also @ TechSpot: Adobe Creative Cloud apps now available; Photoshop CC includes new features

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Trojan.Maljavagen23 & various PUBs

Discussion in 'Virus and Malware Removal' started by glhglh, Aug 1, 2012.

Post New Reply

Page 2 of 4

glhglh TechSpot Maniac Posts: 323

after each of these commands, the reaponce was "information: you may need to update /etc/fstab.
as it was booting, there was a quick box with something being changed, but it was very fastl. something 2/47, then booted in safe mode
beginning of safe mode, confirmed network name and domain.
copied listparts to desktop and opened, there was a box "list BCD" I did not check this box.
Ran scan.
ListParts by Farbar Version: 25-07-2012
Ran by Benjamin (administrator) on 06-08-2012 at 10:45:37
Windows Vista (X86)
Running From: C:\Users\Benjamin\Desktop
Language: 0409
************************************************************
========================= Memory info ======================
Percentage of memory in use: 20%
Total physical RAM: 2045.39 MB
Available physical RAM: 1626.12 MB
Total Pagefile: 2218.16 MB
Available Pagefile: 1967.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1984.26 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:149.05 GB) (Free:88.03 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (PATRIOT) (Removable) (Total:14.91 GB) (Free:14.75 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 Online 15 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 149 GB 1024 KB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 149 GB Healthy Boot
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 4032 KB
======================================================================================================
Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E PATRIOT NTFS Removable 15 GB Healthy
======================================================================================================
==========================================================
TDL4: custom:26000022

****** End Of Log ******

glhglh, Aug 6, 2012

#21
Broni Malware Annihilator Posts: 40,051 +187

That looks good.

Please give me fresh FRST log.

Broni, Aug 6, 2012

#22
glhglh TechSpot Maniac Posts: 323

Where do I download frst?

glhglh, Aug 6, 2012

#23
Broni Malware Annihilator Posts: 40,051 +187

See my post #16.
You did it before.

Broni, Aug 6, 2012

#24
glhglh TechSpot Maniac Posts: 323

Getting old is a *****!!!!!!!!
What is the "script" that keeps freezing my IE tab each time I try to post a log? the tab freezes & the box at the bottom says: "techspot.com is not responding due to a long-running script" then there is a button to stop script.
if I do nothing, it stays frozen, if I push stop script soon, I just reload the tab, if I wait a few minutes, I need to close IE and start again.
This has been hapening for this issue. I don't remember the problem in the past with other problems.

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 06-08-2012 18:36:21
Running from E:\
Windows Vista (TM) Business Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [XeroxRegistation] "C:\Users\Benjamin\AppData\Local\Temp\Xerox\EReg\EReg.exe" /Startup [137728 2008-03-13] (Xerox Corporation)
HKU\Benjamin\...\Run: [CrossRiderPlugin] C:\Program Files\CrossriderWebApps\Crossrider.exe [478720 2011-05-15] (Crossrider)
Winlogon\Notify\SEP: C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.5
================================ Services (Whitelisted) ==================
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-20] (Microsoft Corporation)
4 Giraffic; C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe --service [2232504 2012-07-02] (Giraffic)
2 SepMasterService; "C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe" /s "Symantec Endpoint Protection" /m "C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\sms.dll" /prefetch:1 [167344 2011-08-26] (Symantec Corporation)
3 SmcService; "C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe" /prefetch:1 [1664744 2011-08-26] (Symantec Corporation)
3 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe [280496 2011-08-26] (Symantec Corporation)
4 Updater Service for StartNow Toolbar; C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe [265952 2012-04-20] ()
4 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [185856 2012-05-08] ()
========================== Drivers (Whitelisted) =============
1 BHDrvx86; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20120711.012\BHDrvx86.sys [821920 2012-06-20] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-06-29] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-05-30] (Symantec Corporation)
1 IDSVix86; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20120801.001\IDSvix86.sys [382624 2012-07-31] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120801.004\NAVENG.SYS [87928 2012-07-31] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120801.004\NAVEX15.SYS [1589752 2012-07-31] (Symantec Corporation)
1 SRTSP; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x86\SRTSP.SYS [516216 2011-08-26] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x86\SRTSPX.SYS [50168 2011-08-26] (Symantec Corporation)
0 SymDS; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x86\SYMDS.SYS [340088 2011-08-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x86\SYMEFA.SYS [756856 2011-08-26] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [127096 2011-08-26] (Symantec Corporation)
1 SymIRON; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x86\Ironx86.SYS [136312 2011-08-26] (Symantec Corporation)
1 SYMTDIV; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x86\SYMTDIV.SYS [331384 2011-08-26] (Symantec Corporation)
1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [50096 2011-08-26] (Symantec Corporation)
3 USBCCID; C:\Windows\System32\DRIVERS\usbccid.sys [30208 2009-04-10] (Microsoft Corporation)
3 catchme; \??\C:\Users\Benjamin\AppData\Local\Temp\catchme.sys [x]
3 COH_Mon; \??\C:\Windows\system32\Drivers\COH_Mon.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-08-06 17:12 - 2012-08-04 10:22 - 00892822 ____A (Farbar) C:\Users\Benjamin\Desktop\FRST.exe
2012-08-06 09:45 - 2012-08-06 09:45 - 00002530 ____A C:\Users\Benjamin\Desktop\Result.txt
2012-08-06 09:44 - 2012-08-06 09:23 - 00306999 ____A (Farbar) C:\Users\Benjamin\Desktop\ListParts.exe
2012-08-06 09:33 - 2012-08-06 17:18 - 268435456 __ASH C:\Windows\System32\temppf.sys
2012-08-06 09:11 - 2012-08-06 09:12 - 67108864 ____A C:\Users\Benjamin\Desktop\xpud-0.9.2.iso
2012-08-06 09:05 - 2012-08-06 09:17 - 00000000 ____D C:\Users\Benjamin\Desktop\GETxPUD
2012-08-06 09:05 - 2012-08-06 08:59 - 00497272 ____A C:\Users\Benjamin\Desktop\GETxPUD.exe
2012-08-05 08:54 - 2012-08-05 08:54 - 00000000 ____D C:\Users\glh\Desktop\tdsskiller
2012-08-05 08:53 - 2012-08-05 08:53 - 00000000 ____D C:\tdsskiller
2012-08-04 12:15 - 2012-08-04 12:15 - 00000000 ____D C:\FRST
2012-08-03 21:06 - 2012-08-03 21:13 - 00000000 ___SD C:\sewf8374ljk
2012-08-02 18:10 - 2012-08-02 18:10 - 00000000 ____A C:\Users\Benjamin\Documents\gmer 2.log
2012-08-02 12:20 - 2012-08-03 20:58 - 00000366 ____A C:\rkill.log
2012-08-01 18:24 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-01 18:24 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-01 18:24 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-01 18:24 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-01 18:24 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-01 18:24 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-01 18:24 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-01 18:24 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-01 18:17 - 2012-08-01 18:23 - 00000000 ____D C:\Qoobox
2012-08-01 18:16 - 2012-08-01 18:16 - 00000000 ____D C:\Windows\erdnt
2012-08-01 18:13 - 2012-08-01 18:12 - 04722680 ____R (Swearware) C:\Users\Benjamin\Desktop\sewf8374ljk.exe
2012-08-01 16:46 - 2012-08-01 16:46 - 00002385 ____A C:\Users\Benjamin\Desktop\RKreport[1].txt
2012-08-01 16:44 - 2012-08-01 16:46 - 00000000 ____D C:\Users\Benjamin\Desktop\RK_Quarantine
2012-08-01 09:59 - 2012-08-01 09:59 - 00000076 ____A C:\Users\Benjamin\AppData\Roaming\mbam.context.scan
2012-07-31 18:29 - 2012-07-31 18:42 - 00000941 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-31 18:28 - 2012-08-03 20:59 - 00000000 ____D C:\Users\Benjamin\Desktop\Ben Virus scans
2012-07-23 18:18 - 2012-07-23 18:18 - 00158184 ____A C:\Windows\Minidump\Mini072312-01.dmp
2012-07-17 18:12 - 2012-07-17 18:12 - 00000000 ____D C:\Users\Benjamin\AppData\Local\Proxure
2012-07-17 18:11 - 2012-07-17 18:11 - 00000000 ____D C:\Users\All Users\ClubSanDisk
2012-07-17 13:53 - 2012-07-17 13:53 - 00000000 ____D C:\Program Files\Oracle
2012-07-17 13:52 - 2012-07-05 21:06 - 00772544 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-07-17 13:52 - 2012-07-05 21:06 - 00227760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-07-17 13:51 - 2012-07-17 13:49 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-07-17 13:51 - 2012-07-17 13:49 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-07-17 13:47 - 2012-07-17 13:47 - 00000000 ____D C:\Users\All Users\McAfee
2012-07-17 13:46 - 2012-07-17 13:46 - 00893936 ____A (Oracle Corporation) C:\Users\Benjamin\Downloads\chromeinstall-7u5.exe
2012-07-17 13:46 - 2012-07-17 13:46 - 00893936 ____A (Oracle Corporation) C:\Users\Benjamin\Downloads\chromeinstall-7u5 (1).exe
2012-07-13 15:48 - 2012-07-13 15:48 - 00000000 ____D C:\Program Files\Incredibar.com
2012-07-13 15:47 - 2012-07-13 15:47 - 00000000 ____D C:\Program Files\Web Assistant
2012-07-13 15:46 - 2012-07-13 15:46 - 00000000 ____D C:\Users\Benjamin\AppData\Local\Codec-V
2012-07-13 15:45 - 2012-08-01 12:04 - 00000000 ____D C:\Program Files\Codec-V
2012-07-12 17:46 - 2012-07-12 17:46 - 00000000 ____D C:\Users\All Users\Graboid Inc
2012-07-12 17:39 - 2012-07-12 17:40 - 37996064 ____A C:\Users\Benjamin\Downloads\GraboidVideoSetup-3.11.exe
2012-07-12 06:51 - 2012-07-31 15:51 - 09821896 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
============ 3 Months Modified Files ========================
2012-08-06 17:19 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-06 17:18 - 2012-08-06 09:33 - 268435456 __ASH C:\Windows\System32\temppf.sys
2012-08-06 09:45 - 2012-08-06 09:45 - 00002530 ____A C:\Users\Benjamin\Desktop\Result.txt
2012-08-06 09:23 - 2012-08-06 09:44 - 00306999 ____A (Farbar) C:\Users\Benjamin\Desktop\ListParts.exe
2012-08-06 09:23 - 2008-01-20 17:39 - 01577753 ____A C:\Windows\WindowsUpdate.log
2012-08-06 09:23 - 2006-11-02 05:01 - 00032624 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-06 09:23 - 2006-11-02 04:47 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-06 09:23 - 2006-11-02 04:47 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-06 09:22 - 2012-06-22 22:12 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3175613772-2373492689-2895465435-1001UA.job
2012-08-06 09:12 - 2012-08-06 09:11 - 67108864 ____A C:\Users\Benjamin\Desktop\xpud-0.9.2.iso
2012-08-06 08:59 - 2012-08-06 09:05 - 00497272 ____A C:\Users\Benjamin\Desktop\GETxPUD.exe
2012-08-06 08:51 - 2012-04-04 07:33 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-06 02:20 - 2006-11-02 02:33 - 00703388 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-05 22:22 - 2012-06-22 22:11 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3175613772-2373492689-2895465435-1001Core.job
2012-08-04 10:22 - 2012-08-06 17:12 - 00892822 ____A (Farbar) C:\Users\Benjamin\Desktop\FRST.exe
2012-08-04 08:17 - 2006-11-02 05:00 - 00806248 ____A C:\Windows\PFRO.log
2012-08-03 20:58 - 2012-08-02 12:20 - 00000366 ____A C:\rkill.log
2012-08-03 20:53 - 2011-12-12 23:25 - 00001356 ____A C:\Users\Benjamin\AppData\Local\d3d9caps.dat
2012-08-02 18:10 - 2012-08-02 18:10 - 00000000 ____A C:\Users\Benjamin\Documents\gmer 2.log
2012-08-01 18:12 - 2012-08-01 18:13 - 04722680 ____R (Swearware) C:\Users\Benjamin\Desktop\sewf8374ljk.exe
2012-08-01 18:12 - 2006-11-02 04:52 - 00028016 ____A C:\Windows\setupact.log
2012-08-01 16:46 - 2012-08-01 16:46 - 00002385 ____A C:\Users\Benjamin\Desktop\RKreport[1].txt
2012-08-01 09:59 - 2012-08-01 09:59 - 00000076 ____A C:\Users\Benjamin\AppData\Roaming\mbam.context.scan
2012-07-31 18:42 - 2012-07-31 18:29 - 00000941 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-31 15:51 - 2012-07-12 06:51 - 09821896 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2012-07-31 15:51 - 2012-04-04 07:33 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-31 15:51 - 2011-06-06 14:21 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-23 18:18 - 2012-07-23 18:18 - 00158184 ____A C:\Windows\Minidump\Mini072312-01.dmp
2012-07-23 18:18 - 2011-04-03 22:30 - 273275364 ____A C:\Windows\MEMORY.DMP
2012-07-17 13:49 - 2012-07-17 13:51 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-07-17 13:49 - 2012-07-17 13:51 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-07-17 13:46 - 2012-07-17 13:46 - 00893936 ____A (Oracle Corporation) C:\Users\Benjamin\Downloads\chromeinstall-7u5.exe
2012-07-17 13:46 - 2012-07-17 13:46 - 00893936 ____A (Oracle Corporation) C:\Users\Benjamin\Downloads\chromeinstall-7u5 (1).exe
2012-07-12 17:40 - 2012-07-12 17:39 - 37996064 ____A C:\Users\Benjamin\Downloads\GraboidVideoSetup-3.11.exe
2012-07-11 11:29 - 2012-06-22 22:15 - 00002092 ____A C:\Users\Benjamin\Desktop\Google Chrome.lnk
2012-07-11 02:21 - 2006-11-02 02:23 - 00000219 ____A C:\Windows\win.ini
2012-07-11 02:08 - 2006-11-02 02:24 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-05 21:06 - 2012-07-17 13:52 - 00772544 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-07-05 21:06 - 2012-07-17 13:52 - 00227760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-07-05 21:06 - 2011-04-11 12:13 - 00687544 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-06-27 22:56 - 2012-06-27 22:54 - 00001932 ____A C:\Users\Public\Desktop\DivX Plus Converter.lnk
2012-06-27 22:55 - 2012-03-31 20:27 - 00001432 ____A C:\Users\Benjamin\Desktop\DivX Movies.lnk
2012-06-27 22:54 - 2012-06-27 22:54 - 00000952 ____A C:\Users\Public\Desktop\DivX Plus Player.lnk
2012-06-27 22:50 - 2012-06-27 22:50 - 00933256 ____A (DivX, LLC) C:\Users\Benjamin\Downloads\DivXInstaller(1).exe
2012-06-23 12:21 - 2012-06-23 12:21 - 00157576 ____A C:\Windows\Minidump\Mini062312-01.dmp
2012-06-22 22:11 - 2012-06-22 22:10 - 00739824 ____A (Google Inc.) C:\Users\Benjamin\Downloads\ChromeSetup(1).exe
2012-06-19 19:33 - 2012-06-19 19:32 - 00157568 ____A C:\Windows\Minidump\Mini061912-01.dmp
2012-06-16 16:11 - 2012-06-16 16:11 - 00157544 ____A C:\Windows\Minidump\Mini061612-01.dmp
2012-06-10 20:36 - 2011-11-05 11:55 - 00000032 ___AH C:\Users\Benjamin\jagex_cl_runescape_LIVE.dat
2012-06-02 14:19 - 2012-06-22 11:08 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-22 11:08 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-22 11:08 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-22 11:07 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-22 11:07 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:19 - 2012-06-22 11:07 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-22 11:08 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-22 11:07 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:12 - 2012-06-22 11:07 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-29 11:35 - 2012-05-29 11:35 - 00000839 ____A C:\Users\Benjamin\Desktop\SwiftKit.lnk
2012-05-29 11:32 - 2011-03-31 19:25 - 00004109 ____A C:\Windows\IE9_main.log
2012-05-29 11:22 - 2012-05-29 11:22 - 00000000 _RASH C:\MSDOS.SYS
2012-05-29 11:22 - 2012-05-29 11:22 - 00000000 _RASH C:\IO.SYS
2012-05-29 11:06 - 2012-05-29 11:05 - 03343772 ____A () C:\Users\Benjamin\Downloads\SwiftKit(Install)(1).exe
2012-05-14 19:11 - 2012-05-14 19:11 - 00157608 ____A C:\Windows\Minidump\Mini051412-01.dmp
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 22%
Total physical RAM: 2045.39 MB
Available physical RAM: 1595.33 MB
Total Pagefile: 1823.89 MB
Available Pagefile: 1650.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1980.95 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:149.05 GB) (Free:86.05 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (VISTA_SP1_BUSINESS) (CDROM) (Total:3.01 GB) (Free:0 GB) UDF
3 Drive e: (PATRIOT) (Removable) (Total:14.91 GB) (Free:14.74 GB) NTFS
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 Online 15 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 149 GB 1024 KB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 149 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 4032 KB
==================================================================================
Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E PATRIOT NTFS Removable 15 GB Healthy
==================================================================================
==========================================================
TDL4: custom:26000022 <===== ATTENTION!

==========================================================
Last Boot: 2012-08-06 02:20

======================= End Of Log ==========================

Also, during this process, my internet connection was changed from my domain (hedrick.local) to public connection #2?
This is on my desktop computer. and has happened all weekend. I just rebooted, and got back to hedrick.local, with an internet connection. but once I try to post the changes have happened.

glhglh, Aug 6, 2012

#25

glhglh TechSpot Maniac Posts: 323

inorder to post the above, I rebooted, opened techstop, and it took three times to post. the only way
I get to post is to have my left hand ready to paste, and the mouse on the post reply button, and post it right away.

this is strange.

glhglh, Aug 6, 2012

#26

glhglh TechSpot Maniac Posts: 323

is there a program to see if the network or router has been hacked, and someone is using it to send things out?

when I find that one of the computers' connection has been changed from domain.local to public network #2, and look at the local area connection status, the "sent" activity is higher by a factor of 10 then the received. different than when it is right.

glhglh, Aug 6, 2012

#27
Broni Malware Annihilator Posts: 40,051 +187
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally.

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
Attached Files:
- fixlist.txt
  
  File size:
  
  39 bytes
  
  Views:
  
  2
Broni, Aug 7, 2012

#28
glhglh TechSpot Maniac Posts: 323

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-08-07 15:02:41 Run:1
Running from E:\
==============================================

The operation completed successfully.
The operation completed successfully.
==== End of Fixlog ====

glhglh, Aug 7, 2012

#29
glhglh TechSpot Maniac Posts: 323

15:10:45.0254 2756 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
15:10:45.0332 2756 ============================================================
15:10:45.0332 2756 Current date / time: 2012/08/07 15:10:45.0332
15:10:45.0332 2756 SystemInfo:
15:10:45.0332 2756
15:10:45.0332 2756 OS Version: 6.0.6002 ServicePack: 2.0
15:10:45.0332 2756 Product type: Workstation
15:10:45.0332 2756 ComputerName: BEN-DEL
15:10:45.0332 2756 UserName: Benjamin
15:10:45.0332 2756 Windows directory: C:\Windows
15:10:45.0332 2756 System windows directory: C:\Windows
15:10:45.0332 2756 Processor architecture: Intel x86
15:10:45.0332 2756 Number of processors: 2
15:10:45.0332 2756 Page size: 0x1000
15:10:45.0332 2756 Boot type: Normal boot
15:10:45.0332 2756 ============================================================
15:10:47.0438 2756 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:10:47.0453 2756 Drive \Device\Harddisk1\DR1 - Size: 0x3BA800000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:10:47.0453 2756 ============================================================
15:10:47.0453 2756 \Device\Harddisk0\DR0:
15:10:47.0453 2756 MBR partitions:
15:10:47.0453 2756 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
15:10:47.0453 2756 \Device\Harddisk1\DR1:
15:10:47.0453 2756 MBR partitions:
15:10:47.0453 2756 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x1F80, BlocksNum 0x1DD2080
15:10:47.0453 2756 ============================================================
15:10:47.0516 2756 C: <-> \Device\Harddisk0\DR0\Partition0
15:10:47.0516 2756 ============================================================
15:10:47.0516 2756 Initialize success
15:10:47.0516 2756 ============================================================
15:10:57.0235 2148 ============================================================
15:10:57.0250 2148 Scan started
15:10:57.0250 2148 Mode: Manual;
15:10:57.0250 2148 ============================================================
15:10:58.0030 2148 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
15:10:58.0046 2148 ACPI - ok
15:10:58.0249 2148 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:10:58.0373 2148 AdobeFlashPlayerUpdateSvc - ok
15:10:58.0483 2148 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
15:10:58.0498 2148 adp94xx - ok
15:10:58.0654 2148 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
15:10:58.0670 2148 adpahci - ok
15:10:58.0701 2148 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
15:10:58.0717 2148 adpu160m - ok
15:10:58.0763 2148 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
15:10:58.0779 2148 adpu320 - ok
15:10:58.0841 2148 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
15:10:58.0841 2148 AeLookupSvc - ok
15:10:58.0904 2148 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
15:10:58.0919 2148 AFD - ok
15:10:58.0966 2148 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
15:10:58.0966 2148 agp440 - ok
15:10:59.0013 2148 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:10:59.0013 2148 aic78xx - ok
15:10:59.0029 2148 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
15:10:59.0044 2148 ALG - ok
15:10:59.0060 2148 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
15:10:59.0075 2148 aliide - ok
15:10:59.0122 2148 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
15:10:59.0122 2148 amdagp - ok
15:10:59.0169 2148 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
15:10:59.0169 2148 amdide - ok
15:10:59.0263 2148 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
15:10:59.0263 2148 AmdK7 - ok
15:10:59.0278 2148 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
15:10:59.0294 2148 AmdK8 - ok
15:10:59.0341 2148 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
15:10:59.0341 2148 Appinfo - ok
15:10:59.0403 2148 AppMgmt (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll
15:10:59.0419 2148 AppMgmt - ok
15:10:59.0450 2148 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
15:10:59.0450 2148 arc - ok
15:10:59.0497 2148 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
15:10:59.0497 2148 arcsas - ok
15:10:59.0528 2148 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:10:59.0528 2148 AsyncMac - ok
15:10:59.0575 2148 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
15:10:59.0575 2148 atapi - ok
15:10:59.0668 2148 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
15:10:59.0684 2148 AudioEndpointBuilder - ok
15:10:59.0699 2148 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
15:10:59.0699 2148 Audiosrv - ok
15:10:59.0793 2148 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:10:59.0809 2148 b57nd60x - ok
15:10:59.0871 2148 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:10:59.0871 2148 Beep - ok
15:10:59.0965 2148 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
15:10:59.0980 2148 BFE - ok
15:11:00.0448 2148 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20120711.012\BHDrvx86.sys
15:11:00.0464 2148 BHDrvx86 - ok
15:11:00.0573 2148 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
15:11:00.0604 2148 BITS - ok
15:11:00.0667 2148 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
15:11:00.0667 2148 blbdrive - ok
15:11:00.0713 2148 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
15:11:00.0713 2148 bowser - ok
15:11:00.0791 2148 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:11:00.0791 2148 BrFiltLo - ok
15:11:00.0823 2148 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:11:00.0838 2148 BrFiltUp - ok
15:11:00.0916 2148 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
15:11:00.0916 2148 Browser - ok
15:11:00.0994 2148 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:11:00.0994 2148 Brserid - ok
15:11:01.0010 2148 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:11:01.0025 2148 BrSerWdm - ok
15:11:01.0041 2148 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:11:01.0041 2148 BrUsbMdm - ok
15:11:01.0072 2148 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:11:01.0088 2148 BrUsbSer - ok
15:11:01.0119 2148 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:11:01.0119 2148 BTHMODEM - ok
15:11:01.0587 2148 catchme - ok
15:11:01.0634 2148 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:11:01.0634 2148 cdfs - ok
15:11:01.0727 2148 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
15:11:01.0727 2148 cdrom - ok
15:11:01.0790 2148 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
15:11:01.0790 2148 CertPropSvc - ok
15:11:01.0868 2148 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
15:11:01.0868 2148 circlass - ok
15:11:01.0930 2148 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
15:11:01.0946 2148 CLFS - ok
15:11:02.0039 2148 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:11:02.0039 2148 clr_optimization_v2.0.50727_32 - ok
15:11:02.0117 2148 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:11:02.0117 2148 clr_optimization_v4.0.30319_32 - ok
15:11:02.0195 2148 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
15:11:02.0195 2148 CmBatt - ok
15:11:02.0320 2148 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
15:11:02.0320 2148 cmdide - ok
15:11:02.0351 2148 COH_Mon - ok
15:11:02.0383 2148 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
15:11:02.0383 2148 Compbatt - ok
15:11:02.0398 2148 COMSysApp - ok
15:11:02.0414 2148 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
15:11:02.0414 2148 crcdisk - ok
15:11:02.0461 2148 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
15:11:02.0461 2148 Crusoe - ok
15:11:02.0523 2148 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
15:11:02.0523 2148 CryptSvc - ok
15:11:02.0648 2148 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
15:11:02.0663 2148 CSC - ok
15:11:02.0741 2148 CscService (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll
15:11:02.0741 2148 CscService - ok
15:11:02.0866 2148 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
15:11:02.0975 2148 DcomLaunch - ok
15:11:03.0100 2148 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
15:11:03.0116 2148 DfsC - ok
15:11:03.0724 2148 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
15:11:03.0802 2148 DFSR - ok
15:11:04.0442 2148 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
15:11:04.0442 2148 Dhcp - ok
15:11:04.0551 2148 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
15:11:04.0551 2148 disk - ok
15:11:04.0582 2148 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
15:11:04.0582 2148 Dnscache - ok
15:11:04.0769 2148 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
15:11:04.0801 2148 dot3svc - ok
15:11:04.0863 2148 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
15:11:04.0863 2148 DPS - ok
15:11:04.0941 2148 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:11:04.0941 2148 drmkaud - ok
15:11:05.0113 2148 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
15:11:05.0128 2148 DXGKrnl - ok
15:11:05.0191 2148 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:11:05.0191 2148 E1G60 - ok
15:11:05.0331 2148 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
15:11:05.0331 2148 EapHost - ok
15:11:05.0409 2148 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
15:11:05.0409 2148 Ecache - ok
15:11:05.0643 2148 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
15:11:05.0643 2148 eeCtrl - ok
15:11:05.0737 2148 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
15:11:05.0752 2148 elxstor - ok
15:11:06.0142 2148 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
15:11:06.0205 2148 EMDMgmt - ok
15:11:06.0376 2148 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:11:06.0376 2148 EraserUtilRebootDrv - ok
15:11:06.0439 2148 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
15:11:06.0439 2148 ErrDev - ok
15:11:06.0548 2148 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
15:11:06.0548 2148 EventSystem - ok
15:11:06.0626 2148 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
15:11:06.0626 2148 exfat - ok
15:11:06.0782 2148 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
15:11:06.0782 2148 fastfat - ok
15:11:06.0875 2148 Fax (dfba0f60fa301e5b1bfb1403a93ee23e) C:\Windows\system32\fxssvc.exe
15:11:06.0891 2148 Fax - ok
15:11:06.0938 2148 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
15:11:06.0938 2148 fdc - ok
15:11:07.0016 2148 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
15:11:07.0016 2148 fdPHost - ok
15:11:07.0047 2148 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
15:11:07.0047 2148 FDResPub - ok
15:11:07.0063 2148 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:11:07.0063 2148 FileInfo - ok
15:11:07.0109 2148 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:11:07.0109 2148 Filetrace - ok
15:11:07.0125 2148 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:11:07.0125 2148 flpydisk - ok
15:11:07.0172 2148 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
15:11:07.0172 2148 FltMgr - ok
15:11:07.0312 2148 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
15:11:07.0343 2148 FontCache - ok
15:11:07.0484 2148 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:11:07.0484 2148 FontCache3.0.0.0 - ok
15:11:07.0515 2148 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
15:11:07.0515 2148 Fs_Rec - ok
15:11:07.0562 2148 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
15:11:07.0562 2148 gagp30kx - ok
15:11:07.0671 2148 Giraffic - ok
15:11:07.0952 2148 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
15:11:07.0967 2148 gpsvc - ok
15:11:08.0061 2148 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
15:11:08.0092 2148 HdAudAddService - ok
15:11:08.0186 2148 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:11:08.0217 2148 HDAudBus - ok
15:11:08.0264 2148 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:11:08.0279 2148 HidBth - ok
15:11:08.0326 2148 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:11:08.0342 2148 HidIr - ok
15:11:08.0389 2148 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
15:11:08.0389 2148 hidserv - ok
15:11:08.0451 2148 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
15:11:08.0451 2148 HidUsb - ok
15:11:08.0482 2148 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
15:11:08.0482 2148 hkmsvc - ok
15:11:08.0513 2148 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
15:11:08.0529 2148 HpCISSs - ok
15:11:08.0607 2148 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
15:11:08.0607 2148 HSFHWAZL - ok
15:11:08.0716 2148 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
15:11:08.0779 2148 HSF_DPV - ok
15:11:08.0903 2148 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
15:11:08.0919 2148 HTTP - ok
15:11:08.0966 2148 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
15:11:08.0981 2148 i2omp - ok
15:11:09.0059 2148 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:11:09.0059 2148 i8042prt - ok
15:11:09.0278 2148 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
15:11:09.0309 2148 iaStorV - ok
15:11:09.0902 2148 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:11:09.0949 2148 idsvc - ok
15:11:10.0261 2148 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20120801.001\IDSvix86.sys
15:11:10.0276 2148 IDSVix86 - ok
15:11:11.0899 2148 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:11:11.0914 2148 iirsp - ok
15:11:12.0398 2148 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
15:11:12.0491 2148 IKEEXT - ok
15:11:12.0647 2148 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
15:11:12.0647 2148 intelide - ok
15:11:12.0725 2148 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:11:12.0725 2148 intelppm - ok
15:11:12.0866 2148 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
15:11:12.0866 2148 IPBusEnum - ok
15:11:12.0944 2148 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:11:12.0959 2148 IpFilterDriver - ok
15:11:13.0318 2148 iphlpsvc (7f83b06a929a981bc001b2ea304d2036) C:\Windows\System32\iphlpsvc.dll
15:11:13.0443 2148 iphlpsvc - ok
15:11:13.0459 2148 IpInIp - ok
15:11:13.0599 2148 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
15:11:13.0615 2148 IPMIDRV - ok
15:11:13.0646 2148 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:11:13.0677 2148 IPNAT - ok
15:11:13.0755 2148 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:11:13.0771 2148 IRENUM - ok
15:11:13.0802 2148 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
15:11:13.0817 2148 isapnp - ok
15:11:14.0051 2148 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
15:11:14.0067 2148 iScsiPrt - ok
15:11:14.0114 2148 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:11:14.0129 2148 iteatapi - ok
15:11:14.0176 2148 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:11:14.0192 2148 iteraid - ok
15:11:14.0223 2148 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:11:14.0223 2148 kbdclass - ok
15:11:14.0285 2148 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
15:11:14.0285 2148 kbdhid - ok
15:11:14.0410 2148 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:11:14.0410 2148 KeyIso - ok
15:11:14.0894 2148 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
15:11:15.0065 2148 KSecDD - ok
15:11:15.0752 2148 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
15:11:15.0783 2148 KtmRm - ok
15:11:15.0877 2148 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
15:11:15.0892 2148 LanmanServer - ok
15:11:16.0048 2148 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
15:11:16.0048 2148 LanmanWorkstation - ok
15:11:16.0173 2148 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:11:16.0173 2148 lltdio - ok
15:11:16.0501 2148 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
15:11:16.0594 2148 lltdsvc - ok
15:11:16.0641 2148 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
15:11:16.0641 2148 lmhosts - ok
15:11:16.0844 2148 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
15:11:16.0891 2148 LSI_FC - ok
15:11:16.0969 2148 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
15:11:17.0000 2148 LSI_SAS - ok
15:11:17.0125 2148 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
15:11:17.0187 2148 LSI_SCSI - ok
15:11:17.0312 2148 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:11:17.0343 2148 luafv - ok
15:11:17.0546 2148 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
15:11:17.0577 2148 megasas - ok
15:11:18.0825 2148 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
15:11:19.0043 2148 MegaSR - ok
15:11:19.0184 2148 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:11:19.0184 2148 MMCSS - ok
15:11:19.0293 2148 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:11:19.0293 2148 Modem - ok
15:11:19.0667 2148 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:11:19.0667 2148 monitor - ok
15:11:19.0886 2148 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:11:19.0886 2148 mouclass - ok
15:11:19.0964 2148 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:11:19.0979 2148 mouhid - ok
15:11:20.0213 2148 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:11:20.0229 2148 MountMgr - ok
15:11:20.0900 2148 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:11:20.0947 2148 MozillaMaintenance - ok
15:11:21.0524 2148 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
15:11:21.0571 2148 mpio - ok
15:11:21.0820 2148 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:11:21.0820 2148 mpsdrv - ok
15:11:22.0522 2148 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
15:11:22.0600 2148 MpsSvc - ok
15:11:22.0694 2148 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:11:22.0709 2148 Mraid35x - ok
15:11:23.0037 2148 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
15:11:23.0084 2148 MRxDAV - ok
15:11:23.0146 2148 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:11:23.0146 2148 mrxsmb - ok
15:11:23.0739 2148 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:11:23.0755 2148 mrxsmb10 - ok
15:11:24.0051 2148 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:11:24.0082 2148 mrxsmb20 - ok
15:11:24.0207 2148 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
15:11:24.0223 2148 msahci - ok
15:11:24.0410 2148 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
15:11:24.0503 2148 msdsm - ok
15:11:24.0675 2148 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
15:11:24.0722 2148 MSDTC - ok
15:11:24.0847 2148 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:11:24.0878 2148 Msfs - ok
15:11:24.0987 2148 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:11:24.0987 2148 msisadrv - ok
15:11:25.0424 2148 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
15:11:25.0455 2148 MSiSCSI - ok
15:11:25.0455 2148 msiserver - ok
15:11:25.0564 2148 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:11:25.0564 2148 MSKSSRV - ok
15:11:25.0627 2148 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:11:25.0658 2148 MSPCLOCK - ok
15:11:25.0720 2148 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:11:25.0736 2148 MSPQM - ok
15:11:25.0814 2148 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
15:11:25.0923 2148 MsRPC - ok
15:11:25.0985 2148 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:11:25.0985 2148 mssmbios - ok
15:11:26.0032 2148 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:11:26.0032 2148 MSTEE - ok
15:11:26.0219 2148 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
15:11:26.0235 2148 Mup - ok
15:11:26.0921 2148 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
15:11:27.0046 2148 napagent - ok
15:11:27.0514 2148 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

glhglh, Aug 7, 2012

#30
glhglh TechSpot Maniac Posts: 323

15:11:27.0608 2148 NativeWifiP - ok
15:11:28.0497 2148 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120801.004\NAVENG.SYS
15:11:28.0497 2148 NAVENG - ok
15:11:32.0023 2148 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120801.004\NAVEX15.SYS
15:11:32.0054 2148 NAVEX15 - ok
15:11:33.0177 2148 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
15:11:33.0193 2148 NDIS - ok
15:11:33.0255 2148 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:11:33.0255 2148 NdisTapi - ok
15:11:33.0271 2148 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:11:33.0286 2148 Ndisuio - ok
15:11:33.0317 2148 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:11:33.0317 2148 NdisWan - ok
15:11:33.0364 2148 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:11:33.0364 2148 NDProxy - ok
15:11:33.0395 2148 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:11:33.0395 2148 NetBIOS - ok
15:11:33.0551 2148 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
15:11:33.0567 2148 netbt - ok
15:11:33.0661 2148 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:11:33.0661 2148 Netlogon - ok
15:11:33.0848 2148 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
15:11:33.0863 2148 Netman - ok
15:11:33.0926 2148 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
15:11:33.0941 2148 netprofm - ok
15:11:34.0051 2148 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:11:34.0066 2148 NetTcpPortSharing - ok
15:11:34.0534 2148 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
15:11:35.0080 2148 NETw3v32 - ok
15:11:35.0860 2148 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:11:35.0860 2148 nfrd960 - ok
15:11:35.0985 2148 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
15:11:35.0985 2148 NlaSvc - ok
15:11:36.0094 2148 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
15:11:36.0094 2148 Npfs - ok
15:11:36.0188 2148 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
15:11:36.0188 2148 nsi - ok
15:11:36.0219 2148 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:11:36.0235 2148 nsiproxy - ok
15:11:36.0609 2148 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
15:11:36.0905 2148 Ntfs - ok
15:11:36.0937 2148 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:11:36.0983 2148 ntrigdigi - ok
15:11:37.0030 2148 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:11:37.0046 2148 Null - ok
15:11:38.0091 2148 nvlddmkm (cfddedc1151839dd71f78472645214a5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:11:38.0684 2148 nvlddmkm - ok
15:11:39.0542 2148 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
15:11:39.0557 2148 nvraid - ok
15:11:39.0604 2148 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
15:11:39.0604 2148 nvstor - ok
15:11:39.0776 2148 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
15:11:39.0776 2148 nv_agp - ok
15:11:39.0791 2148 NwlnkFlt - ok
15:11:39.0807 2148 NwlnkFwd - ok
15:11:40.0150 2148 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:11:40.0166 2148 odserv - ok
15:11:40.0228 2148 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
15:11:40.0228 2148 ohci1394 - ok
15:11:40.0400 2148 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:11:40.0400 2148 ose - ok
15:11:40.0696 2148 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:11:40.0883 2148 p2pimsvc - ok
15:11:40.0915 2148 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:11:40.0930 2148 p2psvc - ok
15:11:41.0008 2148 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:11:41.0024 2148 Parport - ok
15:11:41.0086 2148 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
15:11:41.0086 2148 partmgr - ok
15:11:41.0149 2148 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:11:41.0149 2148 Parvdm - ok
15:11:41.0211 2148 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
15:11:41.0227 2148 PcaSvc - ok
15:11:41.0320 2148 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
15:11:41.0320 2148 pci - ok
15:11:41.0383 2148 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
15:11:41.0398 2148 pciide - ok
15:11:41.0523 2148 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
15:11:41.0554 2148 pcmcia - ok
15:11:41.0835 2148 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:11:42.0053 2148 PEAUTH - ok
15:11:43.0005 2148 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
15:11:43.0301 2148 pla - ok
15:11:43.0988 2148 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
15:11:44.0003 2148 PlugPlay - ok
15:11:44.0159 2148 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:11:44.0175 2148 PNRPAutoReg - ok
15:11:44.0206 2148 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:11:44.0222 2148 PNRPsvc - ok
15:11:44.0471 2148 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
15:11:44.0487 2148 PolicyAgent - ok
15:11:44.0643 2148 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:11:44.0659 2148 PptpMiniport - ok
15:11:44.0721 2148 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
15:11:44.0752 2148 Processor - ok
15:11:44.0877 2148 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
15:11:44.0877 2148 ProfSvc - ok
15:11:44.0971 2148 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:11:44.0971 2148 ProtectedStorage - ok
15:11:45.0049 2148 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
15:11:45.0064 2148 PSched - ok
15:11:45.0657 2148 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
15:11:46.0359 2148 ql2300 - ok
15:11:46.0702 2148 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:11:46.0749 2148 ql40xx - ok
15:11:46.0999 2148 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
15:11:47.0030 2148 QWAVE - ok
15:11:47.0092 2148 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:11:47.0092 2148 QWAVEdrv - ok
15:11:47.0170 2148 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:11:47.0186 2148 RasAcd - ok
15:11:47.0435 2148 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
15:11:47.0451 2148 RasAuto - ok
15:11:47.0638 2148 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:11:47.0716 2148 Rasl2tp - ok
15:11:48.0278 2148 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
15:11:48.0325 2148 RasMan - ok
15:11:48.0403 2148 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
15:11:48.0418 2148 RasPppoe - ok
15:11:48.0559 2148 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
15:11:48.0559 2148 RasSstp - ok
15:11:48.0777 2148 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
15:11:48.0855 2148 rdbss - ok
15:11:48.0917 2148 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:11:48.0949 2148 RDPCDD - ok
15:11:49.0307 2148 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
15:11:49.0354 2148 rdpdr - ok
15:11:49.0417 2148 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:11:49.0417 2148 RDPENCDD - ok
15:11:49.0682 2148 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
15:11:49.0697 2148 RDPWD - ok
15:11:49.0822 2148 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
15:11:49.0869 2148 RemoteAccess - ok
15:11:50.0072 2148 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
15:11:50.0087 2148 RemoteRegistry - ok
15:11:50.0165 2148 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
15:11:50.0181 2148 RpcLocator - ok
15:11:50.0977 2148 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
15:11:50.0992 2148 RpcSs - ok
15:11:51.0101 2148 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:11:51.0117 2148 rspndr - ok
15:11:51.0211 2148 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:11:51.0226 2148 SamSs - ok
15:11:51.0460 2148 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:11:51.0491 2148 sbp2port - ok
15:11:51.0881 2148 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
15:11:51.0881 2148 SCardSvr - ok
15:11:52.0739 2148 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
15:11:52.0880 2148 Schedule - ok
15:11:52.0989 2148 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
15:11:52.0989 2148 SCPolicySvc - ok
15:11:53.0114 2148 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
15:11:53.0129 2148 SDRSVC - ok
15:11:53.0176 2148 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:11:53.0176 2148 secdrv - ok
15:11:53.0254 2148 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
15:11:53.0254 2148 seclogon - ok
15:11:53.0301 2148 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
15:11:53.0317 2148 SENS - ok
15:11:53.0769 2148 SepMasterService (7e2c360b6cc0d87b8ef38439b53dfc71) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
15:11:53.0769 2148 SepMasterService - ok
15:11:53.0847 2148 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
15:11:53.0847 2148 Serenum - ok
15:11:54.0034 2148 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
15:11:54.0050 2148 Serial - ok
15:11:54.0143 2148 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:11:54.0159 2148 sermouse - ok
15:11:54.0331 2148 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
15:11:54.0346 2148 SessionEnv - ok
15:11:54.0409 2148 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

glhglh, Aug 7, 2012

#31
glhglh TechSpot Maniac Posts: 323

15:11:54.0424 2148 sffdisk - ok
15:11:54.0502 2148 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
15:11:54.0502 2148 sffp_mmc - ok
15:11:54.0596 2148 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
15:11:54.0611 2148 sffp_sd - ok
15:11:54.0674 2148 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:11:54.0689 2148 sfloppy - ok
15:11:55.0189 2148 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
15:11:55.0204 2148 SharedAccess - ok
15:11:55.0532 2148 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
15:11:55.0532 2148 ShellHWDetection - ok
15:11:55.0641 2148 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
15:11:55.0688 2148 sisagp - ok
15:11:55.0766 2148 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
15:11:55.0781 2148 SiSRaid2 - ok
15:11:56.0031 2148 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
15:11:56.0093 2148 SiSRaid4 - ok
15:11:58.0714 2148 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
15:11:58.0777 2148 slsvc - ok
15:11:59.0479 2148 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
15:11:59.0494 2148 SLUINotify - ok
15:11:59.0603 2148 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
15:11:59.0619 2148 Smb - ok
15:12:00.0321 2148 SmcService (9fffea13a6181f1a92edbf023cdb6efd) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
15:12:00.0352 2148 SmcService - ok
15:12:00.0633 2148 SNAC (c83d26a2f51d8887b99acf86b7299716) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe
15:12:00.0649 2148 SNAC - ok
15:12:01.0288 2148 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
15:12:01.0288 2148 SNMPTRAP - ok
15:12:01.0429 2148 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:12:01.0444 2148 spldr - ok
15:12:01.0538 2148 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
15:12:01.0538 2148 Spooler - ok
15:12:02.0006 2148 SRTSP (d1646b3db1e401a7fce2f82547d0ce32) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SRTSP.SYS
15:12:02.0006 2148 SRTSP - ok
15:12:02.0162 2148 SRTSPX (ab26657d755cc81f073892d833de426b) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SRTSPX.SYS
15:12:02.0177 2148 SRTSPX - ok
15:12:02.0318 2148 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
15:12:02.0333 2148 srv - ok
15:12:02.0505 2148 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
15:12:02.0536 2148 srv2 - ok
15:12:02.0567 2148 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
15:12:02.0567 2148 srvnet - ok
15:12:02.0708 2148 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
15:12:02.0723 2148 SSDPSRV - ok
15:12:02.0864 2148 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
15:12:02.0864 2148 SstpSvc - ok
15:12:03.0519 2148 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
15:12:03.0613 2148 stisvc - ok
15:12:03.0706 2148 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:12:03.0706 2148 swenum - ok
15:12:03.0940 2148 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
15:12:04.0003 2148 swprv - ok
15:12:04.0081 2148 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:12:04.0081 2148 Symc8xx - ok
15:12:04.0346 2148 SymDS (4f52d56310fef75249914f352dde7d13) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMDS.SYS
15:12:04.0361 2148 SymDS - ok
15:12:04.0595 2148 SymEFA (6c30d676b806ed0324124c85146b46bc) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMEFA.SYS
15:12:04.0751 2148 SymEFA - ok
15:12:04.0829 2148 SymEvent (98d28d08e68145fb550ee7670b43baf2) C:\Windows\system32\Drivers\SYMEVENT.SYS
15:12:04.0829 2148 SymEvent - ok
15:12:04.0954 2148 SymIRON (057ac299d7a61bab2a1bdc483280ae57) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\Ironx86.SYS
15:12:04.0954 2148 SymIRON - ok
15:12:05.0235 2148 SYMTDIV (d42a7229e333af725f1445f785e4658d) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMTDIV.SYS
15:12:05.0703 2148 SYMTDIV - ok
15:12:05.0781 2148 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:12:05.0781 2148 Sym_hi - ok
15:12:05.0828 2148 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:12:05.0859 2148 Sym_u3 - ok
15:12:07.0466 2148 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
15:12:07.0700 2148 SysMain - ok
15:12:07.0918 2148 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
15:12:07.0918 2148 TabletInputService - ok
15:12:08.0043 2148 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
15:12:08.0137 2148 TapiSrv - ok
15:12:08.0277 2148 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
15:12:08.0277 2148 TBS - ok
15:12:11.0116 2148 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
15:12:11.0771 2148 Tcpip - ok
15:12:11.0818 2148 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
15:12:11.0834 2148 Tcpip6 - ok
15:12:11.0943 2148 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
15:12:11.0959 2148 tcpipreg - ok
15:12:12.0395 2148 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:12:12.0411 2148 TDPIPE - ok
15:12:12.0458 2148 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:12:12.0458 2148 TDTCP - ok
15:12:12.0629 2148 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
15:12:12.0629 2148 tdx - ok
15:12:13.0363 2148 Teefer2 (1734c9a8fa3b853a221a8d937e0e23b4) C:\Windows\system32\DRIVERS\Teefer.sys
15:12:13.0363 2148 Teefer2 - ok
15:12:13.0831 2148 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
15:12:13.0846 2148 TermDD - ok
15:12:15.0859 2148 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
15:12:15.0952 2148 TermService - ok
15:12:16.0061 2148 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
15:12:16.0077 2148 Themes - ok
15:12:16.0186 2148 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:12:16.0186 2148 THREADORDER - ok
15:12:16.0280 2148 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
15:12:16.0295 2148 TrkWks - ok
15:12:16.0389 2148 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
15:12:16.0389 2148 TrustedInstaller - ok
15:12:16.0498 2148 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:12:16.0498 2148 tssecsrv - ok
15:12:16.0592 2148 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:12:16.0623 2148 tunmp - ok
15:12:16.0685 2148 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
15:12:16.0701 2148 tunnel - ok
15:12:16.0748 2148 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
15:12:16.0779 2148 uagp35 - ok
15:12:16.0873 2148 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
15:12:16.0888 2148 udfs - ok
15:12:16.0966 2148 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
15:12:16.0982 2148 UI0Detect - ok
15:12:17.0029 2148 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
15:12:17.0044 2148 uliagpkx - ok
15:12:17.0122 2148 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
15:12:17.0122 2148 uliahci - ok
15:12:17.0325 2148 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:12:17.0325 2148 UlSata - ok
15:12:17.0731 2148 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:12:17.0731 2148 ulsata2 - ok
15:12:17.0777 2148 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:12:17.0777 2148 umbus - ok
15:12:17.0965 2148 UmRdpService (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll
15:12:17.0965 2148 UmRdpService - ok
15:12:18.0417 2148 Updater Service for StartNow Toolbar (87d6b7229afbba2ea523e28c5137c980) C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
15:12:18.0573 2148 Updater Service for StartNow Toolbar - ok
15:12:18.0682 2148 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
15:12:18.0713 2148 upnphost - ok
15:12:18.0854 2148 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
15:12:18.0869 2148 usbaudio - ok
15:12:18.0994 2148 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
15:12:19.0010 2148 usbccgp - ok
15:12:19.0135 2148 USBCCID (32c068eaf37c92d7194eee1faa1e7853) C:\Windows\system32\DRIVERS\usbccid.sys
15:12:19.0135 2148 USBCCID - ok
15:12:19.0213 2148 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:12:19.0244 2148 usbcir - ok
15:12:19.0369 2148 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
15:12:19.0384 2148 usbehci - ok
15:12:19.0556 2148 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
15:12:19.0556 2148 usbhub - ok
15:12:19.0649 2148 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:12:19.0649 2148 usbohci - ok
15:12:19.0696 2148 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
15:12:19.0712 2148 usbprint - ok
15:12:19.0868 2148 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:12:19.0868 2148 USBSTOR - ok
15:12:19.0977 2148 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:12:19.0977 2148 usbuhci - ok
15:12:20.0055 2148 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
15:12:20.0055 2148 UxSms - ok
15:12:20.0180 2148 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
15:12:20.0211 2148 vds - ok
15:12:20.0258 2148 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
15:12:20.0305 2148 vga - ok
15:12:20.0383 2148 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:12:20.0398 2148 VgaSave - ok
15:12:20.0617 2148 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
15:12:20.0632 2148 viaagp - ok
15:12:20.0726 2148 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
15:12:20.0726 2148 ViaC7 - ok
15:12:20.0788 2148 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
15:12:20.0788 2148 viaide - ok
15:12:20.0835 2148 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:12:20.0913 2148 volmgr - ok
15:12:21.0053 2148 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
15:12:21.0069 2148 volmgrx - ok
15:12:21.0631 2148 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
15:12:22.0426 2148 volsnap - ok
15:12:22.0535 2148 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
15:12:22.0894 2148 vsmraid - ok
15:12:24.0563 2148 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
15:12:24.0595 2148 VSS - ok
15:12:25.0109 2148 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
15:12:25.0125 2148 W32Time - ok
15:12:25.0250 2148 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:12:25.0250 2148 WacomPen - ok
15:12:25.0390 2148 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:12:25.0390 2148 Wanarp - ok
15:12:25.0390 2148 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:12:25.0406 2148 Wanarpv6 - ok
15:12:25.0687 2148 wbengine (20b23332885dfb93fe0185362ee811e9) C:\Windows\system32\wbengine.exe
15:12:25.0765 2148 wbengine - ok
15:12:25.0858 2148 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
15:12:25.0905 2148 wcncsvc - ok
15:12:25.0999 2148 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
15:12:26.0014 2148 WcsPlugInService - ok
15:12:26.0170 2148 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
15:12:26.0170 2148 Wd - ok
15:12:26.0264 2148 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:12:26.0295 2148 Wdf01000 - ok
15:12:26.0326 2148 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:12:26.0342 2148 WdiServiceHost - ok
15:12:26.0357 2148 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:12:26.0357 2148 WdiSystemHost - ok
15:12:26.0716 2148 Web Assistant Updater (efb3074bdbabe0a137d89d8e58f02392) C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
15:12:26.0794 2148 Web Assistant Updater - ok
15:12:26.0857 2148 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
15:12:26.0903 2148 WebClient - ok
15:12:27.0933 2148 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
15:12:28.0042 2148 Wecsvc - ok
15:12:28.0541 2148 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
15:12:28.0557 2148 wercplsupport - ok
15:12:28.0869 2148 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
15:12:28.0885 2148 WerSvc - ok
15:12:29.0212 2148 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
15:12:31.0412 2148 winachsf - ok
15:12:31.0833 2148 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
15:12:34.0875 2148 WinDefend - ok
15:12:34.0891 2148 WinHttpAutoProxySvc - ok
15:12:36.0965 2148 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
15:12:37.0012 2148 Winmgmt - ok
15:12:39.0633 2148 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
15:12:39.0758 2148 WinRM - ok
15:12:40.0928 2148 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
15:12:41.0053 2148 Wlansvc - ok
15:12:41.0131 2148 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:12:41.0131 2148 WmiAcpi - ok
15:12:41.0755 2148 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
15:12:41.0801 2148 wmiApSrv - ok
15:12:46.0294 2148 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:12:46.0887 2148 WMPNetworkSvc - ok
15:12:47.0449 2148 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
15:12:47.0464 2148 WPDBusEnum - ok
15:12:51.0380 2148 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:12:51.0427 2148 WPFFontCache_v0400 - ok
15:12:51.0661 2148 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:12:51.0661 2148 ws2ifsl - ok
15:12:51.0785 2148 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
15:12:51.0832 2148 wscsvc - ok
15:12:51.0832 2148 WSearch - ok
15:12:56.0231 2148 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
15:12:56.0777 2148 wuauserv - ok
15:12:58.0634 2148 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:12:58.0665 2148 WUDFRd - ok
15:12:58.0837 2148 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
15:12:58.0852 2148 wudfsvc - ok
15:12:58.0899 2148 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:13:00.0958 2148 \Device\Harddisk0\DR0 - ok
15:13:00.0958 2148 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR1
15:13:02.0596 2148 \Device\Harddisk1\DR1 - ok
15:13:02.0627 2148 Boot (0x1200) (19ed1f8a7a82eaef25a488b38142a1ca) \Device\Harddisk0\DR0\Partition0
15:13:02.0643 2148 \Device\Harddisk0\DR0\Partition0 - ok
15:13:02.0659 2148 Boot (0x1200) (219f82527275bce1d68b1f36baf336a1) \Device\Harddisk1\DR1\Partition0
15:13:02.0659 2148 \Device\Harddisk1\DR1\Partition0 - ok
15:13:02.0659 2148 ============================================================
15:13:02.0659 2148 Scan finished
15:13:02.0659 2148 ============================================================
15:13:02.0690 3184 Detected object count: 0
15:13:02.0690 3184 Actual detected object count: 0

Description:
A problem caused this program to stop interacting with Windows.
Files that help describe the problem:
C:\Users\garyh\AppData\Local\Temp\WER5FE1.tmp.hdmp
C:\Users\garyh\AppData\Local\Temp\WER6F8B.tmp.xml
Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409
If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

glhglh, Aug 7, 2012

#32
Broni Malware Annihilator Posts: 40,051 +187
Good

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

Double-click on the Rkill icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Broni, Aug 7, 2012

#33

glhglh likes this.
glhglh TechSpot Maniac Posts: 323

Combofix made it all the way through 50 stages. deleted many many many files (some I had recognized, and disabled in the Startup, prior to comming to you), rebooted, in the "preparing Log Report", Do not run any programs untio ComboFix has Finished.
"This application has requested the runtime to terminate in an unusual way. Please contact the application's support team for more information." in the combofix box

Also, a Windows box opened. "PEV.exe has stopped working"

a proglem caused the progtram to stop working correctly. Windows will close the program and notify you if a solution is available".

Shall I close?

glhglh, Aug 7, 2012

#34
Broni Malware Annihilator Posts: 40,051 +187

a Windows box opened. "PEV.exe has stopped working"

If you can simply OK that window and Combofix is still running let it run.
If not re-run Combofix from safe mode.

Broni, Aug 7, 2012

#35
glhglh TechSpot Maniac Posts: 323

ComboFix 12-08-07.03 - Benjamin 08/07/2012 16:36:34.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2045.1241 [GMT -7:00]
Running from: c:\users\Benjamin\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\bflixtoolbar
c:\program files\bflixtoolbar\chrome\content\lib\about.xml
c:\program files\bflixtoolbar\chrome\content\lib\dtxpanel.xul
c:\program files\bflixtoolbar\chrome\content\lib\dtxpanelwin.xul
c:\program files\bflixtoolbar\chrome\content\lib\dtxprefwin.xul
c:\program files\bflixtoolbar\chrome\content\lib\dtxtransparentwin.xul
c:\program files\bflixtoolbar\chrome\content\lib\dtxwin.xul
c:\program files\bflixtoolbar\chrome\content\lib\emailnotifierproviders.xml
c:\program files\bflixtoolbar\chrome\content\lib\external.js
c:\program files\bflixtoolbar\chrome\content\lib\neterror.xhtml
c:\program files\bflixtoolbar\chrome\content\lib\nsDragAndDrop.js
c:\program files\bflixtoolbar\chrome\content\lib\rsspreview.html
c:\program files\bflixtoolbar\chrome\content\lib\rsswin.xml
c:\program files\bflixtoolbar\chrome\content\lib\rsswin.xsl
c:\program files\bflixtoolbar\chrome\content\lib\vmncode.js
c:\program files\bflixtoolbar\chrome\content\lib\wmpstreamer.html
c:\program files\bflixtoolbar\chrome\content\modules\datastore.jsm
c:\program files\bflixtoolbar\chrome\content\neterror.xhtml
c:\program files\bflixtoolbar\chrome\content\newtab\images\btn_search.gif
c:\program files\bflixtoolbar\chrome\content\newtab\images\bullet.gif
c:\program files\bflixtoolbar\chrome\content\newtab\images\field_bg.gif
c:\program files\bflixtoolbar\chrome\content\newtab\images\powered_by_yahoo.gif
c:\program files\bflixtoolbar\chrome\content\newtab\newtab.html
c:\program files\bflixtoolbar\chrome\content\newtab\newtab_mystart.html
c:\program files\bflixtoolbar\chrome\content\newtab\newtab_yahoo.html
c:\program files\bflixtoolbar\chrome\content\preferences.xml
c:\program files\bflixtoolbar\chrome\content\toolbar.htm
c:\program files\bflixtoolbar\chrome\content\toolbar.xul
c:\program files\bflixtoolbar\chrome\content\vmncode.js
c:\program files\bflixtoolbar\chrome\content\vmnrsswin.xml
c:\program files\bflixtoolbar\chrome\data\dynamicElements\vmntoolbar.xsl
c:\program files\bflixtoolbar\chrome\data\product.xml
c:\program files\bflixtoolbar\chrome\data\rss\rss.xml
c:\program files\bflixtoolbar\chrome\data\search\engines.xml
c:\program files\bflixtoolbar\chrome\data\search\search.xsl
c:\program files\bflixtoolbar\chrome\data\weather\icons.xml
c:\program files\bflixtoolbar\chrome\skin\1x1_png
c:\program files\bflixtoolbar\chrome\skin\1x1_white_png
c:\program files\bflixtoolbar\chrome\skin\about.gif
c:\program files\bflixtoolbar\chrome\skin\about_logo.png
c:\program files\bflixtoolbar\chrome\skin\arcade_png
c:\program files\bflixtoolbar\chrome\skin\babylon_logo.png
c:\program files\bflixtoolbar\chrome\skin\bflix_logo_png
c:\program files\bflixtoolbar\chrome\skin\blank_png
c:\program files\bflixtoolbar\chrome\skin\bluelite.gif
c:\program files\bflixtoolbar\chrome\skin\bluesky.gif
c:\program files\bflixtoolbar\chrome\skin\btn-search-over.png
c:\program files\bflixtoolbar\chrome\skin\btn-search.png
c:\program files\bflixtoolbar\chrome\skin\btn-settings-over.png
c:\program files\bflixtoolbar\chrome\skin\btn-settings.png
c:\program files\bflixtoolbar\chrome\skin\btn-widgets-over.png
c:\program files\bflixtoolbar\chrome\skin\btn-widgets.png
c:\program files\bflixtoolbar\chrome\skin\btn_settings.png
c:\program files\bflixtoolbar\chrome\skin\ca.png
c:\program files\bflixtoolbar\chrome\skin\dictionary.png
c:\program files\bflixtoolbar\chrome\skin\divider.png
c:\program files\bflixtoolbar\chrome\skin\downloadcom.png
c:\program files\bflixtoolbar\chrome\skin\dtxlogo.png
c:\program files\bflixtoolbar\chrome\skin\email.png
c:\program files\bflixtoolbar\chrome\skin\email_on.png
c:\program files\bflixtoolbar\chrome\skin\facebook.png
c:\program files\bflixtoolbar\chrome\skin\facebook_png
c:\program files\bflixtoolbar\chrome\skin\games.png
c:\program files\bflixtoolbar\chrome\skin\Games_png
c:\program files\bflixtoolbar\chrome\skin\graphna.png
c:\program files\bflixtoolbar\chrome\skin\graphred0.png
c:\program files\bflixtoolbar\chrome\skin\graphred0_5.png
c:\program files\bflixtoolbar\chrome\skin\graphred1.png
c:\program files\bflixtoolbar\chrome\skin\graphred1_5.png
c:\program files\bflixtoolbar\chrome\skin\graphred2.png
c:\program files\bflixtoolbar\chrome\skin\graphred2_5.png
c:\program files\bflixtoolbar\chrome\skin\graphred3.png
c:\program files\bflixtoolbar\chrome\skin\graphred3_5.png
c:\program files\bflixtoolbar\chrome\skin\graphred4.png
c:\program files\bflixtoolbar\chrome\skin\graphred4_5.png
c:\program files\bflixtoolbar\chrome\skin\graphred5.png
c:\program files\bflixtoolbar\chrome\skin\graphredna.png
c:\program files\bflixtoolbar\chrome\skin\grey.gif
c:\program files\bflixtoolbar\chrome\skin\ico-shield.png
c:\program files\bflixtoolbar\chrome\skin\images.png
c:\program files\bflixtoolbar\chrome\skin\lfg_smll_png
c:\program files\bflixtoolbar\chrome\skin\lib\add.png
c:\program files\bflixtoolbar\chrome\skin\lib\alexabutton.css
c:\program files\bflixtoolbar\chrome\skin\lib\aol.png
c:\program files\bflixtoolbar\chrome\skin\lib\arrow-dn.gif
c:\program files\bflixtoolbar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files\bflixtoolbar\chrome\skin\lib\arrow-right.gif
c:\program files\bflixtoolbar\chrome\skin\lib\arrow-up.gif
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btn-divider.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btn-end.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btn-mdl.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btn-start.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btnover-divider.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btnover-end.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btnover-start.png
c:\program files\bflixtoolbar\chrome\skin\lib\blank.gif
c:\program files\bflixtoolbar\chrome\skin\lib\btn-widgets-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\btn-widgets.png
c:\program files\bflixtoolbar\chrome\skin\lib\btn_slider.png
c:\program files\bflixtoolbar\chrome\skin\lib\btnback-down-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\btnback-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\btnleft-down-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\btnleft-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\btnright-down-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\btnright-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\button-splitter-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\button-splitter.png
c:\program files\bflixtoolbar\chrome\skin\lib\checkmark.png
c:\program files\bflixtoolbar\chrome\skin\lib\chevron.png
c:\program files\bflixtoolbar\chrome\skin\lib\collapse.png
c:\program files\bflixtoolbar\chrome\skin\lib\comcast.png
c:\program files\bflixtoolbar\chrome\skin\lib\debugbar\debug.html
c:\program files\bflixtoolbar\chrome\skin\lib\dtx-test.css
c:\program files\bflixtoolbar\chrome\skin\lib\dtx.css
c:\program files\bflixtoolbar\chrome\skin\lib\edit-back-hot.png
c:\program files\bflixtoolbar\chrome\skin\lib\edit-back.png
c:\program files\bflixtoolbar\chrome\skin\lib\embarq.png
c:\program files\bflixtoolbar\chrome\skin\lib\expand.png
c:\program files\bflixtoolbar\chrome\skin\lib\fast.png
c:\program files\bflixtoolbar\chrome\skin\lib\found.png
c:\program files\bflixtoolbar\chrome\skin\lib\gmail.png
c:\program files\bflixtoolbar\chrome\skin\lib\gripper.png
c:\program files\bflixtoolbar\chrome\skin\lib\highlight.png
c:\program files\bflixtoolbar\chrome\skin\lib\highlight_blue.png
c:\program files\bflixtoolbar\chrome\skin\lib\highlight_cyan.png
c:\program files\bflixtoolbar\chrome\skin\lib\highlight_lime.png
c:\program files\bflixtoolbar\chrome\skin\lib\highlight_magenta.png
c:\program files\bflixtoolbar\chrome\skin\lib\highlight_yellow.png
c:\program files\bflixtoolbar\chrome\skin\lib\hotmail.png
c:\program files\bflixtoolbar\chrome\skin\lib\ico-check.png
c:\program files\bflixtoolbar\chrome\skin\lib\imap.png
c:\program files\bflixtoolbar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files\bflixtoolbar\chrome\skin\lib\launchers.css
c:\program files\bflixtoolbar\chrome\skin\lib\loadingMid.gif
c:\program files\bflixtoolbar\chrome\skin\lib\lock.png
c:\program files\bflixtoolbar\chrome\skin\lib\logo-separator.png
c:\program files\bflixtoolbar\chrome\skin\lib\mailcom.png
c:\program files\bflixtoolbar\chrome\skin\lib\menu_bg-basic.png
c:\program files\bflixtoolbar\chrome\skin\lib\menu_separator_bar.png
c:\program files\bflixtoolbar\chrome\skin\lib\menu_separator_white.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitem-splitter.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitemback-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitemleft-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitemleft.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitemright-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\minus.gif
c:\program files\bflixtoolbar\chrome\skin\lib\modify.png
c:\program files\bflixtoolbar\chrome\skin\lib\move.gif
c:\program files\bflixtoolbar\chrome\skin\lib\movetarget.png
c:\program files\bflixtoolbar\chrome\skin\lib\newsitem.gif
c:\program files\bflixtoolbar\chrome\skin\lib\panels\css\panels.css
c:\program files\bflixtoolbar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files\bflixtoolbar\chrome\skin\lib\panels\css\popupGames.css
c:\program files\bflixtoolbar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files\bflixtoolbar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\default.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\main.html
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files\bflixtoolbar\chrome\skin\lib\panels\footer.htm
c:\program files\bflixtoolbar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files\bflixtoolbar\chrome\skin\lib\panels\gameData.js
c:\program files\bflixtoolbar\chrome\skin\lib\panels\gameList.xsl
c:\program files\bflixtoolbar\chrome\skin\lib\panels\games.xsl
c:\program files\bflixtoolbar\chrome\skin\lib\panels\gametype.xsl
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-back.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-next.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-download.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-play.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\icon-download.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\icon-play.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollb.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollt.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\widgets.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\initHTML.html
c:\program files\bflixtoolbar\chrome\skin\lib\panels\popupGames.html
c:\program files\bflixtoolbar\chrome\skin\lib\panels\popupHTML.html
c:\program files\bflixtoolbar\chrome\skin\lib\panels\popupRSS.html
c:\program files\bflixtoolbar\chrome\skin\lib\panels\popupWidgets.html
c:\program files\bflixtoolbar\chrome\skin\lib\panels\scroll.png
c:\program files\bflixtoolbar\chrome\skin\lib\plus.gif
c:\program files\bflixtoolbar\chrome\skin\lib\pop.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\css\manager.css
c:\program files\bflixtoolbar\chrome\skin\lib\radio\css\slider.css
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\managerpanel.html
c:\program files\bflixtoolbar\chrome\skin\lib\radio\volumeslider.html
c:\program files\bflixtoolbar\chrome\skin\lib\rank0.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank0_5.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank1.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank1_5.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank2.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank2_5.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank3.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank3_5.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank4.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank4_5.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank5.png
c:\program files\bflixtoolbar\chrome\skin\lib\rankna.png
c:\program files\bflixtoolbar\chrome\skin\lib\reload.png
c:\program files\bflixtoolbar\chrome\skin\lib\remove.png
c:\program files\bflixtoolbar\chrome\skin\lib\rename.gif
c:\program files\bflixtoolbar\chrome\skin\lib\resize-box.gif
c:\program files\bflixtoolbar\chrome\skin\lib\rss.png
c:\program files\bflixtoolbar\chrome\skin\lib\rsschannelback.png
c:\program files\bflixtoolbar\chrome\skin\lib\RSSLogo.png
c:\program files\bflixtoolbar\chrome\skin\lib\rsstabdivider.gif
c:\program files\bflixtoolbar\chrome\skin\lib\scroll-left.png
c:\program files\bflixtoolbar\chrome\skin\lib\scroll-right.png
c:\program files\bflixtoolbar\chrome\skin\lib\search-go.png
c:\program files\bflixtoolbar\chrome\skin\lib\search.png
c:\program files\bflixtoolbar\chrome\skin\lib\separator.png
c:\program files\bflixtoolbar\chrome\skin\lib\text-ellipsis.xml
c:\program files\bflixtoolbar\chrome\skin\lib\throbber.gif
c:\program files\bflixtoolbar\chrome\skin\lib\toolbarsplitter.gif
c:\program files\bflixtoolbar\chrome\skin\lib\transparent_1px.gif
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton.css
c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-highrisk-user.gif
c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-highrisk.gif
c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-lowrisk.gif
c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-norating.gif
c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-verified-user.gif
c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-verified.gif
c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-verifying.gif
c:\program files\bflixtoolbar\chrome\skin\lib\yahoo.png
c:\program files\bflixtoolbar\chrome\skin\lichen.gif
c:\program files\bflixtoolbar\chrome\skin\Linked_in_png
c:\program files\bflixtoolbar\chrome\skin\logo-about.png
c:\program files\bflixtoolbar\chrome\skin\logo-over.png
c:\program files\bflixtoolbar\chrome\skin\logo-separator.png
c:\program files\bflixtoolbar\chrome\skin\logo.png
c:\program files\bflixtoolbar\chrome\skin\mail.png
c:\program files\bflixtoolbar\chrome\skin\menuseparatorback.gif
c:\program files\bflixtoolbar\chrome\skin\modify-save.png
c:\program files\bflixtoolbar\chrome\skin\modify.png
c:\program files\bflixtoolbar\chrome\skin\modifyhot.png
c:\program files\bflixtoolbar\chrome\skin\music.png
c:\program files\bflixtoolbar\chrome\skin\music_png
c:\program files\bflixtoolbar\chrome\skin\Myspace_png
c:\program files\bflixtoolbar\chrome\skin\namespacetoolbar.css
c:\program files\bflixtoolbar\chrome\skin\news.png
c:\program files\bflixtoolbar\chrome\skin\options-main.png
c:\program files\bflixtoolbar\chrome\skin\options-search.png
c:\program files\bflixtoolbar\chrome\skin\orange.gif
c:\program files\bflixtoolbar\chrome\skin\p_yahoo.png
c:\program files\bflixtoolbar\chrome\skin\pixsy.png
c:\program files\bflixtoolbar\chrome\skin\ppcbully.png
c:\program files\bflixtoolbar\chrome\skin\protect-id.png
c:\program files\bflixtoolbar\chrome\skin\relatedlinks.png
c:\program files\bflixtoolbar\chrome\skin\rss-collapse.png
c:\program files\bflixtoolbar\chrome\skin\rss-delete.png
c:\program files\bflixtoolbar\chrome\skin\rss-expand.png
c:\program files\bflixtoolbar\chrome\skin\rss-feed.png
c:\program files\bflixtoolbar\chrome\skin\rss-folder-remove.png
c:\program files\bflixtoolbar\chrome\skin\rss-folder-rename.png
c:\program files\bflixtoolbar\chrome\skin\rss-folder.png
c:\program files\bflixtoolbar\chrome\skin\rss-found.png
c:\program files\bflixtoolbar\chrome\skin\rss-reload.png
c:\program files\bflixtoolbar\chrome\skin\rss-subscribe.png
c:\program files\bflixtoolbar\chrome\skin\rss.png
c:\program files\bflixtoolbar\chrome\skin\rssback.gif
c:\program files\bflixtoolbar\chrome\skin\rsstopback.gif
c:\program files\bflixtoolbar\chrome\skin\search-over.png
c:\program files\bflixtoolbar\chrome\skin\search.png
c:\program files\bflixtoolbar\chrome\skin\settings.png
c:\program files\bflixtoolbar\chrome\skin\shopping.png
c:\program files\bflixtoolbar\chrome\skin\siteinfo.png
c:\program files\bflixtoolbar\chrome\skin\skin-bluelite.png
c:\program files\bflixtoolbar\chrome\skin\skin-bluesky.png
c:\program files\bflixtoolbar\chrome\skin\skin-grey.png
c:\program files\bflixtoolbar\chrome\skin\skin-lichen.png
c:\program files\bflixtoolbar\chrome\skin\skin-orange.png
c:\program files\bflixtoolbar\chrome\skin\skin-yellow.png
c:\program files\bflixtoolbar\chrome\skin\skin.xml
c:\program files\bflixtoolbar\chrome\skin\technorati.png
c:\program files\bflixtoolbar\chrome\skin\throbber.gif
c:\program files\bflixtoolbar\chrome\skin\toolbarsplitter.png
c:\program files\bflixtoolbar\chrome\skin\translate.png
c:\program files\bflixtoolbar\chrome\skin\TRUSTe_about.png
c:\program files\bflixtoolbar\chrome\skin\tv_png
c:\program files\bflixtoolbar\chrome\skin\twitter_png
c:\program files\bflixtoolbar\chrome\skin\vmn.css
c:\program files\bflixtoolbar\chrome\skin\vmn.png
c:\program files\bflixtoolbar\chrome\skin\Weather_png
c:\program files\bflixtoolbar\chrome\skin\web.png
c:\program files\bflixtoolbar\chrome\skin\websearch.png
c:\program files\bflixtoolbar\chrome\skin\wikipedia.png
c:\program files\bflixtoolbar\chrome\skin\yahoosearch.png
c:\program files\bflixtoolbar\chrome\skin\yellow.gif
c:\program files\bflixtoolbar\chrome\skin\youtube.png
c:\program files\bflixtoolbar\chrome\skin\zoom.png
c:\program files\bflixtoolbar\install.ico
c:\program files\bflixtoolbar\manifest.xml
c:\program files\bflixtoolbar\partner.xml
c:\program files\bflixtoolbar\uninstall.exe
c:\program files\bflixtoolbar\vmntemplate.dll
c:\program files\bflixtoolbar\vmntemplateX.dll
c:\program files\FREEzeFrog
c:\program files\Incredibar.com
c:\program files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe
c:\program files\Incredibar.com\incredibar\1.5.11.14\inCRedibartlbr.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
c:\program files\QuestScan
c:\program files\StartNow Toolbar
c:\program files\StartNow Toolbar\Reactivate.exe
c:\program files\StartNow Toolbar\ReactivateFF.exe
c:\program files\StartNow Toolbar\Resources\images\btn-msn.png
c:\program files\StartNow Toolbar\Resources\images\chevronButton.png
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\separator.png
c:\program files\StartNow Toolbar\Resources\images\splitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\skin\separator.png
c:\program files\StartNow Toolbar\Resources\skin\splitter.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Resources\update.xml
c:\program files\StartNow Toolbar\search_protect.exe
c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files\StartNow Toolbar\Toolbar32.dll
c:\program files\StartNow Toolbar\ToolbarBroker.exe
c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files\StartNow Toolbar\uninstall.dat
c:\program files\StartNow Toolbar\XBrowser.dll
c:\program files\Web Assistant\ExTEnsion32.dll
c:\programdata\QuestScan
c:\users\Benjamin\AppData\Roaming\app
c:\users\Benjamin\AppData\Roaming\app\Jerakine_lang.dat
c:\users\Benjamin\AppData\Roaming\app\Jerakine_lang_vesrion.dat
c:\users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
c:\users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\System Fix.lnk
c:\users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\hosts.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\injection_button.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\popups.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\printerExternalAccessFF.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\components\tellSvc.dll
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\chrome.manifest
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\chrome\content\background.html
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\chrome\content\browser.xul
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\chrome\content\crossrider.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\chrome\content\crossriderapi.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\chrome\content\dialog.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\chrome\content\options.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\chrome\content\options.xul
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\chrome\content\search_dialog.xul
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\chrome\content\update.html
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\defaults\preferences\prefs.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome.manifest
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\background.html
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\browser.xul
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\crossrider.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\crossriderapi.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\dialog.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\options.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\options.xul
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\search_dialog.xul
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\update.html
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\defaults\preferences\prefs.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\install.rdf
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\locale\en-US\translations.dtd
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\button1.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\button2.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\button3.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\button4.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\button5.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\crossrider_statusbar.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\icon24.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\icon48.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\panelarrow-up.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\popup.css
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\popup.html
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\popup_binding.xml
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\skin.css
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\update.css
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\install.rdf
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\locale\en-US\translations.dtd
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\button1.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\button2.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\button3.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\button4.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\button5.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\crossrider_statusbar.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\icon128.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\icon16.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\icon24.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\icon48.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\panelarrow-up.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\popup.css
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\popup.html
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\popup_binding.xml
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\skin.css
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\update.css
c:\users\Benjamin\Desktop\System Fix.lnk

glhglh, Aug 7, 2012

#36
glhglh TechSpot Maniac Posts: 323

.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))
.
.
2012-08-07 23:55 . 2012-08-08 00:01 -------- d-----w- c:\users\Benjamin\AppData\Local\temp
2012-08-07 23:55 . 2012-08-07 23:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-07 23:55 . 2012-08-07 23:55 -------- d-----w- c:\users\glh\AppData\Local\temp
2012-08-05 16:53 . 2012-08-05 16:53 -------- d-----w- C:\tdsskiller
2012-08-04 20:15 . 2012-08-04 20:15 -------- d-----w- C:\FRST
2012-08-04 05:06 . 2012-08-04 05:13 -------- d-----w- C:\sewf8374ljk
2012-07-18 02:12 . 2012-07-18 02:12 -------- d-----w- c:\users\Benjamin\AppData\Local\Proxure
2012-07-18 02:11 . 2012-07-18 02:11 -------- d-----w- c:\programdata\ClubSanDisk
2012-07-17 21:53 . 2012-07-17 21:53 -------- d-----w- c:\program files\Oracle
2012-07-17 21:52 . 2012-07-06 05:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-17 21:47 . 2012-07-17 21:47 -------- d-----w- c:\programdata\McAfee
2012-07-13 23:47 . 2012-08-07 23:53 -------- d-----w- c:\program files\Web Assistant
2012-07-13 23:46 . 2012-07-13 23:46 -------- d-----w- c:\users\Benjamin\AppData\Local\Codec-V
2012-07-13 23:45 . 2012-08-01 20:04 -------- d-----w- c:\program files\Codec-V
2012-07-13 01:46 . 2012-07-13 01:46 -------- d-----w- c:\programdata\Graboid Inc
2012-07-12 14:51 . 2012-07-31 23:51 9821896 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-07-11 10:22 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 21:33 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-10 21:33 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 21:33 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-10 21:33 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-10 21:33 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-10 21:33 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-31 23:51 . 2012-04-04 15:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-31 23:51 . 2011-06-06 22:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 05:06 . 2011-04-11 20:13 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-02 22:19 . 2012-06-22 19:07 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-22 19:08 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 19:08 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 19:07 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 19:07 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 19:08 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 19:08 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 19:07 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-22 19:07 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-20 00:58 . 2011-09-02 05:46 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CrossRiderPlugin"="c:\program files\CrossriderWebApps\Crossrider.exe" [2011-05-15 478720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CrossRiderPlugin]
2011-05-15 22:01 478720 ----a-w- c:\program files\CrossriderWebApps\Crossrider.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExpressFiles]
2012-01-17 03:38 326776 ----a-w- c:\program files\ExpressFiles\ExpressFiles.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-06-23 06:11 116648 ----atw- c:\users\Benjamin\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2011-06-30 10:11 2648184 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 23:51]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3175613772-2373492689-2895465435-1001Core.job
- c:\users\Benjamin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-23 06:11]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3175613772-2373492689-2895465435-1001UA.job
- c:\users\Benjamin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-23 06:11]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6R8yUwZmOv&&I=26&search=
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8yUwZmOv&loc=IB_TB&I=26&search=
FF - user.js: extensions.incredibar_i.id - b6c58df10000000000000019d2c91e5d
FF - user.js: extensions.incredibar_i.instlDay - 15534
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1416:48
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8yUwZmOv
FF - user.js: extensions.incredibar_i.upn2n - 92824700789347371
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10650
FF - user.js: extensions.incredibar_i.ppd - 169%5F2
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SEP - c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll
SafeBoot-ccEvtMgr
SafeBoot-ccSetMgr
SafeBoot-Symantec Antivirus
SafeBoot-Symantec Antvirus
MSConfigStartUp-StartNow Search Protect - c:\program files\StartNow Toolbar\search_protect.exe
MSConfigStartUp-XeroxRegistation - c:\users\Benjamin\AppData\Local\Temp\Xerox\EReg\EReg.exe
AddRemove-bflixtoolbar - c:\program files\bflixtoolbar\uninstall.exe
AddRemove-incredibar - c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-07 17:02
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SepMasterService]
"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SmcService]
"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2012-08-07 17:32:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-08 00:32
.
Pre-Run: 93,118,554,112 bytes free
Post-Run: 99,949,010,944 bytes free
.
- - End Of File - - 4A0A7BFFF991F4CAD8059F484D0D49A0

glhglh, Aug 7, 2012

#37
Broni Malware Annihilator Posts: 40,051 +187
Looks good

How is computer doing?

==================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Broni, Aug 7, 2012

#38
glhglh TechSpot Maniac Posts: 323

Working much better. The screen (this is a notbook), still goes blank after about 2 seconds. This may be a hardware problems, or just need updated drivers. I'll follow the next directions.

glhglh, Aug 7, 2012

#39
glhglh TechSpot Maniac Posts: 323

mbam won't load. error, host not found. mouse is floating all over. rebooting. try again to load? or go on to otl?

glhglh, Aug 7, 2012

#40

Page 2 of 4

Add New Comment

	TechSpot Members Login or sign up for free, it takes about 30 seconds.			You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.