Web Assistant Updater (efb3074bdbabe0a137d89d8e58f02392) C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
    15:12:26.0794 2148 Web Assistant Updater - ok
    15:12:26.0857 2148 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
    15:12:26.0903 2148 WebClient - ok
    15:12:27.0933 2148 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
    15:12:28.0042 2148 Wecsvc - ok
    15:12:28.0541 2148 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
    15:12:28.0557 2148 wercplsupport - ok
    15:12:28.0869 2148 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
    15:12:28.0885 2148 WerSvc - ok
    15:12:29.0212 2148 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
    15:12:31.0412 2148 winachsf - ok
    15:12:31.0833 2148 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
    15:12:34.0875 2148 WinDefend - ok
    15:12:34.0891 2148 WinHttpAutoProxySvc - ok
    15:12:36.0965 2148 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
    15:12:37.0012 2148 Winmgmt - ok
    15:12:39.0633 2148 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
    15:12:39.0758 2148 WinRM - ok
    15:12:40.0928 2148 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
    15:12:41.0053 2148 Wlansvc - ok
    15:12:41.0131 2148 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    15:12:41.0131 2148 WmiAcpi - ok
    15:12:41.0755 2148 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
    15:12:41.0801 2148 wmiApSrv - ok
    15:12:46.0294 2148 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
    15:12:46.0887 2148 WMPNetworkSvc - ok
    15:12:47.0449 2148 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
    15:12:47.0464 2148 WPDBusEnum - ok
    15:12:51.0380 2148 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    15:12:51.0427 2148 WPFFontCache_v0400 - ok
    15:12:51.0661 2148 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    15:12:51.0661 2148 ws2ifsl - ok
    15:12:51.0785 2148 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
    15:12:51.0832 2148 wscsvc - ok
    15:12:51.0832 2148 WSearch - ok
    15:12:56.0231 2148 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
    15:12:56.0777 2148 wuauserv - ok
    15:12:58.0634 2148 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    15:12:58.0665 2148 WUDFRd - ok
    15:12:58.0837 2148 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
    15:12:58.0852 2148 wudfsvc - ok
    15:12:58.0899 2148 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    15:13:00.0958 2148 \Device\Harddisk0\DR0 - ok
    15:13:00.0958 2148 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR1
    15:13:02.0596 2148 \Device\Harddisk1\DR1 - ok
    15:13:02.0627 2148 Boot (0x1200) (19ed1f8a7a82eaef25a488b38142a1ca) \Device\Harddisk0\DR0\Partition0
    15:13:02.0643 2148 \Device\Harddisk0\DR0\Partition0 - ok
    15:13:02.0659 2148 Boot (0x1200) (219f82527275bce1d68b1f36baf336a1) \Device\Harddisk1\DR1\Partition0
    15:13:02.0659 2148 \Device\Harddisk1\DR1\Partition0 - ok
    15:13:02.0659 2148 ============================================================
    15:13:02.0659 2148 Scan finished
    15:13:02.0659 2148 ============================================================
    15:13:02.0690 3184 Detected object count: 0
    15:13:02.0690 3184 Actual detected object count: 0

    Description:
    A problem caused this program to stop interacting with Windows.
    Files that help describe the problem:
    C:\Users\garyh\AppData\Local\Temp\WER5FE1.tmp.hdmp
    C:\Users\garyh\AppData\Local\Temp\WER6F8B.tmp.xml
    Read our privacy statement online:
    http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409
    If the online privacy statement is not available, please read our privacy statement offline:
    C:\Windows\system32\en-US\erofflps.txt
  8. Broni

    Broni Malware Annihilator Posts: 45,316   +243

    Good :)

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
    glhglh likes this.
  9. glhglh

    glhglh TechSpot Maniac Topic Starter Posts: 324

    Combofix made it all the way through 50 stages. deleted many many many files (some I had recognized, and disabled in the Startup, prior to comming to you), rebooted, in the "preparing Log Report", Do not run any programs untio ComboFix has Finished.
    "This application has requested the runtime to terminate in an unusual way. Please contact the application's support team for more information." in the combofix box

    Also, a Windows box opened. "PEV.exe has stopped working"

    a proglem caused the progtram to stop working correctly. Windows will close the program and notify you if a solution is available".

    Shall I close?
  10. Broni

    Broni Malware Annihilator Posts: 45,316   +243

    If you can simply OK that window and Combofix is still running let it run.
    If not re-run Combofix from safe mode.
  11. glhglh

    glhglh TechSpot Maniac Topic Starter Posts: 324

    ComboFix 12-08-07.03 - Benjamin 08/07/2012 16:36:34.1.2 - x86
    Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2045.1241 [GMT -7:00]
    Running from: c:\users\Benjamin\Desktop\ComboFix.exe
    AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\bflixtoolbar
    c:\program files\bflixtoolbar\chrome\content\lib\about.xml
    c:\program files\bflixtoolbar\chrome\content\lib\dtxpanel.xul
    c:\program files\bflixtoolbar\chrome\content\lib\dtxpanelwin.xul
    c:\program files\bflixtoolbar\chrome\content\lib\dtxprefwin.xul
    c:\program files\bflixtoolbar\chrome\content\lib\dtxtransparentwin.xul
    c:\program files\bflixtoolbar\chrome\content\lib\dtxwin.xul
    c:\program files\bflixtoolbar\chrome\content\lib\emailnotifierproviders.xml
    c:\program files\bflixtoolbar\chrome\content\lib\external.js
    c:\program files\bflixtoolbar\chrome\content\lib\neterror.xhtml
    c:\program files\bflixtoolbar\chrome\content\lib\nsDragAndDrop.js
    c:\program files\bflixtoolbar\chrome\content\lib\rsspreview.html
    c:\program files\bflixtoolbar\chrome\content\lib\rsswin.xml
    c:\program files\bflixtoolbar\chrome\content\lib\rsswin.xsl
    c:\program files\bflixtoolbar\chrome\content\lib\vmncode.js
    c:\program files\bflixtoolbar\chrome\content\lib\wmpstreamer.html
    c:\program files\bflixtoolbar\chrome\content\modules\datastore.jsm
    c:\program files\bflixtoolbar\chrome\content\neterror.xhtml
    c:\program files\bflixtoolbar\chrome\content\newtab\images\btn_search.gif
    c:\program files\bflixtoolbar\chrome\content\newtab\images\bullet.gif
    c:\program files\bflixtoolbar\chrome\content\newtab\images\field_bg.gif
    c:\program files\bflixtoolbar\chrome\content\newtab\images\powered_by_yahoo.gif
    c:\program files\bflixtoolbar\chrome\content\newtab\newtab.html
    c:\program files\bflixtoolbar\chrome\content\newtab\newtab_mystart.html
    c:\program files\bflixtoolbar\chrome\content\newtab\newtab_yahoo.html
    c:\program files\bflixtoolbar\chrome\content\preferences.xml
    c:\program files\bflixtoolbar\chrome\content\toolbar.htm
    c:\program files\bflixtoolbar\chrome\content\toolbar.xul
    c:\program files\bflixtoolbar\chrome\content\vmncode.js
    c:\program files\bflixtoolbar\chrome\content\vmnrsswin.xml
    c:\program files\bflixtoolbar\chrome\data\dynamicElements\vmntoolbar.xsl
    c:\program files\bflixtoolbar\chrome\data\product.xml
    c:\program files\bflixtoolbar\chrome\data\rss\rss.xml
    c:\program files\bflixtoolbar\chrome\data\search\engines.xml
    c:\program files\bflixtoolbar\chrome\data\search\search.xsl
    c:\program files\bflixtoolbar\chrome\data\weather\icons.xml
    c:\program files\bflixtoolbar\chrome\skin\1x1_png
    c:\program files\bflixtoolbar\chrome\skin\1x1_white_png
    c:\program files\bflixtoolbar\chrome\skin\about.gif
    c:\program files\bflixtoolbar\chrome\skin\about_logo.png
    c:\program files\bflixtoolbar\chrome\skin\arcade_png
    c:\program files\bflixtoolbar\chrome\skin\babylon_logo.png
    c:\program files\bflixtoolbar\chrome\skin\bflix_logo_png
    c:\program files\bflixtoolbar\chrome\skin\blank_png
    c:\program files\bflixtoolbar\chrome\skin\bluelite.gif
    c:\program files\bflixtoolbar\chrome\skin\bluesky.gif
    c:\program files\bflixtoolbar\chrome\skin\btn-search-over.png
    c:\program files\bflixtoolbar\chrome\skin\btn-search.png
    c:\program files\bflixtoolbar\chrome\skin\btn-settings-over.png
    c:\program files\bflixtoolbar\chrome\skin\btn-settings.png
    c:\program files\bflixtoolbar\chrome\skin\btn-widgets-over.png
    c:\program files\bflixtoolbar\chrome\skin\btn-widgets.png
    c:\program files\bflixtoolbar\chrome\skin\btn_settings.png
    c:\program files\bflixtoolbar\chrome\skin\ca.png
    c:\program files\bflixtoolbar\chrome\skin\dictionary.png
    c:\program files\bflixtoolbar\chrome\skin\divider.png
    c:\program files\bflixtoolbar\chrome\skin\downloadcom.png
    c:\program files\bflixtoolbar\chrome\skin\dtxlogo.png
    c:\program files\bflixtoolbar\chrome\skin\email.png
    c:\program files\bflixtoolbar\chrome\skin\email_on.png
    c:\program files\bflixtoolbar\chrome\skin\facebook.png
    c:\program files\bflixtoolbar\chrome\skin\facebook_png
    c:\program files\bflixtoolbar\chrome\skin\games.png
    c:\program files\bflixtoolbar\chrome\skin\Games_png
    c:\program files\bflixtoolbar\chrome\skin\graphna.png
    c:\program files\bflixtoolbar\chrome\skin\graphred0.png
    c:\program files\bflixtoolbar\chrome\skin\graphred0_5.png
    c:\program files\bflixtoolbar\chrome\skin\graphred1.png
    c:\program files\bflixtoolbar\chrome\skin\graphred1_5.png
    c:\program files\bflixtoolbar\chrome\skin\graphred2.png
    c:\program files\bflixtoolbar\chrome\skin\graphred2_5.png
    c:\program files\bflixtoolbar\chrome\skin\graphred3.png
    c:\program files\bflixtoolbar\chrome\skin\graphred3_5.png
    c:\program files\bflixtoolbar\chrome\skin\graphred4.png
    c:\program files\bflixtoolbar\chrome\skin\graphred4_5.png
    c:\program files\bflixtoolbar\chrome\skin\graphred5.png
    c:\program files\bflixtoolbar\chrome\skin\graphredna.png
    c:\program files\bflixtoolbar\chrome\skin\grey.gif
    c:\program files\bflixtoolbar\chrome\skin\ico-shield.png
    c:\program files\bflixtoolbar\chrome\skin\images.png
    c:\program files\bflixtoolbar\chrome\skin\lfg_smll_png
    c:\program files\bflixtoolbar\chrome\skin\lib\add.png
    c:\program files\bflixtoolbar\chrome\skin\lib\alexabutton.css
    c:\program files\bflixtoolbar\chrome\skin\lib\aol.png
    c:\program files\bflixtoolbar\chrome\skin\lib\arrow-dn.gif
    c:\program files\bflixtoolbar\chrome\skin\lib\arrow-right-disabled.gif
    c:\program files\bflixtoolbar\chrome\skin\lib\arrow-right.gif
    c:\program files\bflixtoolbar\chrome\skin\lib\arrow-up.gif
    c:\program files\bflixtoolbar\chrome\skin\lib\bg-btn-divider.png
    c:\program files\bflixtoolbar\chrome\skin\lib\bg-btn-end.png
    c:\program files\bflixtoolbar\chrome\skin\lib\bg-btn-mdl.png
    c:\program files\bflixtoolbar\chrome\skin\lib\bg-btn-mdl_ff.png
    c:\program files\bflixtoolbar\chrome\skin\lib\bg-btn-start.png
    c:\program files\bflixtoolbar\chrome\skin\lib\bg-btnover-divider.png
    c:\program files\bflixtoolbar\chrome\skin\lib\bg-btnover-end.png
    c:\program files\bflixtoolbar\chrome\skin\lib\bg-btnover-mdl.png
    c:\program files\bflixtoolbar\chrome\skin\lib\bg-btnover-mdl_ff.png
    c:\program files\bflixtoolbar\chrome\skin\lib\bg-btnover-start.png
    c:\program files\bflixtoolbar\chrome\skin\lib\blank.gif
    c:\program files\bflixtoolbar\chrome\skin\lib\btn-widgets-over.png
    c:\program files\bflixtoolbar\chrome\skin\lib\btn-widgets.png
    c:\program files\bflixtoolbar\chrome\skin\lib\btn_slider.png
    c:\program files\bflixtoolbar\chrome\skin\lib\btnback-down-vista.png
    c:\program files\bflixtoolbar\chrome\skin\lib\btnback-vista.png
    c:\program files\bflixtoolbar\chrome\skin\lib\btnleft-down-vista.png
    c:\program files\bflixtoolbar\chrome\skin\lib\btnleft-vista.png
    c:\program files\bflixtoolbar\chrome\skin\lib\btnright-down-vista.png
    c:\program files\bflixtoolbar\chrome\skin\lib\btnright-vista.png
    c:\program files\bflixtoolbar\chrome\skin\lib\button-splitter-down-vista.png
    c:\program files\bflixtoolbar\chrome\skin\lib\button-splitter-vista.png
    c:\program files\bflixtoolbar\chrome\skin\lib\button-splitter.png
    c:\program files\bflixtoolbar\chrome\skin\lib\checkmark.png
    c:\program files\bflixtoolbar\chrome\skin\lib\chevron.png
    c:\program files\bflixtoolbar\chrome\skin\lib\collapse.png
    c:\program files\bflixtoolbar\chrome\skin\lib\comcast.png
    c:\program files\bflixtoolbar\chrome\skin\lib\debugbar\debug.html
    c:\program files\bflixtoolbar\chrome\skin\lib\dtx-test.css
    c:\program files\bflixtoolbar\chrome\skin\lib\dtx.css
    c:\program files\bflixtoolbar\chrome\skin\lib\edit-back-hot.png
    c:\program files\bflixtoolbar\chrome\skin\lib\edit-back.png
    c:\program files\bflixtoolbar\chrome\skin\lib\embarq.png
    c:\program files\bflixtoolbar\chrome\skin\lib\expand.png
    c:\program files\bflixtoolbar\chrome\skin\lib\fast.png
    c:\program files\bflixtoolbar\chrome\skin\lib\found.png
    c:\program files\bflixtoolbar\chrome\skin\lib\gmail.png
    c:\program files\bflixtoolbar\chrome\skin\lib\gripper.png
    c:\program files\bflixtoolbar\chrome\skin\lib\highlight.png
    c:\program files\bflixtoolbar\chrome\skin\lib\highlight_blue.png
    c:\program files\bflixtoolbar\chrome\skin\lib\highlight_cyan.png
    c:\program files\bflixtoolbar\chrome\skin\lib\highlight_lime.png
    c:\program files\bflixtoolbar\chrome\skin\lib\highlight_magenta.png
    c:\program files\bflixtoolbar\chrome\skin\lib\highlight_yellow.png
    c:\program files\bflixtoolbar\chrome\skin\lib\hotmail.png
    c:\program files\bflixtoolbar\chrome\skin\lib\ico-check.png
    c:\program files\bflixtoolbar\chrome\skin\lib\imap.png
    c:\program files\bflixtoolbar\chrome\skin\lib\lastsearch-thumb-back.gif
    c:\program files\bflixtoolbar\chrome\skin\lib\launchers.css
    c:\program files\bflixtoolbar\chrome\skin\lib\loadingMid.gif
    c:\program files\bflixtoolbar\chrome\skin\lib\lock.png
    c:\program files\bflixtoolbar\chrome\skin\lib\logo-separator.png
    c:\program files\bflixtoolbar\chrome\skin\lib\mailcom.png
    c:\program files\bflixtoolbar\chrome\skin\lib\menu_bg-basic.png
    c:\program files\bflixtoolbar\chrome\skin\lib\menu_separator_bar.png
    c:\program files\bflixtoolbar\chrome\skin\lib\menu_separator_white.png
    c:\program files\bflixtoolbar\chrome\skin\lib\menuitem-splitter.png
    c:\program files\bflixtoolbar\chrome\skin\lib\menuitemback-down-vista.png
    c:\program files\bflixtoolbar\chrome\skin\lib\menuitemback-vista.png
    c:\program files\bflixtoolbar\chrome\skin\lib\menuitemleft-down-vista.png
    c:\program files\bflixtoolbar\chrome\skin\lib\menuitemleft-vista.png
    c:\program files\bflixtoolbar\chrome\skin\lib\menuitemleft.png
    c:\program files\bflixtoolbar\chrome\skin\lib\menuitemright-down-vista.png
    c:\program files\bflixtoolbar\chrome\skin\lib\menuitemright-vista.png
    c:\program files\bflixtoolbar\chrome\skin\lib\minus.gif
    c:\program files\bflixtoolbar\chrome\skin\lib\modify.png
    c:\program files\bflixtoolbar\chrome\skin\lib\move.gif
    c:\program files\bflixtoolbar\chrome\skin\lib\movetarget.png
    c:\program files\bflixtoolbar\chrome\skin\lib\newsitem.gif
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\css\panels.css
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\css\popupAbout.css
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\css\popupGames.css
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\css\popupRSS.css
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\css\popupWidgets.css
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\css\dialog.css
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\bg.gif
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\btn-search.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\btn-wide-close.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\default.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-off-l.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-off-r.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-on-l.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-on-r.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\transparent.gif
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\ttlbar-left.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\ttlbar-right.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-left.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-right.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\win-left.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\win-right.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\main.html
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\scripts\defscript.js
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\footer.htm
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\gamecategory.xsl
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\gameData.js
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\gameList.xsl
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\games.xsl
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\gametype.xsl
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\arrow-dn.gif
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\arrow-sml-drop.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\arrow-sml.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\arrow-up.gif
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\arrowr-bluew5.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\bg-aboutbox.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\bg-btnover.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\bg-pnl520x390.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-back.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-close-grey.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-close-greyover.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-drag.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-mdl-over.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-mdl.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-moredetails.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-next-over.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-next.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-play-left-over.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-play-left.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-previous-over.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-previous.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-right-over.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-try-left-over.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-try-left.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\bullet-orange.gif
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\gamethumb-on.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\gamethumb2-over.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-calendar.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-dollar.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-download.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-joystick24.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-news24.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-play.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-tags.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\icon-Add.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\icon-download.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\icon-Info.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\icon-play.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\icon-shop.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\menul-bgon.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\menul-bgover.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scroll-bg-206.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scroll-bg.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scroll-topwin.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollb-disable.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollb-down.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollb-over.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollb.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollt-disable.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollt-down.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollt-over.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollt.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\star_x_grey.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\star_x_orange.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\TRUSTe_about.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\view-detailed-on.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\view-detailed-over.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\view-thumb-on.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\view-thumb-over.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\widgets-square-16px.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\widgets-square-24px.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\widgets.png
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\initHTML.html
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\popupGames.html
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\popupHTML.html
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\popupRSS.html
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\popupWidgets.html
    c:\program files\bflixtoolbar\chrome\skin\lib\panels\scroll.png
    c:\program files\bflixtoolbar\chrome\skin\lib\plus.gif
    c:\program files\bflixtoolbar\chrome\skin\lib\pop.png
    c:\program files\bflixtoolbar\chrome\skin\lib\radio.png
    c:\program files\bflixtoolbar\chrome\skin\lib\radio\css\manager.css
    c:\program files\bflixtoolbar\chrome\skin\lib\radio\css\slider.css
    c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\bg-pnl.png
    c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\btn-close-grey.png
    c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\btn-close-greyover.png
    c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\collapsed_button.gif
    c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\expanded_button.gif
    c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\ico-playstation-down.png
    c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\ico-playstation-over.png
    c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\ico-playstation.png
    c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\ico-radio.png
    c:\program files\bflixtoolbar\chrome\skin\lib\radio\managerpanel.html
    c:\program files\bflixtoolbar\chrome\skin\lib\radio\volumeslider.html
    c:\program files\bflixtoolbar\chrome\skin\lib\rank0.png
    c:\program files\bflixtoolbar\chrome\skin\lib\rank0_5.png
    c:\program files\bflixtoolbar\chrome\skin\lib\rank1.png
    c:\program files\bflixtoolbar\chrome\skin\lib\rank1_5.png
    c:\program files\bflixtoolbar\chrome\skin\lib\rank2.png
    c:\program files\bflixtoolbar\chrome\skin\lib\rank2_5.png
    c:\program files\bflixtoolbar\chrome\skin\lib\rank3.png
    c:\program files\bflixtoolbar\chrome\skin\lib\rank3_5.png
    c:\program files\bflixtoolbar\chrome\skin\lib\rank4.png
    c:\program files\bflixtoolbar\chrome\skin\lib\rank4_5.png
    c:\program files\bflixtoolbar\chrome\skin\lib\rank5.png
    c:\program files\bflixtoolbar\chrome\skin\lib\rankna.png
    c:\program files\bflixtoolbar\chrome\skin\lib\reload.png
    c:\program files\bflixtoolbar\chrome\skin\lib\remove.png
    c:\program files\bflixtoolbar\chrome\skin\lib\rename.gif
    c:\program files\bflixtoolbar\chrome\skin\lib\resize-box.gif
    c:\program files\bflixtoolbar\chrome\skin\lib\rss.png
    c:\program files\bflixtoolbar\chrome\skin\lib\rsschannelback.png
    c:\program files\bflixtoolbar\chrome\skin\lib\RSSLogo.png
    c:\program files\bflixtoolbar\chrome\skin\lib\rsstabdivider.gif
    c:\program files\bflixtoolbar\chrome\skin\lib\scroll-left.png
    c:\program files\bflixtoolbar\chrome\skin\lib\scroll-right.png
    c:\program files\bflixtoolbar\chrome\skin\lib\search-go.png
    c:\program files\bflixtoolbar\chrome\skin\lib\search.png
    c:\program files\bflixtoolbar\chrome\skin\lib\separator.png
    c:\program files\bflixtoolbar\chrome\skin\lib\text-ellipsis.xml
    c:\program files\bflixtoolbar\chrome\skin\lib\throbber.gif
    c:\program files\bflixtoolbar\chrome\skin\lib\toolbarsplitter.gif
    c:\program files\bflixtoolbar\chrome\skin\lib\transparent_1px.gif
    c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton.css
    c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-highrisk-user.gif
    c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-highrisk.gif
    c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-lowrisk.gif
    c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-norating.gif
    c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-verified-user.gif
    c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-verified.gif
    c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-verifying.gif
    c:\program files\bflixtoolbar\chrome\skin\lib\yahoo.png
    c:\program files\bflixtoolbar\chrome\skin\lichen.gif
    c:\program files\bflixtoolbar\chrome\skin\Linked_in_png
    c:\program files\bflixtoolbar\chrome\skin\logo-about.png
    c:\program files\bflixtoolbar\chrome\skin\logo-over.png
    c:\program files\bflixtoolbar\chrome\skin\logo-separator.png
    c:\program files\bflixtoolbar\chrome\skin\logo.png
    c:\program files\bflixtoolbar\chrome\skin\mail.png
    c:\program files\bflixtoolbar\chrome\skin\menuseparatorback.gif
    c:\program files\bflixtoolbar\chrome\skin\modify-save.png
    c:\program files\bflixtoolbar\chrome\skin\modify.png
    c:\program files\bflixtoolbar\chrome\skin\modifyhot.png
    c:\program files\bflixtoolbar\chrome\skin\music.png
    c:\program files\bflixtoolbar\chrome\skin\music_png
    c:\program files\bflixtoolbar\chrome\skin\Myspace_png
    c:\program files\bflixtoolbar\chrome\skin\namespacetoolbar.css
    c:\program files\bflixtoolbar\chrome\skin\news.png
    c:\program files\bflixtoolbar\chrome\skin\options-main.png
    c:\program files\bflixtoolbar\chrome\skin\options-search.png
    c:\program files\bflixtoolbar\chrome\skin\orange.gif
    c:\program files\bflixtoolbar\chrome\skin\p_yahoo.png
    c:\program files\bflixtoolbar\chrome\skin\pixsy.png
    c:\program files\bflixtoolbar\chrome\skin\ppcbully.png
    c:\program files\bflixtoolbar\chrome\skin\protect-id.png
    c:\program files\bflixtoolbar\chrome\skin\relatedlinks.png
    c:\program files\bflixtoolbar\chrome\skin\rss-collapse.png
    c:\program files\bflixtoolbar\chrome\skin\rss-delete.png
    c:\program files\bflixtoolbar\chrome\skin\rss-expand.png
    c:\program files\bflixtoolbar\chrome\skin\rss-feed.png
    c:\program files\bflixtoolbar\chrome\skin\rss-folder-remove.png
    c:\program files\bflixtoolbar\chrome\skin\rss-folder-rename.png
    c:\program files\bflixtoolbar\chrome\skin\rss-folder.png
    c:\program files\bflixtoolbar\chrome\skin\rss-found.png
    c:\program files\bflixtoolbar\chrome\skin\rss-reload.png
    c:\program files\bflixtoolbar\chrome\skin\rss-subscribe.png
    c:\program files\bflixtoolbar\chrome\skin\rss.png
    c:\program files\bflixtoolbar\chrome\skin\rssback.gif
    c:\program files\bflixtoolbar\chrome\skin\rsstopback.gif
    c:\program files\bflixtoolbar\chrome\skin\search-over.png
    c:\program files\bflixtoolbar\chrome\skin\search.png
    c:\program files\bflixtoolbar\chrome\skin\settings.png
    c:\program files\bflixtoolbar\chrome\skin\shopping.png
    c:\program files\bflixtoolbar\chrome\skin\siteinfo.png
    c:\program files\bflixtoolbar\chrome\skin\skin-bluelite.png
    c:\program files\bflixtoolbar\chrome\skin\skin-bluesky.png
    c:\program files\bflixtoolbar\chrome\skin\skin-grey.png
    c:\program files\bflixtoolbar\chrome\skin\skin-lichen.png
    c:\program files\bflixtoolbar\chrome\skin\skin-orange.png
    c:\program files\bflixtoolbar\chrome\skin\skin-yellow.png
    c:\program files\bflixtoolbar\chrome\skin\skin.xml
    c:\program files\bflixtoolbar\chrome\skin\technorati.png
    c:\program files\bflixtoolbar\chrome\skin\throbber.gif
    c:\program files\bflixtoolbar\chrome\skin\toolbarsplitter.png
    c:\program files\bflixtoolbar\chrome\skin\translate.png
    c:\program files\bflixtoolbar\chrome\skin\TRUSTe_about.png
    c:\program files\bflixtoolbar\chrome\skin\tv_png
    c:\program files\bflixtoolbar\chrome\skin\twitter_png
    c:\program files\bflixtoolbar\chrome\skin\vmn.css
    c:\program files\bflixtoolbar\chrome\skin\vmn.png
    c:\program files\bflixtoolbar\chrome\skin\Weather_png
    c:\program files\bflixtoolbar\chrome\skin\web.png
    c:\program files\bflixtoolbar\chrome\skin\websearch.png
    c:\program files\bflixtoolbar\chrome\skin\wikipedia.png
    c:\program files\bflixtoolbar\chrome\skin\yahoosearch.png
    c:\program files\bflixtoolbar\chrome\skin\yellow.gif
    c:\program files\bflixtoolbar\chrome\skin\youtube.png
    c:\program files\bflixtoolbar\chrome\skin\zoom.png
    c:\program files\bflixtoolbar\install.ico
    c:\program files\bflixtoolbar\manifest.xml
    c:\program files\bflixtoolbar\partner.xml
    c:\program files\bflixtoolbar\uninstall.exe
    c:\program files\bflixtoolbar\vmntemplate.dll
    c:\program files\bflixtoolbar\vmntemplateX.dll
    c:\program files\FREEzeFrog
    c:\program files\Incredibar.com
    c:\program files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
    c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll
    c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll
    c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe
    c:\program files\Incredibar.com\incredibar\1.5.11.14\inCRedibartlbr.dll
    c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
    c:\program files\QuestScan
    c:\program files\StartNow Toolbar
    c:\program files\StartNow Toolbar\Reactivate.exe
    c:\program files\StartNow Toolbar\ReactivateFF.exe
    c:\program files\StartNow Toolbar\Resources\images\btn-msn.png
    c:\program files\StartNow Toolbar\Resources\images\chevronButton.png
    c:\program files\StartNow Toolbar\Resources\images\engine_images.png
    c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
    c:\program files\StartNow Toolbar\Resources\images\engine_news.png
    c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
    c:\program files\StartNow Toolbar\Resources\images\engine_web.png
    c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
    c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
    c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
    c:\program files\StartNow Toolbar\Resources\images\icon_games.png
    c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
    c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
    c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
    c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
    c:\program files\StartNow Toolbar\Resources\images\separator.png
    c:\program files\StartNow Toolbar\Resources\images\splitter.png
    c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
    c:\program files\StartNow Toolbar\Resources\installer.xml
    c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
    c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
    c:\program files\StartNow Toolbar\Resources\skin\separator.png
    c:\program files\StartNow Toolbar\Resources\skin\splitter.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
    c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
    c:\program files\StartNow Toolbar\Resources\toolbar.xml
    c:\program files\StartNow Toolbar\Resources\update.xml
    c:\program files\StartNow Toolbar\search_protect.exe
    c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
    c:\program files\StartNow Toolbar\Toolbar32.dll
    c:\program files\StartNow Toolbar\ToolbarBroker.exe
    c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
    c:\program files\StartNow Toolbar\uninstall.dat
    c:\program files\StartNow Toolbar\XBrowser.dll
    c:\program files\Web Assistant\ExTEnsion32.dll
    c:\programdata\QuestScan
    c:\users\Benjamin\AppData\Roaming\app
    c:\users\Benjamin\AppData\Roaming\app\Jerakine_lang.dat
    c:\users\Benjamin\AppData\Roaming\app\Jerakine_lang_vesrion.dat
    c:\users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
    c:\users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\System Fix.lnk
    c:\users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\hosts.js
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\injection_button.js
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\popups.js
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\printerExternalAccessFF.js
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\components\tellSvc.dll
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\chrome.manifest
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\chrome\content\background.html
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\chrome\content\browser.xul
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\chrome\content\crossrider.js
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\chrome\content\crossriderapi.js
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\chrome\content\dialog.js
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\chrome\content\options.js
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\chrome\content\options.xul
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\chrome\content\search_dialog.xul
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\chrome\content\update.html
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\defaults\preferences\prefs.js
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome.manifest
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\background.html
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\browser.xul
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\crossrider.js
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\crossriderapi.js
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\dialog.js
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\options.js
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\options.xul
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\search_dialog.xul
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\update.html
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\defaults\preferences\prefs.js
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\install.rdf
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\locale\en-US\translations.dtd
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\button1.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\button2.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\button3.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\button4.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\button5.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\crossrider_statusbar.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\icon24.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\icon48.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\panelarrow-up.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\popup.css
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\popup.html
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\popup_binding.xml
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\skin.css
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\update.css
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\install.rdf
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\locale\en-US\translations.dtd
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\button1.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\button2.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\button3.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\button4.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\button5.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\crossrider_statusbar.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\icon128.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\icon16.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\icon24.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\icon48.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\panelarrow-up.png
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\popup.css
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\popup.html
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\popup_binding.xml
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\skin.css
    c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\update.css
    c:\users\Benjamin\Desktop\System Fix.lnk
  12. glhglh

    glhglh TechSpot Maniac Topic Starter Posts: 324

    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_Updater Service for StartNow Toolbar
    -------\Service_Updater Service for StartNow Toolbar
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-07 23:55 . 2012-08-08 00:01 -------- d-----w- c:\users\Benjamin\AppData\Local\temp
    2012-08-07 23:55 . 2012-08-07 23:55 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-07 23:55 . 2012-08-07 23:55 -------- d-----w- c:\users\glh\AppData\Local\temp
    2012-08-05 16:53 . 2012-08-05 16:53 -------- d-----w- C:\tdsskiller
    2012-08-04 20:15 . 2012-08-04 20:15 -------- d-----w- C:\FRST
    2012-08-04 05:06 . 2012-08-04 05:13 -------- d-----w- C:\sewf8374ljk
    2012-07-18 02:12 . 2012-07-18 02:12 -------- d-----w- c:\users\Benjamin\AppData\Local\Proxure
    2012-07-18 02:11 . 2012-07-18 02:11 -------- d-----w- c:\programdata\ClubSanDisk
    2012-07-17 21:53 . 2012-07-17 21:53 -------- d-----w- c:\program files\Oracle
    2012-07-17 21:52 . 2012-07-06 05:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-07-17 21:47 . 2012-07-17 21:47 -------- d-----w- c:\programdata\McAfee
    2012-07-13 23:47 . 2012-08-07 23:53 -------- d-----w- c:\program files\Web Assistant
    2012-07-13 23:46 . 2012-07-13 23:46 -------- d-----w- c:\users\Benjamin\AppData\Local\Codec-V
    2012-07-13 23:45 . 2012-08-01 20:04 -------- d-----w- c:\program files\Codec-V
    2012-07-13 01:46 . 2012-07-13 01:46 -------- d-----w- c:\programdata\Graboid Inc
    2012-07-12 14:51 . 2012-07-31 23:51 9821896 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2012-07-11 10:22 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
    2012-07-10 21:33 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2012-07-10 21:33 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-10 21:33 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2012-07-10 21:33 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-07-10 21:33 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-07-10 21:33 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-31 23:51 . 2012-04-04 15:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-31 23:51 . 2011-06-06 22:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-06 05:06 . 2011-04-11 20:13 687544 ----a-w- c:\windows\system32\deployJava1.dll
    2012-06-02 22:19 . 2012-06-22 19:07 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 22:19 . 2012-06-22 19:08 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-22 19:08 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-22 19:07 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-22 19:07 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2012-06-22 19:08 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:12 . 2012-06-22 19:08 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12 . 2012-06-22 19:07 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 22:12 . 2012-06-22 19:07 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-07-20 00:58 . 2011-09-02 05:46 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CrossRiderPlugin"="c:\program files\CrossriderWebApps\Crossrider.exe" [2011-05-15 478720]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoWelcomeScreen"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CrossRiderPlugin]
    2011-05-15 22:01 478720 ----a-w- c:\program files\CrossriderWebApps\Crossrider.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExpressFiles]
    2012-01-17 03:38 326776 ----a-w- c:\program files\ExpressFiles\ExpressFiles.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2012-06-23 06:11 116648 ----atw- c:\users\Benjamin\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
    2011-06-30 10:11 2648184 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 23:51]
    .
    2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3175613772-2373492689-2895465435-1001Core.job
    - c:\users\Benjamin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-23 06:11]
    .
    2012-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3175613772-2373492689-2895465435-1001UA.job
    - c:\users\Benjamin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-23 06:11]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6R8yUwZmOv&&I=26&search=
    FF - user.js: extensions.incredibar_i.newTab - false
    FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8yUwZmOv&loc=IB_TB&I=26&search=
    FF - user.js: extensions.incredibar_i.id - b6c58df10000000000000019d2c91e5d
    FF - user.js: extensions.incredibar_i.instlDay - 15534
    FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1416:48
    FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
    FF - user.js: extensions.incredibar_i.prdct - incredibar
    FF - user.js: extensions.incredibar_i.aflt - orgnl
    FF - user.js: extensions.incredibar_i.smplGrp - none
    FF - user.js: extensions.incredibar_i.tlbrId - base
    FF - user.js: extensions.incredibar_i.instlRef -
    FF - user.js: extensions.incredibar_i.dfltLng -
    FF - user.js: extensions.incredibar_i.excTlbr - false
    FF - user.js: extensions.incredibar_i.ms_url_id -
    FF - user.js: extensions.incredibar_i.upn2 - 6R8yUwZmOv
    FF - user.js: extensions.incredibar_i.upn2n - 92824700789347371
    FF - user.js: extensions.incredibar_i.productid - 26
    FF - user.js: extensions.incredibar_i.installerproductid - 26
    FF - user.js: extensions.incredibar_i.did - 10650
    FF - user.js: extensions.incredibar_i.ppd - 169%5F2
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Notify-SEP - c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll
    SafeBoot-ccEvtMgr
    SafeBoot-ccSetMgr
    SafeBoot-Symantec Antivirus
    SafeBoot-Symantec Antvirus
    MSConfigStartUp-StartNow Search Protect - c:\program files\StartNow Toolbar\search_protect.exe
    MSConfigStartUp-XeroxRegistation - c:\users\Benjamin\AppData\Local\Temp\Xerox\EReg\EReg.exe
    AddRemove-bflixtoolbar - c:\program files\bflixtoolbar\uninstall.exe
    AddRemove-incredibar - c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
    AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-08-07 17:02
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SepMasterService]
    "ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\sms.dll\" /prefetch:1"
    --
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SmcService]
    "ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
    c:\windows\system32\WUDFHost.exe
    c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
    c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
    c:\windows\system32\wbem\unsecapp.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-07 17:32:23 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-08 00:32
    .
    Pre-Run: 93,118,554,112 bytes free
    Post-Run: 99,949,010,944 bytes free
    .
    - - End Of File - - 4A0A7BFFF991F4CAD8059F484D0D49A0
  13. Broni

    Broni Malware Annihilator Posts: 45,316   +243

    Looks good :)

    How is computer doing?

    ==================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    =================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  14. glhglh

    glhglh TechSpot Maniac Topic Starter Posts: 324

    Working much better. The screen (this is a notbook), still goes blank after about 2 seconds. This may be a hardware problems, or just need updated drivers. I'll follow the next directions.
  15. glhglh

    glhglh TechSpot Maniac Topic Starter Posts: 324

    mbam won't load. error, host not found. mouse is floating all over. rebooting. try again to load? or go on to otl?
  16. Broni

    Broni Malware Annihilator Posts: 45,316   +243

    You need to give me more details.
    What EXACTLY happens?
    Use more than few words since I'm not there.
  17. glhglh

    glhglh TechSpot Maniac Topic Starter Posts: 324

    Basically, I rebooted several times. Then have been busy. When I first tryed to load Mbam, there was a message that it couldn't be loaded, because it was marked to be deleted. I tried to delete it, then rebooted, but still a problem. Then used windows "program &.." to delete it, rebooted a couple of times, and was able to reinstall. Then the updating became a problem, but was able to connect to the internet again on that machine to update.

    Ran Mbam, here is scan :):

    alwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.08.09.10
    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Benjamin :: BEN-DEL [administrator]
    8/9/2012 12:31:27 PM
    mbam-log-2012-08-09 (12-31-27).txt
    Scan type: Full scan (C:\|E:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 310699
    Time elapsed: 1 hour(s), 40 minute(s), 45 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
  18. glhglh

    glhglh TechSpot Maniac Topic Starter Posts: 324

    Here is the otl (we should not be using a proxie, I don't think):

    OTL logfile created on: 8/9/2012 3:01:33 PM - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Benjamin\Desktop
    Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 50.49% Memory free
    4.23 Gb Paging File | 3.29 Gb Available in Paging File | 77.77% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 149.05 Gb Total Space | 95.39 Gb Free Space | 64.00% Space Free | Partition Type: NTFS
    Drive E: | 14.91 Gb Total Space | 14.74 Gb Free Space | 98.84% Space Free | Partition Type: NTFS

    Computer Name: BEN-DEL | User Name: Benjamin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/08/09 12:50:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Benjamin\Desktop\OTL.exe
    PRC - [2011/08/26 20:26:50 | 001,664,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
    PRC - [2011/08/26 20:23:32 | 000,137,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
    PRC - [2011/05/15 15:01:44 | 000,478,720 | ---- | M] (Crossrider) -- C:\Program Files\CrossriderWebApps\Crossrider.exe
    PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


    ========== Modules (No Company Name) ==========


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/08/09 12:51:53 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/19 17:58:13 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/02 08:25:14 | 002,232,504 | ---- | M] (Giraffic) [Disabled | Stopped] -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
    SRV - [2012/05/08 15:13:28 | 000,185,856 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
    SRV - [2011/08/26 20:26:54 | 000,280,496 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe -- (SNAC)
    SRV - [2011/08/26 20:26:50 | 001,664,744 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe -- (SmcService)
    SRV - [2011/08/26 20:23:32 | 000,137,224 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe -- (SepMasterService)
    SRV - [2008/01/20 19:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\Drivers\COH_Mon.sys -- (COH_Mon)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2012/08/09 11:41:23 | 000,382,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20120808.001\IDSvix86.sys -- (IDSVix86)
    DRV - [2012/08/09 11:38:19 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120808.034\NAVEX15.SYS -- (NAVEX15)
    DRV - [2012/08/09 11:38:19 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2012/08/09 11:38:19 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys -- (EraserUtilDrv11220)
    DRV - [2012/08/09 11:38:19 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120808.034\NAVENG.SYS -- (NAVENG)
    DRV - [2012/06/21 00:09:23 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20120803.011\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2012/05/30 23:11:19 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2011/08/26 20:50:20 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2011/08/26 20:29:38 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\symtdiv.sys -- (SYMTDIV)
    DRV - [2011/08/26 20:29:34 | 000,756,856 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\SymEFA.sys -- (SymEFA)
    DRV - [2011/08/26 20:29:32 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\SymDS.sys -- (SymDS)
    DRV - [2011/08/26 20:29:28 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\srtsp.sys -- (SRTSP)
    DRV - [2011/08/26 20:29:28 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\srtspx.sys -- (SRTSPX)
    DRV - [2011/08/26 20:29:26 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\Ironx86.sys -- (SymIRON)
    DRV - [2011/08/26 20:27:34 | 000,050,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\Teefer.sys -- (Teefer2)
    DRV - [2009/04/10 21:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
    DRV - [2008/01/20 19:23:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
    DRV - [2006/10/13 20:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3175613772-2373492689-2895465435-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-3175613772-2373492689-2895465435-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-3175613772-2373492689-2895465435-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DD 6E A8 22 AC 13 CC 01 [binary data]
    IE - HKU\S-1-5-21-3175613772-2373492689-2895465435-1001\..\SearchScopes,DefaultScope = {2C9E0EE4-2610-B903-9AF4-523D61CB8099}
    IE - HKU\S-1-5-21-3175613772-2373492689-2895465435-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3175613772-2373492689-2895465435-1001\..\SearchScopes\{2C9E0EE4-2610-B903-9AF4-523D61CB8099}: "URL" = http://www.startnow.com/s/?q={searc...89ec&browser=IE&os=win&os_version=6.0-x86-SP2
    IE - HKU\S-1-5-21-3175613772-2373492689-2895465435-1001\..\SearchScopes\{539CCC96-9A5D-429F-8413-00914CB14C4A}: "URL" = http://mp3tubetoolbar.com/?tmp=tool...hTerms}&clid=c6c601be169a43b88e27bf413cc8cd38
    IE - HKU\S-1-5-21-3175613772-2373492689-2895465435-1001\..\SearchScopes\{C2FCC1C2-AB2D-22B1-04E5-91AD1ADD53D1}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
    IE - HKU\S-1-5-21-3175613772-2373492689-2895465435-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6R8yUwZmOv&I=26
    IE - HKU\S-1-5-21-3175613772-2373492689-2895465435-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
    FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
    FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
    FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
    FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pin...8e27bf413cc8cd38&subid=&keywords={searchTerms}"
    FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..keyword.URL: "http://mystart.incredibar.com/mb139/?loc=IB_DS&a=6R8yUwZmOv&&I=26&search="


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Benjamin\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Benjamin\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp435@crossrider.com: C:\ProgramData\CodecCheck\firefox [2011/06/20 05:11:54 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\IPSFFPlgn\ [2012/08/09 09:42:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/27 23:55:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/07/13 16:47:29 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/19 17:58:14 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/17 14:52:54 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/19 17:58:14 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/17 14:52:54 | 000,000,000 | ---D | M]

    [2011/09/01 22:47:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benjamin\AppData\Roaming\Mozilla\Extensions
    [2012/08/07 16:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions
    [2012/07/13 16:47:07 | 000,002,203 | ---- | M] () -- C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\searchplugins\MyStart Search.xml
    [2012/04/25 08:54:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/06/27 23:55:46 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
    [2012/07/13 16:47:29 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
    [2012/08/09 09:42:08 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\PROGRAMDATA\SYMANTEC\SYMANTEC ENDPOINT PROTECTION\12.1.671.4971.105\DATA\IPSFFPLGN
    [2012/07/13 20:05:45 | 000,087,148 | ---- | M] () (No name found) -- C:\USERS\BENJAMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9H19OSDE.DEFAULT\EXTENSIONS\{24CEA704-946D-11DA-A72B-0800200C9A66}.XPI
    File not found (No name found) -- C:\USERS\BENJAMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9H19OSDE.DEFAULT\EXTENSIONS\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
    File not found (No name found) -- C:\USERS\BENJAMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9H19OSDE.DEFAULT\EXTENSIONS\CROSSRIDERAPP435@CROSSRIDER.COM
    [2012/07/13 20:05:45 | 000,004,429 | ---- | M] () (No name found) -- C:\USERS\BENJAMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9H19OSDE.DEFAULT\EXTENSIONS\STTR@MASTERADA.HU.XPI
    [2012/07/13 20:05:45 | 000,057,439 | ---- | M] () (No name found) -- C:\USERS\BENJAMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9H19OSDE.DEFAULT\EXTENSIONS\TABSCOPE@XULDEV.ORG.XPI
    [2012/07/13 20:05:45 | 000,097,687 | ---- | M] () (No name found) -- C:\USERS\BENJAMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9H19OSDE.DEFAULT\EXTENSIONS\TABUTILS@ITHINC.CN.XPI
    [2012/07/19 17:58:14 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/02/13 12:11:47 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/02/13 12:11:47 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: MyStart Search (Enabled)
    CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb139/?loc=IB_DS&search={searchTerms}&a=6R8yUwZmOv&I=26
    CHR - default_search_provider: suggest_url =
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Benjamin\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Benjamin\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Benjamin\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Benjamin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: YouTube = C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Web Assistant = C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.439_0\
    CHR - Extension: StartNow Search = C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\incfcgceegpikennjoplhfghaaikdgei\2.5.0_0\
    CHR - Extension: Codec-V = C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.18.51_0\crossrider
    CHR - Extension: Codec-V = C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.18.51_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: Gmail = C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/08/07 17:00:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (CrossRider) - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files\CrossriderWebApps\Crossrider.dll ()
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O4 - HKU\S-1-5-21-3175613772-2373492689-2895465435-1001..\Run: [CrossRiderPlugin] C:\Program Files\CrossriderWebApps\Crossrider.exe (Crossrider)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-3175613772-2373492689-2895465435-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3175613772-2373492689-2895465435-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-3175613772-2373492689-2895465435-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.5
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hedrick.local
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DF28EE6-3C75-4D48-86E6-272DABB84CB2}: DhcpNameServer = 192.168.1.5
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/09 14:13:36 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Benjamin\Desktop\OTL.exe
    [2012/08/09 09:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/08/09 09:39:45 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/08/09 09:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/08/07 17:32:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/08/07 17:07:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/08/07 16:55:53 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Local\temp
    [2012/08/07 15:09:39 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Desktop\tdsskiller
    [2012/08/06 18:12:35 | 000,892,822 | ---- | C] (Farbar) -- C:\Users\Benjamin\Desktop\FRST.exe
    [2012/08/06 10:44:23 | 000,306,999 | ---- | C] (Farbar) -- C:\Users\Benjamin\Desktop\ListParts.exe
    [2012/08/06 10:05:42 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Desktop\GETxPUD
    [2012/08/05 09:53:34 | 000,000,000 | ---D | C] -- C:\tdsskiller
    [2012/08/04 13:15:23 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/08/03 22:06:53 | 000,000,000 | ---D | C] -- C:\sewf8374ljk
    [2012/08/01 19:24:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/08/01 19:24:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/08/01 19:24:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/08/01 19:17:50 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/08/01 19:16:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/08/01 17:44:34 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Desktop\RK_Quarantine
    [2012/07/31 19:28:17 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Desktop\Ben Virus scans
    [2012/07/31 19:26:40 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Desktop\1 GLH new HP Desktop Virus Programs
    [2012/07/17 19:12:15 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Local\Proxure
    [2012/07/17 19:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\ClubSanDisk
    [2012/07/17 14:53:35 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
    [2012/07/17 14:52:54 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
    [2012/07/17 14:52:54 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
    [2012/07/17 14:51:32 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2012/07/17 14:51:32 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [2012/07/17 14:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2012/07/13 16:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
    [2012/07/13 16:46:22 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Local\Codec-V
    [2012/07/13 16:45:47 | 000,000,000 | ---D | C] -- C:\Program Files\Codec-V
    [2012/07/12 18:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Graboid Inc
    [2012/07/11 03:22:35 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2012/07/11 03:06:10 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2012/07/11 03:06:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2012/07/11 03:06:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2012/07/11 03:06:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2012/07/11 03:06:04 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2012/07/11 03:06:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2012/07/11 03:06:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/08/09 14:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/08/09 14:22:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3175613772-2373492689-2895465435-1001UA.job
    [2012/08/09 13:42:05 | 000,003,712 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/09 13:42:05 | 000,003,712 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/09 12:51:49 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2012/08/09 12:51:49 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2012/08/09 12:50:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Benjamin\Desktop\OTL.exe
    [2012/08/09 12:29:38 | 000,000,965 | ---- | M] () -- C:\Users\Benjamin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/08/09 09:46:33 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/08/09 09:46:32 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/08/09 09:41:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/08/09 09:41:44 | 2145,513,472 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/09 09:40:17 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/08 23:22:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3175613772-2373492689-2895465435-1001Core.job
    [2012/08/07 17:00:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/08/07 15:56:37 | 000,264,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/08/07 15:22:44 | 000,002,651 | ---- | M] () -- C:\Users\Benjamin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
    [2012/08/06 10:23:40 | 000,306,999 | ---- | M] (Farbar) -- C:\Users\Benjamin\Desktop\ListParts.exe
    [2012/08/06 10:12:12 | 067,108,864 | ---- | M] () -- C:\Users\Benjamin\Desktop\xpud-0.9.2.iso
    [2012/08/06 09:59:18 | 000,497,272 | ---- | M] () -- C:\Users\Benjamin\Desktop\GETxPUD.exe
    [2012/08/04 11:22:10 | 000,892,822 | ---- | M] (Farbar) -- C:\Users\Benjamin\Desktop\FRST.exe
    [2012/08/03 21:53:51 | 000,001,356 | ---- | M] () -- C:\Users\Benjamin\AppData\Local\d3d9caps.dat
    [2012/08/01 10:59:33 | 000,000,076 | ---- | M] () -- C:\Users\Benjamin\AppData\Roaming\mbam.context.scan
    [2012/07/23 19:18:21 | 273,275,364 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/07/17 14:49:37 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2012/07/17 14:49:36 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [2012/07/11 12:29:18 | 000,002,054 | ---- | M] () -- C:\Users\Benjamin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/07/11 12:29:17 | 000,002,092 | ---- | M] () -- C:\Users\Benjamin\Desktop\Google Chrome.lnk
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/08/09 09:40:17 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/09 09:39:48 | 000,000,965 | ---- | C] () -- C:\Users\Benjamin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/08/06 18:15:27 | 2145,513,472 | -HS- | C] () -- C:\hiberfil.sys
    [2012/08/06 10:11:15 | 067,108,864 | ---- | C] () -- C:\Users\Benjamin\Desktop\xpud-0.9.2.iso
    [2012/08/06 10:05:14 | 000,497,272 | ---- | C] () -- C:\Users\Benjamin\Desktop\GETxPUD.exe
    [2012/08/01 19:24:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/08/01 19:24:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/08/01 19:24:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/08/01 19:24:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/08/01 19:24:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/08/01 10:59:33 | 000,000,076 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\mbam.context.scan
    [2011/12/13 00:25:39 | 000,001,356 | ---- | C] () -- C:\Users\Benjamin\AppData\Local\d3d9caps.dat
    [2011/12/12 21:17:08 | 000,000,304 | ---- | C] () -- C:\ProgramData\~otoZiP8LlaLv28
    [2011/12/12 21:17:08 | 000,000,224 | ---- | C] () -- C:\ProgramData\~otoZiP8LlaLv28r
    [2011/12/12 21:17:04 | 000,000,456 | ---- | C] () -- C:\ProgramData\otoZiP8LlaLv28
    [2011/11/11 16:12:00 | 000,001,052 | ---- | C] () -- C:\Users\Benjamin\XrxWm.ini
    [2011/11/05 12:55:06 | 000,000,032 | ---- | C] () -- C:\Users\Benjamin\jagex_cl_runescape_LIVE.dat
    [2011/04/18 16:21:58 | 000,000,008 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\DofusAppId0_4
    [2011/04/14 11:45:40 | 000,005,632 | ---- | C] () -- C:\Users\Benjamin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/04/03 14:20:19 | 000,000,008 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\DofusAppId0_3
    [2011/04/02 23:32:21 | 000,000,008 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\DofusAppId0_1
    [2011/04/02 22:49:45 | 000,000,173 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\D2Info0
    [2011/04/02 22:49:45 | 000,000,008 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\DofusAppId0_2
    [2011/04/01 08:08:06 | 000,000,129 | ---- | C] () -- C:\Users\Benjamin\jagex_runescape_preferences2.dat
    [2011/04/01 08:03:47 | 000,000,035 | ---- | C] () -- C:\Users\Benjamin\jagex_runescape_preferences.dat
    [2011/04/01 08:03:15 | 000,000,024 | ---- | C] () -- C:\Users\Benjamin\jagexappletviewer.preferences
    [2011/03/31 12:36:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2011/03/31 12:36:21 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2011/03/31 12:35:47 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2011/03/31 11:02:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2011/03/31 09:54:53 | 000,055,472 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    < End of report >
    Still several s to delete.
  19. glhglh

    glhglh TechSpot Maniac Topic Starter Posts: 324

    and here is the extras log:

    OTL Extras logfile created on: 8/9/2012 3:01:33 PM - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Benjamin\Desktop
    Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 50.49% Memory free
    4.23 Gb Paging File | 3.29 Gb Available in Paging File | 77.77% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 149.05 Gb Total Space | 95.39 Gb Free Space | 64.00% Space Free | Partition Type: NTFS
    Drive E: | 14.91 Gb Total Space | 14.74 Gb Free Space | 98.84% Space Free | Partition Type: NTFS

    Computer Name: BEN-DEL | User Name: Benjamin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3175613772-2373492689-2895465435-1001\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
    "CoreNet-GP-LSASS-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|Name=@FirewallAPI.dll,-25407|Desc=@FirewallAPI.dll,-25408|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "CoreNet-DNS-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-25405|Desc=@FirewallAPI.dll,-25406|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "CoreNet-GP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Name=@FirewallAPI.dll,-25403|Desc=@FirewallAPI.dll,-25404|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "CoreNet-GP-NP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-25401|Desc=@FirewallAPI.dll,-25401|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "CoreNet-IPv6-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25352|Desc=@FirewallAPI.dll,-25358|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "CoreNet-IPv6-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=41|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25351|Desc=@FirewallAPI.dll,-25358|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "CoreNet-Teredo-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25327|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "CoreNet-Teredo-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25326|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "CoreNet-DHCP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25302|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "CoreNet-DHCP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "CoreNet-IGMP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25377|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "CoreNet-IGMP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=2|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25376|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "CoreNet-ICMP4-DUFRAG-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25252|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "CoreNet-ICMP4-DUFRAG-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25251|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "CoreNet-ICMP6-PP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25117|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "CoreNet-ICMP6-PP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25116|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "CoreNet-ICMP6-TE-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25114|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "CoreNet-ICMP6-TE-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25113|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "CoreNet-ICMP6-DU-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25111|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "CoreNet-ICMP6-DU-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25110|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "CoreNet-ICMP6-LD-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25083|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "CoreNet-ICMP6-LD-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25082|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "CoreNet-ICMP6-LR2-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25076|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "CoreNet-ICMP6-LR2-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25075|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "CoreNet-ICMP6-LR-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25069|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "CoreNet-ICMP6-LR-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25068|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "CoreNet-ICMP6-LQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25062|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "CoreNet-ICMP6-LQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25061|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "CoreNet-ICMP6-NDA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25027|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "CoreNet-ICMP6-NDA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25026|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "CoreNet-ICMP6-NDS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25020|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "CoreNet-ICMP6-NDS-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25019|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "CoreNet-ICMP6-RA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25013|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "CoreNet-ICMP6-RA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25012|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "CoreNet-ICMP6-RS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=133:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25008|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "CoreNet-ICMP6-PTB-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25002|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "CoreNet-ICMP6-PTB-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25001|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
    "RemoteDesktop-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=3389|Name=@FirewallAPI.dll,-28753|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|AutoGenIPsec=FALSE|Edge=FALSE|
    "FPS-ICMP6-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    "FPS-ICMP6-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    "FPS-ICMP4-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    "FPS-ICMP4-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    "FPS-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    "FPS-SpoolSvc-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    "FPS-NB_Datagram-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    "FPS-NB_Datagram-In-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    "FPS-NB_Name-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    "FPS-NB_Name-In-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    "FPS-SMB-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    "FPS-SMB-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    "FPS-NB_Session-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    "FPS-NB_Session-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    "FPS-RPCSS-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    "FPS-SpoolSvc-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    "FPS-NB_Datagram-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    "FPS-NB_Datagram-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    "FPS-NB_Name-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    "FPS-NB_Name-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    "FPS-SMB-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    "FPS-SMB-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    "FPS-NB_Session-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    "FPS-NB_Session-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
    "RemoteAssistance-UPnP-Out-TCP-Active" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    "RemoteAssistance-UPnPHost-Out-TCP-Active" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    "RemoteAssistance-UPnPHost-In-TCP-Active" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    "RemoteAssistance-SSDPSrv-Out-UDP-Active" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    "RemoteAssistance-SSDPSrv-In-UDP-Active" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    "RemoteAssistance-Out-TCP-Active" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    "RemoteAssistance-In-TCP-EdgeScope-Active" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=TRUE|
    "RemoteAssistance-UPnP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    "RemoteAssistance-UPnPHost-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    "RemoteAssistance-UPnPHost-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    "RemoteAssistance-SSDPSrv-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    "RemoteAssistance-SSDPSrv-In-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    "RemoteAssistance-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    "RemoteAssistance-In-TCP-EdgeScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=TRUE|
    "RemoteAssistance-DCOM-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-33035|Desc=@FirewallAPI.dll,-33036|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    "RemoteAssistance-RAServer-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33015|Desc=@FirewallAPI.dll,-33018|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
    "RemoteAssistance-RAServer-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{02AC1FDD-C357-44B3-9548-4CDB865C39EE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{0C18DBC4-1DD2-4E64-AAD6-B2102F0ECB86}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{10BDB9F1-EC1C-49B5-9846-FA75D9039283}" = lport=138 | protocol=17 | dir=in | app=system |
    "{274E969C-8E9D-49A3-B855-9C4879A12F76}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{28AC0FBA-5FAE-41F0-8C4F-A2AC88BBFB7A}" = lport=137 | protocol=17 | dir=in | app=system |
    "{3A82436A-CD18-4FE7-80DB-A400B2E07396}" = rport=137 | protocol=17 | dir=out | app=system |
    "{4160A831-03C4-4A31-8D47-270EAAF6F9CE}" = lport=139 | protocol=6 | dir=in | app=system |
    "{59847062-E57C-4437-BBD9-113FA5E1533C}" = rport=138 | protocol=17 | dir=out | app=system |
    "{60B0B820-9851-4937-8B5F-B5A72EEAE064}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{6A2E5228-4CED-4217-8FD0-6E630031840C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{71CCF7A5-4FFE-424B-AE03-73870CBEDCA1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{8ADD86FF-1C42-43D8-A19B-AEE72E91238E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{8FE9B2D1-5AA3-4541-BFD5-BE2B82100DA7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C6B21B77-F48D-434C-BC86-71287090F551}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{D2A16053-814B-47DA-93D3-99A1C147AF3F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{E6F5FA60-D3D6-4C22-B7F8-109B95AAB730}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{EE727F7D-93E1-4138-A63A-CEA5BF1C407D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F020C4DE-B66B-4563-9A32-3FFE73C79CE1}" = rport=445 | protocol=6 | dir=out | app=system |
    "{F119442E-C967-48B3-BBCD-3CE10A80E095}" = rport=139 | protocol=6 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00FB981D-46E9-4D63-87C3-1D0E5DA3B462}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
    "{0761990D-DE32-45BF-870D-DCD3D94E27D1}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
    "{0E196224-C268-4966-9E77-A1F96D2951AB}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
    "{0E4D56D7-72AA-4FAF-955B-452004295569}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\smc.exe |
    "{1C1EC5F9-9128-4BAB-91D1-A6EA7FA8EDDB}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
    "{2BCC2AE8-6727-454E-A1A5-32C2A107BE0B}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
    "{43A44B77-068D-4C0A-BD69-CA481D7C541D}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe |
    "{54B204ED-16A5-43FD-9BF3-E693A146DC94}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
    "{5DF63DF5-3CEA-4DCE-800C-380F63F9CAB6}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe |
    "{5F02E2F5-8D9E-4422-8D06-8225C67BE06C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{7518EEFC-E772-40F4-8E88-AEA9C379C449}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\smc.exe |
    "{7707F649-67A5-4379-A1C6-221D9DD0DF45}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
    "{7C8B715A-8A9A-424B-A92E-8E1E1FFA176C}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
    "{7F73950B-9448-42A0-AEF1-5AEC15F3C0AF}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe |
    "{843FDB49-3F6E-4E67-8C2A-F5A8C2A3410A}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
    "{8D6A4657-1B47-4BBE-8FD9-2DCC32A07212}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
    "{9C1AF421-0147-437D-A094-94D1C52B971F}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
    "{A8310CAF-37D7-4BFB-AB68-57F81050B676}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{B360030D-A289-42CC-A4F4-E6FE94797F08}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe |
    "{B6F76FD9-83B3-4822-B845-3D280FD43D2A}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\snac.exe |
    "{BBDF1030-62A9-4873-8104-64306CAB591A}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
    "{BF1C2639-47AC-4D9E-AE95-783A027AA809}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{D4E2B5DC-6DF8-45EF-87E4-9D055A508654}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\snac.exe |
    "{EA688FC6-C823-4DF7-BDA6-ED3C3BD842DF}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
    "{EF7FB33C-84F3-47C9-A552-23B135155FE1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{F02D5E87-6BCA-4010-BC8B-A2843B34A5B1}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
    "{FB1ADCCD-D00C-44A9-B203-7D753FB7CC12}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "TCP Query User{4FC60BFD-8A0E-435E-B6DB-C052A11A32B4}C:\users\benjamin\appdata\local\temp\rarsfx0\windows utilities\installer32\installationmanager.exe" = protocol=6 | dir=in | app=c:\users\benjamin\appdata\local\temp\rarsfx0\windows utilities\installer32\installationmanager.exe |
    "TCP Query User{9F818C18-317F-4FDA-8967-54AAD0CD5507}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
    "UDP Query User{BE867B8F-2B42-4C26-95A7-C1D9BD1F0595}C:\users\benjamin\appdata\local\temp\rarsfx0\windows utilities\installer32\installationmanager.exe" = protocol=17 | dir=in | app=c:\users\benjamin\appdata\local\temp\rarsfx0\windows utilities\installer32\installationmanager.exe |
    "UDP Query User{C0E9FDF8-A970-4E0F-A828-A167C90B0C96}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
    "{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.439
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
    "{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{A3AEEA68-AC93-4F6F-8D2D-78BBF7E422B8}" = Symantec Endpoint Protection
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Crossrider" = Crossrider Web Apps
    "DivX Setup" = Instalação do DivX
    "Giraffic" = Veoh Giraffic Video Accelerator
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "STANDARDR" = Microsoft Office Standard 2007
    "Veoh Web Player Beta" = Veoh Web Player
    "VLC media player" = VLC media player 1.0.1
    "Xerox_Support_Centre" = Xerox Support Centre

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3175613772-2373492689-2895465435-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Amazon Kindle" = Amazon Kindle
    "ExpressFiles" = ExpressFiles
    "Google Chrome" = Google Chrome
    "SwiftKit" = SwiftKit

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/7/2012 9:05:50 PM | Computer Name = BEN-DEL.hedrick.local | Source = WinMgmt | ID = 10
    Description =

    Error - 8/7/2012 9:18:48 PM | Computer Name = BEN-DEL.hedrick.local | Source = WinMgmt | ID = 10
    Description =

    Error - 8/8/2012 4:11:54 PM | Computer Name = BEN-DEL.hedrick.local | Source = WinMgmt | ID = 10
    Description =

    Error - 8/8/2012 4:36:10 PM | Computer Name = BEN-DEL.hedrick.local | Source = WinMgmt | ID = 10
    Description =

    Error - 8/9/2012 12:43:16 PM | Computer Name = BEN-DEL.hedrick.local | Source = WinMgmt | ID = 10
    Description =

    Error - 8/9/2012 2:30:30 PM | Computer Name = BEN-DEL.hedrick.local | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec
    Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe Event Info: Open Process
    ActionTaken:
    Logged Actor Process: C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\MBAM.EXE (PID
    2028) Time: Thursday, August 09, 2012 11:30:30 AM

    Error - 8/9/2012 2:30:30 PM | Computer Name = BEN-DEL.hedrick.local | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec
    Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe Event Info: Open Process ActionTaken:
    Logged Actor Process: C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\MBAM.EXE (PID
    2028) Time: Thursday, August 09, 2012 11:30:30 AM

    Error - 8/9/2012 2:30:30 PM | Computer Name = BEN-DEL.hedrick.local | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec
    Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe Event Info: Open Process
    ActionTaken:
    Logged Actor Process: C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\MBAM.EXE (PID
    2028) Time: Thursday, August 09, 2012 11:30:30 AM

    Error - 8/9/2012 3:30:45 PM | Computer Name = BEN-DEL.hedrick.local | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec
    Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe Event Info: Open Process
    ActionTaken:
    Logged Actor Process: C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\MBAM.EXE (PID
    1168) Time: Thursday, August 09, 2012 12:30:45 PM

    Error - 8/9/2012 3:30:45 PM | Computer Name = BEN-DEL.hedrick.local | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec
    Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe Event Info: Open Process ActionTaken:
    Logged Actor Process: C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\MBAM.EXE (PID
    1168) Time: Thursday, August 09, 2012 12:30:45 PM

    [ System Events ]
    Error - 8/8/2012 4:34:52 PM | Computer Name = BEN-DEL.hedrick.local | Source = NETLOGON | ID = 5719
    Description = This computer was not able to set up a secure session with a domain
    controller
    in domain HEDRICK due to the following: %%1311 This may lead to authentication problems.
    Make sure that this computer is connected to the network. If the problem persists,
    please
    contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
    for the specified domain, it sets up the secure session to the primary domain controller
    emulator in the specified domain. Otherwise, this computer sets up the secure session
    to any domain controller in the specified domain.

    Error - 8/8/2012 4:35:20 PM | Computer Name = BEN-DEL.hedrick.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
    Description = The processing of Group Policy failed because of lack of network connectivity
    to a domain controller. This may be a transient condition. A success message would
    be generated once the machine gets connected to the domain controller and Group
    Policy has succesfully processed. If you do not see a success message for several
    hours, then contact your administrator.

    Error - 8/8/2012 8:35:22 PM | Computer Name = BEN-DEL.hedrick.local | Source = NETLOGON | ID = 5719
    Description = This computer was not able to set up a secure session with a domain
    controller
    in domain HEDRICK due to the following: %%1311 This may lead to authentication problems.
    Make sure that this computer is connected to the network. If the problem persists,
    please
    contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
    for the specified domain, it sets up the secure session to the primary domain controller
    emulator in the specified domain. Otherwise, this computer sets up the secure session
    to any domain controller in the specified domain.

    Error - 8/9/2012 12:35:47 AM | Computer Name = BEN-DEL.hedrick.local | Source = NETLOGON | ID = 5719
    Description = This computer was not able to set up a secure session with a domain
    controller
    in domain HEDRICK due to the following: %%1311 This may lead to authentication problems.
    Make sure that this computer is connected to the network. If the problem persists,
    please
    contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
    for the specified domain, it sets up the secure session to the primary domain controller
    emulator in the specified domain. Otherwise, this computer sets up the secure session
    to any domain controller in the specified domain.

    Error - 8/9/2012 4:36:20 AM | Computer Name = BEN-DEL.hedrick.local | Source = NETLOGON | ID = 5719
    Description = This computer was not able to set up a secure session with a domain
    controller
    in domain HEDRICK due to the following: %%1311 This may lead to authentication problems.
    Make sure that this computer is connected to the network. If the problem persists,
    please
    contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
    for the specified domain, it sets up the secure session to the primary domain controller
    emulator in the specified domain. Otherwise, this computer sets up the secure session
    to any domain controller in the specified domain.

    Error - 8/9/2012 8:51:53 AM | Computer Name = BEN-DEL.hedrick.local | Source = NETLOGON | ID = 5719
    Description = This computer was not able to set up a secure session with a domain
    controller
    in domain HEDRICK due to the following: %%1311 This may lead to authentication problems.
    Make sure that this computer is connected to the network. If the problem persists,
    please
    contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
    for the specified domain, it sets up the secure session to the primary domain controller
    emulator in the specified domain. Otherwise, this computer sets up the secure session
    to any domain controller in the specified domain.

    Error - 8/9/2012 12:42:02 PM | Computer Name = BEN-DEL.hedrick.local | Source = NETLOGON | ID = 5719
    Description = This computer was not able to set up a secure session with a domain
    controller
    in domain HEDRICK due to the following: %%1311 This may lead to authentication problems.
    Make sure that this computer is connected to the network. If the problem persists,
    please
    contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
    for the specified domain, it sets up the secure session to the primary domain controller
    emulator in the specified domain. Otherwise, this computer sets up the secure session
    to any domain controller in the specified domain.

    Error - 8/9/2012 12:42:32 PM | Computer Name = BEN-DEL.hedrick.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
    Description = The processing of Group Policy failed because of lack of network connectivity
    to a domain controller. This may be a transient condition. A success message would
    be generated once the machine gets connected to the domain controller and Group
    Policy has succesfully processed. If you do not see a success message for several
    hours, then contact your administrator.

    Error - 8/9/2012 2:31:37 PM | Computer Name = BEN-DEL.hedrick.local | Source = NETLOGON | ID = 5721
    Description = The session setup to the Windows NT or Windows 2000 Domain Controller
    \\hedcogaserver.hedrick.local for the domain HEDRICK failed because the Domain Controller
    did not have an account BEN-DEL$ needed to set up the session by this computer BEN-DEL.

    ADDITIONAL
    DATA If this computer is a member of or a Domain Controller in the specified domain,
    the aforementioned account is a computer account for this computer in the specified
    domain. Otherwise, the account is an interdomain trust account with the specified
    domain.

    Error - 8/9/2012 2:31:58 PM | Computer Name = BEN-DEL.hedrick.local | Source = NETLOGON | ID = 5721
    Description = The session setup to the Windows NT or Windows 2000 Domain Controller
    \\hedcodserver for the domain HEDRICK failed because the Domain Controller did not
    have an account BEN-DEL$ needed to set up the session by this computer BEN-DEL. ADDITIONAL
    DATA If this computer is a member of or a Domain Controller in the specified domain,
    the aforementioned account is a computer account for this computer in the specified
    domain. Otherwise, the account is an interdomain trust account with the specified
    domain.


    < End of report >
    I s
  20. Broni

    Broni Malware Annihilator Posts: 45,316   +243

    ??

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2012/08/04 13:15:23 | 000,000,000 | ---D | C] -- C:\FRST
      [2011/12/12 21:17:08 | 000,000,304 | ---- | C] () -- C:\ProgramData\~otoZiP8LlaLv28
      [2011/12/12 21:17:08 | 000,000,224 | ---- | C] () -- C:\ProgramData\~otoZiP8LlaLv28r
      [2011/12/12 21:17:04 | 000,000,456 | ---- | C] () -- C:\ProgramData\otoZiP8LlaLv28
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step run the fix from safe mode.

    =====================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  21. glhglh

    glhglh TechSpot Maniac Topic Starter Posts: 324

    All processes killed
    Error: Unable to interpret <· :OTL> in the current context!
    Error: Unable to interpret <· O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)> in the current context!
    Error: Unable to interpret <· [2012/08/04 13:15:23 | 000,000,000 | ---D | C] -- C:\FRST> in the current context!
    Error: Unable to interpret <· [2011/12/12 21:17:08 | 000,000,304 | ---- | C] () -- C:\ProgramData\~otoZiP8LlaLv28> in the current context!
    Error: Unable to interpret <· [2011/12/12 21:17:08 | 000,000,224 | ---- | C] () -- C:\ProgramData\~otoZiP8LlaLv28r> in the current context!
    Error: Unable to interpret <· [2011/12/12 21:17:04 | 000,000,456 | ---- | C] () -- C:\ProgramData\otoZiP8LlaLv28> in the current context!
    Error: Unable to interpret <· > in the current context!
    Error: Unable to interpret <· :Commands> in the current context!
    Error: Unable to interpret <· [purity]> in the current context!
    Error: Unable to interpret <· [emptytemp]> in the current context!
    Error: Unable to interpret <· [emptyjava]> in the current context!
    Error: Unable to interpret <· [emptyflash]> in the current context!
    Error: Unable to interpret <· [Reboot]> in the current context!

    OTL by OldTimer - Version 3.2.56.0 log created on 08092012_175036
    Files\Folders moved on Reboot...
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
  22. glhglh

    glhglh TechSpot Maniac Topic Starter Posts: 324

    Results of screen317's Security Check version 0.99.43
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Symantec Endpoint Protection
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.62.0.1300
    JavaFX 2.1.1
    Java(TM) 6 Update 31
    Java(TM) 7 Update 5
    Adobe Flash Player 11.3.300.270
    Mozilla Firefox (14.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    Norton ccSvcHst.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 2 % Defragment your hard drive soon!
    ````````````````````End of Log``````````````````````
  23. Broni

    Broni Malware Annihilator Posts: 45,316   +243

    OTL fix log is incorrect.
    You didn't copy my entire script.
    Redo.
  24. glhglh

    glhglh TechSpot Maniac Topic Starter Posts: 324

    Shall I do the other two again also?
    All processes killed
    ========== OTL ==========
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\FRST\Quarantine folder moved successfully.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    C:\ProgramData\~otoZiP8LlaLv28 moved successfully.
    C:\ProgramData\~otoZiP8LlaLv28r moved successfully.
    C:\ProgramData\otoZiP8LlaLv28 moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Benjamin
    ->Temp folder emptied: 359512 bytes
    ->Temporary Internet Files folder emptied: 23997981 bytes
    ->Java cache emptied: 128105554 bytes
    ->FireFox cache emptied: 68279293 bytes
    ->Google Chrome cache emptied: 319096529 bytes
    ->Flash cache emptied: 57254 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56466 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: glh
    ->Temp folder emptied: 498528 bytes
    ->Temporary Internet Files folder emptied: 11712070 bytes
    ->Flash cache emptied: 646 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: 4728030 bytes

    Total Files Cleaned = 531.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Benjamin
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: glh

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Benjamin
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: glh
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.56.0 log created on 08092012_183901
    Files\Folders moved on Reboot...
    C:\Users\Benjamin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FFMKXOB\ads[2].htm moved successfully.
    PendingFileRenameOperations files...
    File C:\Users\Benjamin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FFMKXOB\ads[2].htm not found!
    Registry entries deleted on Reboot...
  25. Broni

    Broni Malware Annihilator Posts: 45,316   +243

    No, you're fine.
    Go ahead with Eset.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.